hackers steal keys to generate certificates. “One was made out to Hitler”

hackers steal keys to generate certificates. “One was made out to Hitler”
hackers steal keys to generate certificates. “One was made out to Hitler”

The cryptographic keys that allow you to generate the green pass that can be used in all countries of the European Union have been stolen and with them false documents have been created that are perfectly valid when verified with the official apps. A worrying flaw in the system, therefore, even if the real extent of the theft and the damage it may have caused at European level is not yet clear.

It is not known which country, or countries, have suffered the compromise of their computer systems, but it seems that the theft started from France and Poland. It is clearer, however, how the theft was discovered: from Tuesday evening, two green passes in the name of Adolf Hitler began circulating on Twitter, on specialized sites and on industry forums, with the only difference being the date of birth. Although it was a hoax, the passes had a QR code which, if scanned with the official app of the Ministry of Health Verification C19, was valid. And, therefore, usable.

The checks carried out in Italy by the National Cybersecurity Agency, by the bodies and ministries concerned and by the Postal Police have given some answers, even if there are still many points to be clarified. The first is, in fact, that someone would have stolen some keys that allow you to create the green pass, each of which can activate more green certifications, and did not do so in Italy: in fact, the first investigative investigations and intelligence information do not show cyber attacks on Sogei, the company that in our country provides the codes with which green certificates are generated.

The other hypothesis is that someone has misused the key itself. The authorities decided to immediately block the keys that were stolen. A move that, as a result, invalidated all the green passes generated with those codes since each certificate issued by a single country of the Union communicates with a central database where there are all the keys that generate them. To better define the contours of the entire affair, a cybersecurity summit has been convened.

Last updated: Thursday 28 October 2021, 09:14



hackers steal keys generate certificates Hitler

NEXT Coronavirus Lazio: vaccine reservations and today’s bulletin, 1 December