“It looks like this is the same person as the infamous ComodoHacker”, he said, adding that the internet user base is likely to see further CA hacks in the future.
“We are still talking about 500 or so CAs out there,” he explained on a conference call with analysts and researchers this week, noting that the DigiNotar CA hack was industrial espionage that has the potential to have the same effect on the industry as the Stuxnet malware.
Schouwenberg also gently criticised Microsoft for its handling of the certificate revocation.
As reported previously, Microsoft last week revoked all DigiNotar certificates on the Windows platform, issuing an immediate patch to remediate the problem. However, in order to prevent chaos for Dutch Windows users, the software giant delayed the rollout of the revocation patch for Ditch users until Tuesday of this week.
According to Schouwenberg, it has been interesting to note that some of the PCs in his New York office have been slow in being updated by Microsoft, whilst some machines in the Netherlands have updated ahead of the Netherlands delayed update for the DigiNotar certificate revocation.
And, he went on to say, he suspects there may have been other CA hacks that the IT industry has not yet discovered, as with 500 CAs out there “you cannot expect them not to have been compromised.”
Whilst some experts have been talking about implementing a re-architecture of the certificate system, the Kaspersky Lab researcher said that these options – whilst they are worth discussing – would almost certainly result in greater bandwidth and resource usages on the internet.
For this reason, he told his webcast audience, they are unlikely to be implemented in the shorter term.