You are here: Home Contents V18 N3 V18N3_Bell.html
Personal tools

The Condro Group Hack: Infiltrating — A Case Study



Full text

Journal of Information Systems Security
Volume 18, Number 3 (2022)
Pages 177184
ISSN 1551-0123 (Print)
ISSN 1551-0808 (Online)
Christopher Bell — Virginia Commonwealth University, USA
Information Institute Publishing, Washington DC, USA




A hacker breached the website of Condro Group, Inc, a collection of privately held companies that specialize in computer software and SSL certificate products, whose primary function is to serve as a Certificate Authority. The hacker wiped all access logs and shut down the application server Microsoft IIS used to run the website and stole the website's entire database of more than 400 accounts used to authenticate against the website. Furthermore, two separate external backup HDDs were wiped. The entire breach took less than 15 minutes. Recognizing that it had had placed too much trust in RAs whose network security they did not oversee, Condro immediately implemented IP address restriction and hardware-based two-factor authentication. Two weeks later, a separate registration authority suffered a similar attack, believed to be from the same perpetrator. However, the new security measures were able to protect against this attack




Access logs; Business-validated certificates; Hacker; IP addresses; RHs.