Dutch SSL Certificate Provider Gemnet Investigates Website Compromise

Gemnet, a Dutch company that provides SSL certificates for the Dutch government, has closed down its website after it was compromised by a hacker who found sensitive information on the server hosting it.

According to Webwereld, the hacker was able to break into gemnet.nl through a phpMyAdmin installation that wasn't password-protected. PhpMyAdmin is a popular software utility that facilitates the administration of MySQL databases through a Web interface.

The hacker took control of the server and accessed confidential information about the company's secure network, forcing KPN, the company that owns Gemnet, to temporarily shut down the website and launch an investigation.

KPN rejected the claims that its network has been put at risk because of this incident in a public statement and said that the hacker was only able to gain access to publicly available information.

The company also pointed out that Gemnet does not issue digital certificates. However, while this might be true, Gemnet CSP, a separate company controlled by KPN, does issue certificates for the Dutch government, and its website was also taken offline following the incident.

KPN did not immediately reply to a request for information about the decision to shut down gemnetcsp.nl as well. Before being taken offline, the website informed visitors that Gemnet CSP helps government and public sector organizations to increase the reliability of electronic data by providing certificates that can be used for authentication, identification, encryption and digital signing.

The Dutch government noticed the incident and launched an investigation to determine the nature of the compromise. Dutch Interior Ministry spokesman Vincent van Steen confirmed the existence of a probe, but declined to reveal any additional details pending its results.

This is not the first time that a company that provides digital certificates for the Dutch government has been compromised. In August Dutch certificate authority DigiNotar announced that a hacker broke into its network and issued fraudulent certificates for a number of high-profile domains, including Google and Hotmail.

Following the incident, the Dutch government revoked all DigiNotar certificates and the company's main CA certificate was blacklisted in browsers and OSes.

At the beginning of November, KPN temporarily suspended digital certificate issuing for another of its subsidiaries, Getronics, after the company found traces of a four-year-old compromise on one of its servers.

(With reporting by Brenno de Winter at Webwereld, an IDG Netherlands publication)

Subscribe to the Security Watch Newsletter

Comments