The majority of users probably feel safe upon seeing the padlock on their browser window which would seem to indicate it's secure and safe to communicate with an e-mail account or a bank. While SSL is better than nothing, we also know it certainly does not stop man-in-the-middle (MITM) attacks. More or less, we trust our browsers to silently accept trustworthy digital certificates from a Certificate Authority (CA) so that we can trust that a site to which we surfed is the authentic and actual site. But with compromised CAs, the cyberthugs behind the rogue certificates can impersonate the HTTPS traffic for those sites. Think of how many people use Google, Skype, or Yahoo. This was big, folks!
It can be extremely involved to wrap your brain around Certificate Authorities (CA), how they work, and how the system is flawed. An attacker with fake certificates and access to a target's Internet connection can launch a MITM attack, thereby making it possible to eavesdrop, observing and/or recording all encrypted web traffic to the compromised site while the user is clueless to what is happening. Even if it's not your Big Brother, someone's Big Brother was in their browser and handing out certified lies. Thank goodness there are people like Jacob Appelbaum watching out for us to spot fraudulent CAs.
Security researcher and Tor developer Jacob Appelbaum did great investigating and then a wonderful write up on the CA compromise and near cover-up of several fraudulent certs. Appelbaum, also known as ioerror on Twitter, discovered the CA compromise in the wild. He writes, "Last week, a smoking gun came into sight: A Certification Authority appeared to be compromised in some capacity, and the attacker issued themselves valid HTTPS certificates for high-value web sites. With these certificates, the attacker could impersonate the identities of the victim web sites or other related systems, probably undetectably for the majority of users on the internet."
He contacted Google and Mozilla, but was held to an embargo about the disclosure. The compromised certificates were issued by USERTRUST Network which is part of Comodo. Google had patched Chrome last week and Mozilla managed to include the blacklist in Firefox 4. When Mozilla blogged about the issue, so did Applebaum - which included a detailed explanation as well as suspecting "this action was taken by a state level adversary."
After Comodo finally issued a statement, it confirmed that Appelbaum's suspicions were true. His update states that the CA compromise "was a targeted attack by a state level actor and they [Comodo] have named Iran as the country they suspect....In the details of their statement we have a confirmation that they have the ability to monitor and thus surveille people who wish to know if certificates are valid."
According to the Internet Storm Center SANS, the targets included Microsoft's login.live.com, Google's mail.google.com, www.google.com, login.yahoo.com (3 certificates), login.skype.com, addons.mozilla.com, and "Global Trustee."
US-Cert also posted a notification of the fraudulent SSL certificates and Microsoft released a security advisory about the fraudulent digital certificates which can allow spoofing. Before Comodo released a statement, there was speculation on Hacker News that it might be the Chinese government. Although the IPs were from an ISP in Iran, who can say for absolutely certain right now who it was, either the Iranian government or another state-sponsored actor trying to make it look like Iran?
As Appelbaum wrote, "Blocking specific serial numbers or relying on flawed, provably broken methods of revocation will simply not cut it anymore. When the actual protection mechanisms are not enforced, there is little hope of end users being protected....This should serve as a wake up call to the internet. We need to research, build, and share new methods for ensuring trust, identity, authenticity, and confidentiality on the internet....Certification Authorities may continue to provide a piece of the puzzle but it's high time we ensure that they're not the alpha and the omega, anymore."
All encrypted streams are susceptible to spying by cyberthugs or governments which could possibly cost activists their lives. Electronic surveillance is happening all the time and maybe to you. There are plugins like Perspectives, Monkeysphere, CertPatrol, and Petnames that allow a user to validate site keys, but it is much more work and effort than most users want or are willing to go to. The EFF SSL Observatory project has a map [PDF] of "the 650-odd organizations that function as Certificate Authorities trusted (directly or indirectly) by Mozilla or Microsoft." Take one look at it, and it's no wonder the issue of CAs practically require several college degrees to comprehend.
EFF's Senior Staff Technologist Seth Schoen has written about these issues, including, "Behind the Padlock Icon: Certificate Authorities' Mysterious Role in Internet Security." Security researchers Christopher Soghoian and Sid Stamm have reported before on certified lies, spy certs that governments could get via "court orders" to give them access to falsified cryptographic credentials, thereby giving Big Brother surveillance access through users' browsers. I also highly recommend reading It's Time to Fix HTTPS.