gradient background

GlobalSign Press Release

Security Response

 

September 15 2011, 12pm GMT - We are now bringing customers back online in a controlled way, we appreciate the patience as we work through the account reactivation and order backlog. We apologize, but there will be some delays returning some specific services to normal operation.


 

September 13 2011, 1pm GMT - We would like to address a specific claim relating to "demo" Certificates being "issued freely". Such "demo" Certificates are UNTRUSTED test Certificates and are not part of the publicly trusted GlobalSign PKI. Test Certificates are already untrusted by browsers, essentially identical to untrusted self signed Certificates. Such untrusted Certificates pose no security threat and can be generated by any webserver software or control panel.


 

September 11 2011, 4pm GMT - We thank everyone again for your continued support during the reactivation process. We will be bringing system components back on line on monday during a sequenced startup, but we do not foresee that customers will be able to process orders until Tuesday morning. We sincerely apologise for the extra delay. More updates will follow if the situation changes.


 

September 10 2011: GlobalSign is working with Cyber Defense Institute Japan (http://www.cyberdefense.jp/en/) as part of the reactivation process.


 

September 09 2011, 7pm GMT - Today we found evidence of a breach to the web server hosting the www website. The breached web server has always been isolated from all other infrastructure and is used only to serve the www.globalsign.com website. At present there is no further evidence of breach other than the isolated www web server. As an additional precaution, we continue to monitor all activity to all services closely. The investigation and high threat approach to returning services to normal continues.

All forensics are being shared with the authorities and other CAs to assist with their own investigations into other potentially related attacks.


 

September 09 2011, 2pm GMT- We have received several requests to explain terminology used by CAs, particularly what is meant by the GlobalSign root being offline. By "offline" we mean that the Root CA Certificate is not connected to any network of any type. Root Key Material is physically (geographically) separate from any networked systems and is only ever exercised in controlled, and physically sealed offline ceremonies.


 

September 08 2011, 5:25pm GMT: Update - We will start bringing services back online on Monday. We have already stated that we deem this to be an industry wide threat due to the mention of multiple CAs. We are adopting a high threat approach to bringing services back online and we are working with a number of organisations to audit the process of bringing the services back online. We apologise again for the delay.

We would like to take the opportunity to explain that the GlobalSign CA root was created offline, and always has been offline. Any claim of the Comodohacker to holding a private key does not refer to the GlobalSign offline root CA. The investigation also continues.


 

September 08 2011, 4pm GMT: Update - We deem these claims to represent an industry wide attack. At this time we continue with our investigation and precautionary measures. We thank our customers, and the industry as a whole, for supporting the difficult decision to halt issuance while these steps are taken. We will update again as soon as we release a defined timeline to reactivate our services.


 

September 07 2011: 5pm GMT: Update - The appointment of Fox-IT is a precautionary measure as we continue to assess the Comodohacker's claims.


 

September 07 2011: Today, GlobalSign has officially announced the appointment of Fox-IT to assist with investigations into the claimed breach. Fox-IT is the Dutch cybersecurity experts hired to investigate the compromise of the Dutch CA DigiNotar and therefore already have a wealth of current knowledge and experience of the hacker.


 

September 06 2011: On Sep 5th 2011 the individual/group previously confirmed to have hacked several Comodo resellers, claimed responsibility for the recent DigiNotar hack. In his message posted on Pastebin, he also referred to having access to 4 further high profile Certificate Authorities, and named GlobalSign as one of the 4.

GlobalSign takes this claim very seriously and is currently investigating. As a responsible CA, we have decided to temporarily cease issuance of all Certificates until the investigation is complete. We will post updates as frequently as possible.

We apologize for any inconvenience.

About GMO GlobalSign

Established in 1996 and as a WebTrust accredited public certificate authority, GlobalSign offers publicly trusted SSL Certificates, EV SSL, Managed SSL Services, S/MIME email security and Code Signing for use on all platforms including mobile devices. Its Trusted Root solution uses the widely embedded GlobalSign Root CA certificates to provide immediate PKI trust for Microsoft Certificate Services and internal PKI, eliminating the costs of using untrusted Root Certificates. Its partnership with Adobe to provide Certified Document Services (CDS) enables secure digitally signed PDF documents, certified transcripts and e-invoices. These core Digital Certificate solutions allow its thousands of authenticated customers to conduct secure online transactions, data transfer, distribution of tamper-proof code, and protection of online identities for secure email and access control. The company has a history of innovation within the online security industry and has offices in the US, UK, Belgium, Japan, and China.

GMO Internet Group

GMO Internet Group is one of the most comprehensive providers of industry-leading Internet services worldwide. As well as domain registration, web hosting, ecommerce, and payment processing businesses that each hold the top share in their respective markets in Japan, services operated by the group include Internet advertising, search engine marketing and research. Global online security brand GlobalSign and major Japanese online securities brokerage, GMO CLICK Securities are also group members. In 2011 a new Social Media & Smartphone Platform segment was established bringing together group initiatives in social apps development, flash marketing and Android apps distribution. GMO Internet, Inc. (TSE: 9449) is headquartered in Tokyo, Japan. Please visit www.gmo.jp/en for more information.

For further details please contact:

Press & Analyst Relations
GlobalSign
+603-570-7060 / 1-877-775-4562
press@globalsign.com

Live Chat