We use cookies to provide you with a better experience. If you continue to use this site, we'll assume you're happy with this. Alternatively, click here to find out how to manage these cookies

hide cookie message
80,259 News Articles

Dutch SSL certificate provider Gemnet investigates website compromise

The website of Dutch SSL certificate provider Gemnet was taken offline after a hacker gained access to the server

Gemnet, a Dutch company that provides SSL certificates for the Dutch government, has closed down its website after it was compromised by a hacker who found sensitive information on the server hosting it.

According to Webwereld, the hacker was able to break into gemnet.nl through a phpMyAdmin installation that wasn't password-protected. PhpMyAdmin is a popular software utility that facilitates the administration of MySQL databases through a Web interface.

The hacker took control of the server and accessed confidential information about the company's secure network, forcing KPN, the company that owns Gemnet, to temporarily shut down the website and launch an investigation.

KPN rejected the claims that its network has been put at risk because of this incident in a public statement and said that the hacker was only able to gain access to publicly available information.

The company also pointed out that Gemnet does not issue digital certificates. However, while this might be true, Gemnet CSP, a separate company controlled by KPN, does issue certificates for the Dutch government, and its website was also taken offline following the incident.

KPN did not immediately reply to a request for information about the decision to shut down gemnetcsp.nl as well. Before being taken offline, the website informed visitors that Gemnet CSP helps government and public sector organizations to increase the reliability of electronic data by providing certificates that can be used for authentication, identification, encryption and digital signing.

The Dutch government noticed the incident and launched an investigation to determine the nature of the compromise. Dutch Interior Ministry spokesman Vincent van Steen confirmed the existence of a probe, but declined to reveal any additional details pending its results.

This is not the first time that a company that provides digital certificates for the Dutch government has been compromised. In August Dutch certificate authority DigiNotar announced that a hacker broke into its network and issued fraudulent certificates for a number of high-profile domains, including Google and Hotmail.

Following the incident, the Dutch government revoked all DigiNotar certificates and the company's main CA certificate was blacklisted in browsers and OSes.

At the beginning of November, KPN temporarily suspended digital certificate issuing for another of its subsidiaries, Getronics, after the company found traces of a four-year-old compromise on one of its servers.

(With reporting by Brenno de Winter at Webwereld, an IDG Netherlands publication)


IDG UK Sites

Best camera phone of 2015: iPhone 6 Plus vs LG G4 vs Galaxy S6 vs One M9 vs Nexus 6

IDG UK Sites

In defence of BlackBerrys

IDG UK Sites

Why we should reserve judgement on Apple ditching Helvetica in OS X/iOS for the Apple Watch's San...

IDG UK Sites

Retina 3.3GHz iMac 27in preview: Apple cuts £400 of price of Retina iMac with new model