Netherlands-based digital certificate authority DigiNotar announced Aug. 30 it was breached, and although it said it expected the "impact of the breach of DigiNotar's SSL and EVSSL business to be minimal," repercussions are now being felt across government websites.

DigiNotar's initial assessment appears to have downplayed the severity of the hack and overlooked a compromised certificate--one of what now appears to be several dozen fraudulent certificates--used by the Dutch government. The Netherlands uses DigiNotar for web services such as its tax e-file system, university enrollment and organ donation. 

On Sept. 3, the Dutch government told the Associated Press that it could not guarantee the security of its own websites. The government did not state that users should forgo using the sites altogether, but courts have advised lawyers to use fax and snail mail instead of email, reports the Wall Street Journal.

The Dutch government announced Sept. 2, it would ban and replace all DigiNotar certificates, but in a Sept. 6 press conference the Netherlands' Minister of the Interior Piet Hein Donner backtracked, saying that withdrawing certificates immediately could cause significant damage.

"It particularly concerns the fully automated communication between computers," Donner said, according to a translation provided by PCWorld. Withdrawing certificates could disturb or block machine-to-machine communication, he explained. It's now phasing in migration to new certificates, report PCWorld.

Microsoft (NASDAQ: MSFT), Google (NASDAQ: GOOG) and Adobe have taken action to block certificates hosted by DigiNotar. Mozilla said Sept. 8 it would give certificate authority companies a week to improve their security. An anonymous hacker, using the alias Ich Sun in a post on Pastebin, is claiming responsibility of the DigiNotar hack, as well as breaches of Global Sign, StartCom and Comodo. The hacker has threatened more hacks are imminent.

Related Articles:
Anonymous are script kiddies, says DHS 
China suspected in Operation Shady RAT hacks 
Continuous monitoring at State Dept. has weaknesses, says GAO