The government is looking into whether Iran was involved in the possible hacking of official Dutch websites following the theft of digital security certificates from IT company DigiNotar, according to news reports on Monday.
On Saturday the Dutch government said it ‘cannot guarantee the security of its own websites’ following the incident in which over 500 fake security certificates were issued. More details are due to be sent to parliament in a special briefing this week.
DigiNotar’s systems were hacked in mid-July and according to website Computerworld.com, the 500 certificates also include ones for intelligence services like the CIA, Mossad and MI6.
Hackers can use the stolen certificates to set up fake websites, ‘fooling users into thinking they are on a legitimate site, when in fact their communications are being secretly intercepted’, Computerworld.com says.
Google has pointed the finger at Iran, saying that attacks using a stolen Google.com certificate had targeted Google users in that country. However, it is not clear if any fake websites have been set up using the stolen certificates so far.
Google and Mozilla said at the weekend they will permanently block all the digital certificates issued by DigitNotar. This would appear to mean people using these browsers will find it more difficult to access Dutch government websites.
However, the government says government websites will remain in use because they have an extra security layer, according to the tax office website.
Dutch employers organisation VNO-NCW has told companies which use DigiNotar certificates to move to a new security company as soon as possible.
DigiNotar has been widely criticised for failing to disclose the security breach until six weeks after it discovered it and for not revealing the full extent of the damage.