MI6 targeted in DigiNotar hack
MI6, the CIA and Facebook were all targeted following a hack on certificate authority DigiNotar.


UK intelligence body MI6 was one of over 500 organisations targeted by hackers who compromised certificate authority (CA) DigiNotar.
When DigiNotar confirmed it was hacked last week, it was believed only a handful of fake SSL certificates were issued. A list from the Dutch Government has shown 531 rogue certificates were actually issued, including one for MI6 website sis.gov.uk.
Other targeted sites included the CIA, Facebook, Google, Skype, Twitter and WordPress.
The Dutch Government confirmed it is looking into reports Iran was responsible for the hacks. The Dutch interior ministry said Government websites may not be safe due to the DigiNotar hack, according to the Daily Telegraph.
The consequences of the attack on DigiNotar will far outweigh those of Stuxnet.
"The damage sustained to the Dutch Government IT infrastructure is quite significant. A lot of services are no longer available," said Roel Schouwenberg, Kaspersky Lab expert, in a blog post.
"Effectively, communications have been disrupted. Because of this, one could make an argument the attack is an act of cyberwar."
Get the ITPro daily newsletter
Sign up today and you will receive a free copy of our Future Focus 2025 report - the leading guidance on AI, cybersecurity and other IT challenges as per 700+ senior executives
He said any suggestion the Iranian Government was involved was "all speculation" right now.
"Any kind of hints found in the registered certificates could well be decoys. I remain with my stance that a government operation is the most plausible scenario," he added.
VASCO Data Security International, DigiNotar's parent company, said on Friday it wanted to work with the Dutch Government on identifying who was responsible.
"It is our firm belief that cooperating with VASCO is the right decision for the Dutch Government. We are convinced that together we will solve this issue," said Ken Hunt, VASCO's chairman and chief executive (CEO).
Schouwenberg also called on Apple to revoke affected CAs from its list of trusted services, as other tech giants like Google, Microsoft and Mozilla have done. DigiNotar may not be the only compromised CA "out there," the security expert warned.
Schouwenberg suggested the DigiNotar attack could be even more significant than the emergence of the highly sophisticated Stuxnet malware.
"The attack on DigiNotar doesn't rival Stuxnet in terms of sophistication or coordination," he said.
"However, the consequences of the attack on DigiNotar will far outweigh those of Stuxnet. The attack on DigiNotar will put cyberwar on or near the top of the political agenda of Western governments."
Tom Brewster is currently an associate editor at Forbes and an award-winning journalist who covers cyber security, surveillance, and privacy. Starting his career at ITPro as a staff writer and working up to a senior staff writer role, Tom has been covering the tech industry for more than ten years and is considered one of the leading journalists in his specialism.
He is a proud alum of the University of Sheffield where he secured an undergraduate degree in English Literature before undertaking a certification from General Assembly in web development.
-
Security experts issue warning over the rise of 'gray bot' AI web scrapers
News While not malicious, the bots can overwhelm web applications in a way similar to bad actors
By Jane McCallion Published
-
Does speech recognition have a future in business tech?
Once a simple tool for dictation, speech recognition is being revolutionized by AI to improve customer experiences and drive inclusivity in the workforce
By Jonathan Weinberg Published
-
Leaked Nvidia certificates used to sign malware bypassing Windows detection
News Windows admins are advised to implement custom policies to avoid seemingly legitimate malware making its way into corporate environments
By Connor Jones Published
-
GoDaddy data breach exposes over 1.2 million customer details
News Attacker had access to admin passwords for over two months
By Danny Bradbury Published
-
Why is SSL under attack?
In-depth Don't get sidetracked by a storm in the SSL teacup, warns Davey Winder...
By Davey Winder Published
-
Facebook warns of new Superfish threat
News The fake security certificate used by the Lenovo-installed adware can be re-used by hackers, says social network
By Joe Curtis Published
-
OS X Mavericks update to fix major security flaw in Macs
News Apple follows iOS 7 update with Mac OS X Mavericks patch to address encryption issues.
By Caroline Donnelly Published
-
Who to trust after the VeriSign hack?
In-depth Davey Winder questions what data was stolen from VeriSign and wonders why the company hasn't been more forthcoming.
By Davey Winder Published
-
SSL under threat as flaw exploited
News Fears over the security credentials of SSL rise after researchers claim to have found a way to exploit a long-known vulnerability.
By Tom Brewster Published
-
Major SSL encryption flaw hits the web
News Tech companies using SSL have some serious work to do to fix a big hole that could leave internet users at risk.
By Asavin Wattanajantra Published