The Dutch government said Tuesday that it was widening its investigation into an Internet security breach in an effort to learn whether the private data of Dutch citizens, many of whom file income tax returns online, had been compromised.
The Dutch data protection agency has asked the government security contractor at the center of the controversy, DigiNotar, to report whether the integrity of special digital certificates that guarantee the authenticity of interactions with government computers had been breached.
“We are hoping to receive an answer from DigiNotar within a few days,” said Harriet Garvelink, a spokeswoman for the agency in The Hague, who said the request was made Friday.
The hacking scandal in the Netherlands, one of the most digitally advanced countries in Europe, erupted last week when DigiNotar disclosed that hackers had broken into its systems in July and issued fraudulent digital certificates, which are used to verify the authenticity of Web sites. An independent report released Monday traced the origin of the breach to Iran.
“DigiNotar found evidence on July 28th that rogue certificates were verified by Internet addresses originating from Iran,” said the report prepared by Fox-IT, a company hired by the government to investigate the breaches.
Google said last week that users of its services “primarily located in Iran” may have been affected by the use of fraudulent certificates issued by DigiNotar. These could allow a hacker to intercept information moving between a user and a service like Gmail that appeared to be secure.
The Fox-IT report said that DigiNotar discovered 333 fraudulent “rogue certificates” circulating from July 19 to July 28, many of which were for the sites of major Internet companies. The company subsequently revoked and invalidated the certificates.
The Dutch interior minister, Piet Hein Donner, told members of Parliament on Tuesday that the government so far had no evidence that the hackers had used the certificates to obtain the personal information of Dutch citizens from government sites.
Vincent van Steen, a spokesman for Mr. Donner, said the interior ministry was working to learn more about how the intrusion occurred and how to prevent a future attack. “This matter shows us how vulnerable we are,” Mr. van Steen said.
Several security experts have speculated that the Iranian government may have orchestrated the hacking, which would have required the control of an Internet service provider, to spy on dissidents. The Iranian government has not commented on the situation.
DigiNotar, a unit of the American company Vasco Data Security International, has been criticized by Dutch lawmakers for not immediately informing the government of the certificate theft. Dutch prosecutors told The Associated Press on Tuesday that they were investigating DigiNotar for possible criminal negligence.
Vasco said in a statement that it was cooperating with the Dutch government.
Article source: http://www.nytimes.com/2011/09/07/technology/dutch-widen-probe-into-hacking-of-official-sites.html?partner=rss&emc=rss