Security News

No, the NSA was not behind the DigiNotar hack

No, the NSA was not behind the DigiNotar hack: According to the slide depicted above, a GCHQ program called “FLYING PIG” (SSL profiling) was used to identify a foreign intelligence service (“FIS” in intelligence-speak) that used the stolen private keys to launch a man-in-the-middle attack. It’s highly unlikely that the identified foreign intelligence service refers to the NSA, because both agencies are working together very closely.  I think we can put the speculations to rest that the DigiNotar hack was either the work of the NSA, or exploited by the NSA. Though, I don’t want to completely rule out that second possibility that the NSA or GCHQ exploited the hack to perform a MITM attack themselves, but there’s absolutely no proof to be found in these slides.