DigiNotar hack made possible as 30 software updates were ignored
Sunday 18 November 2012
Last year’s hack of Dutch digital security company DigiNotar was due to aging software which was at least 30 updates out of date, website nu.nl reported on Sunday.
In addition, news of the hack only became public knowledge a month after the site had been disabled, documents obtained by nu.nl using freedom of information show.
The information comes from research carried out by internet security firm ITsec on behalf of DigiNotar before the hack was in the public domain.
DigiNotar's systems were hacked in mid-July 2011 and over 500 website security certificates were stolen, including ones for intelligence services like the CIA, Mossad and MI6. Experts said at the time they thought Iran was behind the attack and that Iranian dissidents were the main target.
A preliminary report for the government by internet research group Fox-IT into DigiNotar also revealed the company used old software and did not have sufficient security measures in place.
The ITsec report said DigiNotar was using a content management system made by DotNetNuke dating from March 2008 and that the company had warned of a serious leak in May that year. This is the leak that hackers were able to use because 30 updates had been ignored.