Analysis of ‘Operation Black Tulip’: Certificate authorities lose authority

The Agency releases its analysis of the Diginotar- ‘Operation Black Tulip’ case, where a digital certificate authority suffered a cyber-attack.

In the attack, false certificates were created for hundreds of websites, including Google and Skype. Reports indicate that the cyber-attack started in mid-June, and that for two months, false certificates were used to eavesdrop on users in Iran. In its new analysis, the Agency identifies three major issues, and suggests remedies to these.

The Agency has analysed the ‘Operation Black Tulip’ cyber attack and issued recommendations on how to mitigate security concerns with certification authorities. 

Taken from http://www.enisa.europa.eu/media/news-items/analysis-of-2018operation-black-tulip2019-certificate-authorities-lose-authority