The cyber attack on DigiNotar, a Dutch subsidiary of VASCO Data Security International Inc, is much more serious than previously thought. Last July hackers gained access to the network and infrastructure of several of DigiNotar's CAs. Once inside, they generated hundreds of forged certificates for third party domains.

With these certificates hackers can potentially syphon off user login credentials by spoofing a legitimate site, complete with a functioning but forged SSL-certificate, apparently issued by DigiNotar.

The forged certificates match domains of the U.S. Central Intelligence Agency, the Israeli secret service Mossad and the British spy agency MI6. On top of that the hackers created false certificates of other CA's like VeriSign and Thawte, in an attempt to also misuse their trusted position in securing Internet communications.

The partial list of domains with forged certificates by Gervase Markham, programmer at Mozilla. Sources close to the investigation into the DigiNotar hack that the list is authentic. Chrome engineer Adam Langley also told Webwereld Google has the same list.

Later, the Dutch public broadcaster NOS published for which false certificates were issued. Among them are Google, Yahoo, Microsoft and Skype, as well as numerous sites popular among Iranian dissidents. The cyber attackers even created fake certificates with messages praising the Iranian Revolutionary Guard, NOS reported.