AMSTERDAM (Reuters) - Dutch telecoms firm KPN said on Tuesday its IT unit, Getronics, has won new business from customers after hackers stole security certificates from Dutch IT firm DigiNotar, a business rival.
DigiNotar, which is part of U.S.-listed VASCO Data Security International, and Getronics sell security certificates which guarantee the authenticity of a website.
KPN is one of a few firms in the Netherlands which can issue the certificates, KPN spokeswoman Renee Schnitzler said, adding that Getronics has sold “hundreds” of certificates to government and industry clients in the past few days.
KPN declined to give financial details of the new business.
The Dutch government said late on Monday that about 300,000 Internet users in Iran have been spied on last month by one or several hackers who stole security certificates from DigiNotar.
Using a stolen certificate the hacker, or hackers, monitored people who visited Google.com, could steal their passwords and could obtain access to other services such as Facebook and Twitter, Dutch IT firm Fox-IT said in a report commissioned by DigiNotar and cited by the Dutch government.
A certificate guarantees that a web surfer is securely connected but a stolen certificate enables a hacker to pretend a web surfer is securely connected to a website without the surfer knowing he is being monitored.
Google said in its security blog on August 29 that it had received reports of attacks on Google users, that “the people affected were primarily located in Iran,” and that the attacker used a fraudulent certificate issued by DigiNotar.
DigiNotar’s systems were hacked and security certificates were stolen for several domains.
The Dutch government is still investigating the hacking, and the public prosecutor has also just launched a separate investigation, government spokesman Vincent van Steen said on Tuesday.
Van Steen added that the investigation would follow up Dutch media reports that a hacker had claimed responsibility on a website.
The report by Dutch IT firm Fox-IT listed several Dutch government ministries and companies whose DigiNotar digital certificates were compromised, including Dutch state-owned grid operator TenneT and the Ministry of Justice.
The report also includes a list of recipients of fraudulent DigiNotar certificates including Google, Skype, Microsoft, Facebook, as well as intelligence services in the United Kingdom, United States and Israel.
Reporting by Roberta B. Cowan; Editing by Sara Webb