Public Statement on Darkhotel Issue
KASPERSKY REPORT “THE DARKHOTEL APT; A STORY OF UNUSUAL HOSPITALITY version 1.0”
We are referring to the latest report by Kaspersky Lab’s Global Research and Analysis Team that was produced in November 2014 with the title of “THE DARKHOTEL APT; A STORY OF UNUSUAL HOSPITALITY version 1.0”. The report has affected several CAs around the globe including Digicert Malaysia.
The Darkhotel APT has been recognized as a form of attack to target high-profile figures with bad intention while leveraging hotel’s wifi network that has weak security of implementation. As part of the attack process, it has been reported that attacker has been duplicating OLD and revoked certificates of several CAs including Digicert Malaysia.
The report made reference to Digicert Malaysia’s OLD and REVOKED 512-bits certificate under the product name of Digisign Server ID (Enrich) to sign its malware.
We would like to emphasize that the issuance of Digisign Server ID (Enrich) had been stopped by Digicert Malaysia since 2011. All related SSL certificates have been revoked and are no longer valid. Since early 2012, Digicert uses Entrust SSL certificates. All SSL certificates are now being issued by Entrust with stronger key implementation of 2048-bits.
We would like to conclude here that Digicert Malaysia is not part of the Darkhotel APT ecosystem. We adhere to the highest security measures aligned with laws and regulations that have been enforced by our Controller of Certificate Authorities, Malaysian Communications and Multimedia Commission (MCMC).
To ensure our security assurance, we have implemented International Best Practices and Standards for our CA and business operations. We are also certified with WebTrust and ISMS (ISO/IEC 27001:2013).
Digicert Malaysia, November 2014