The public prosecution department has begun an investigation into events at internet security firm DigiNotar to find out if it should be held responsible for the security breakdown covering hundreds of websites, home affairs minister Piet Hein Donner told reporters on Monday evening.

DigiNotar’s systems were hacked in mid-July and over 500 website security certificates, including ones for intelligence services like the CIA, Mossad and MI6, were stolen. Experts think Iran was behind the attack and that Iranian dissidents were the main target.
Hackers can use the stolen certificates to set up fake websites, ‘fooling users into thinking they are on a legitimate site, when in fact their communications are being secretly intercepted’, Computerworld.com said.
Security
A preliminary report for the government by internet research group Fox-IT into DigiNotar has revealed the company used old software and did not have sufficient security measures in place.
‘The successful hack implies that the current network setup and or procedures at DigiNotar are not sufficiently secure to prevent this kind of attack,’ the Fox-IT report said.
‘The most critical servers contain malicious software that can normally be detected by anti-virus software.The separation of critical components was not functioning or was not in place…
‘The software installed on the public web servers was outdated and not patched. No antivirus protection was present on the investigated servers…’
Several days
The incident means that internet-based government communication with the public is no longer guaranteed. Users attempting to access affected sites will get a security warning until new security certificates have been issued.
Donner said it would take several days before internet users could be sure the websites they visit are safe. The government is working intensively with the cyber security council, employers organisations and various software firms to solve the problems, he said.
The Fox-IT report also shows close to 300,000 unique IP addresses from Iran requested access to google.com – a fake website using a rogue certificate issued by DigiNotar – may have been compromised, PC World reported.
For the AP report on this, click here