ENISA | EU | Operation Black Tulip - certificate authorities lose authority (PDF linked from this page)
From the document:
“DigiNotar, a digital certificate authority (CA), recently suffered a cyber-attack which led to its bankruptcy. In the attack false certificates were created for hundreds of websites, including Google and Skype. Once the incident was made public, the Dutch government and browser vendors took steps to limit the impact of the attack. But Fox-IT suggests in their investigation report that the cyber-attack had already started in mid-June and that for almost two months false certificates were used to eavesdrop on email and web browsing in Iran. […] The Diginotar attack was an attack on the foundations of secure electronic communications (email, web browsing, web services). The above-mentioned issues should be addressed by industry and governments, to guarantee the security of service in the digital society.”
