česky | english
History of Risks & Threat Events to CAs and PKI
In Risk Management terms, History refers to the series of attack events that are documented and examinable, for the purpose of validating threat attack models.
This is an ongoing effort to document those events that have been reasonably seen as attacks and threats relevant to the CA and the usage of certificates. The purpose of this page is to help risk assessments validate their threat models against recorded events.
Only attacks with whose existence is established by sufficiently reliable reporting are listed here. Consequences need to be identifiable, but they do not need to be against any specific party. To some extent, where we set the bar is difficult to justify because we lack a clear history of user damages, and those that do the damage are not talking. However, some history is better than none.
1995
2001
2003
2006
2007
2008
2009
2010
2011
2012
2013
2014
2015
2016
2017
The above index indicates first known deployment which is a very uncertain measurand in secret affairs. However, in history, date is always first, so the above timeline is updated as new information comes in.
History
1995 Wikipedia writes: Early versions of Netscape's SSL encryption protocol used pseudo-random quantities derived from a PRNG seeded with three variable values: the time of day, the process ID, and the parent process ID. These quantities are often relatively predictable, and so have little entropy and are less than random, and so that version of SSL was found to be insecure as a result. The problem was reported to Netscape in 1994 by Phillip Hallam-Baker, then a researcher in the CERN Web team, but was not fixed prior to release. The problem in the running code was discovered in 1995 by Ian Goldberg and David Wagner who had to reverse engineer the object code because Netscape refused to reveal the details of its random number generation (security through obscurity). That RNG was fixed in later releases (version 2 and higher) by more robust (i.e., more random and so higher entropy from an attacker's perspective) seeding. Consequences. None reported beyond media and academic embarrassment.
2001. False certs. An unknown party used weaknesses in validation to get two certificates issued in the name of Microsoft.com (Guerin). The attacker was thought to be of the reputational variety: interested in embarrassment of CA not exploitation.
2003. Phishing. This attack bypasses the security afforded by certificates due to weaknesses in the secure browsing model (Grigg1). The existence of an unsecured mode of communication (HTTP) alongside a secure mode (HTTPS) provides an easy borders-of-the-map or downgrade attack, which user interfaces offer little resistance against. Consequences: Best guesstimate runs at around $100m per annum (FC 1343).
2006. Dual_EC. The NSA caused the supply of bad number generators to industry (Anatomy of a NSA intervention), possibly impacting the signing of certificates. Short story: in the early 2000s, NIST standardised the approach for generating random numbers as a Special Publication 800-90 (SP800-90). This approach included a number of standard stretchers as the third phase in a collector/mixer/stretcher design. NSA designed and pushed a particular approach based on 2 elliptic curves, which was accepted as Dual_EC within SP800-90 in 2006. ISO (International Standards Organisation) followed suit (iso18031). NSA then coordinated and/or directly influenced at least one major supplier in the USA to make Dual_EC the default for all products shipped by that supplier. In 2007, Dual_EC was shown to be suspicious. In 2013, Snowden's revelations pointed the finger at a NIST 2006 product, and within a month, NIST withdrew endorsement over Dual_EC. The supplier immediately followed. Consequences: no evidence of direct breaches as yet, only indirect reputation effects. The supplier's credibility is ruined because it did not act when the warnings were clear, and instead followed NIST's lead without question (and/or under influence of government contracts). This supplier was a major player in the CA industry. Broader questions are raised about the entire crypto supply industry of the USA (Where do we stand?), NIST's role in crypto standards, and all FIPS-certified cryptographic products as they were typically required to use SP800-90 (Greene). Which includes most HSMs used to generate CA keys and sign certificates. This is no single event, consequences are spread as early as 2006 (shipments) to 2013 (confirmation) and probably later as default users will take a long time to switch away from Dual_EC.
Debian RNG. A change made to OpenSSL RNG code in 2006 dramatically reduced entropy used to generate keys in Debian-based distributions of Linux (including Ubuntu) which was used on some desktops and many small business servers (Wikipedia). Consequences. When discovered in May 2008, rework included a massive regeneration of keys, including X.509 certificate keys, and then subsequent re-issuance of certs. No hacks known as yet?
2007.1. Flame. A malware called Flame was signed by a Microsoft sub-CA that was perverted by means of an older algorithm MD5 (arstechnica). The sub-CA was also wrongly approved for code-signing. The signature was attacked and a new signature forged onto a new certificate that signed the malware (wikipedia1, Stevens).
"Using a technique from [25] dubbed counter- cryptanalysis, it was found that the certificate was generated by a chosen-prefix collision attack on MD5, i.e., an attack that extends two prefixes P and P′ with suffixes S and S′ such that P∥S and P′∥S′ have the same hash value: a collision. Although the attack seems to be based on the same principles as published collision attacks, such as the attack by Wang et al. from [29] and the attack by Stevens et al. from [26], it has not been published before." Fillinger)
The malware was produced by Operation OlympicGames (NSA, CIA, Israel) against Iran's nuclear project (wikipedia2, wapo), see also Stuxnet. The certificate was apparently attacked in 2009 but the malware was in circulation as early as 2007 (skywiper). Consequences: Damages to Iran are unknown as yet. As it was an intelligence-gathering malware, it is hard to attribute damages directly. Microsoft revoked 3 sub-CAs in a security update effecting all distributions.
2007.2. Stuxnet. Two code-signing certificates, stolen from two separate chip manufacturers in Taiwan, were used to sign drivers that were installed as part of a rootkit to infect Windows machines (Krebs), (Wikipedia1). The overall goal was a highly targetted sabotage of Iranian centrifuges engaged in production of high-grade nuclear material. Stuxnet was actually two attacks with the same goal, but different methods (Langner), the first in 2007 or before, the second in 2009. Consequences: Various estimates suggested that Stuxnet succeeded in knocking out and perhaps destroying some 1000 centrifuges, estimated at 10% of Iran's centrifuge capacity (ISIS) and delaying Iran's weapon building program by 1.5-2 years (NYT20120601.2, Langner). DEBKA suggests the damage is far more severe and sweeping than first reported, effecting and targetting thousands or even millions of significant computers (DEBKA1), and carrying on into 2012 (DEBKA2). Claims have been made that collateral damage effected other similar plants in Russia (kaspersky). Attack was part of Operation OlympicGames (NSA, CIA, Israel) (NYT, wapo, Wired, IBT/DerSpiegel, FP), see also Flame and Regin1, Regin2.
2008.1. Interface breach. One CA created a false certificate for a vendor by probing the RA of a competitor for weaknesses (Leyden). Consequences: limited to lowered reputations for all of those involved.
2008.2. Weak root. An academic group succeeded in attacking a CA with weak cryptographic protections in its certificates (Sotirov et al). This resulted in the attackers acquiring a signed certificate over two keys, one normal and one that acted as a sub-root. This gave them the ability to sign new certificates that would be accepted by major vendors. Consequences: as the root that was attacked was slated to be removed within the month, consequences were limited. Faster rollout of the new root, perhaps a few certificate re-issuances and reputation damage.
2009 Etisalat's mass surveillance attack. A CA/telco signed a false certificate for a mobile network operator, signed a firmware update, and delivered it to all mobile subscribers in its network (pcworld). The attack worked because the mobile's software accepted any update from any channel signed by any CA in the rootlist of the device (post-PRISM). The firmware update contained spyware that registered phone details (including the PIN) and forwarded all emails on demand to Etisalat (Blackberrycool-1). It was spotted within a week because the spyware was delivered through unexpected channels, and it drained the battery of the mobile. The spyware was supplied by SS8 (Blackberrycool-2), an American company specialising in legal intercepts. Consequences: 140,000 subscribers were annoyed by battery draining and having to install / run anti-virus. Compromise of secret emails, and secret PINs. Damage to reputation for Etisalat (spying on customers), SS8 (crappy code) and RIM (poor security).
2009 Duqu. A malware signed with a valid but abused signature, from the same family as Flame and Stuxnet. Its purpose is "to be used for espionage and targeted attacks against sites such as Certificate Authorities (CAs)" (mcafeee) and "one of Duqu's actions is to steal digital certificates (and corresponding private keys, as used in public-key cryptography) from attacked computers to help future viruses appear as secure software." (wikipedia1). Duqu was fingered against a Hungarian CA (The//Intercept) and operated from 2009 to 2011, when unearthed in a hack on a secure firm in Hungary. Duqu is thought to be operated by Israel (Wired). Consequences: unknown, difficult to quantify as damage appears to be limited, and the malware was self-cleaning.
Critical cert. A developer's laptop used to sign HP distros in 2010 was breached, a malware inserted itself into the signing process, got signed, then mailed itself back home Krebs. The malware wasn't used on HP, instead it was discovered 4 years later by Symantec. Meanwhile the certificate expired, but the cert holder still plans to revoke the certificate, and is expecting support issues as the revoked certificate blocks various and many packages. The base plan is to re-sign, but this does not apply to recovery partitions which can reset software back to factory config. Consequences: No direct damages reported. Indirectly, it could cause chaos if packages actually take the revocation seriously.
Playstation. The ECDSA private key for signing PlayStation games was hacked due to not using random numbers in the DSA signatures over games (Wikipedia). Consequences. In theory, the crack means that homebrew developers can sign their own games and bypass the control monopoly over games distribution, with consequent lowering of revenues to Sony and insider game developers. Beyond that?
2010 Regin. GCHQ attacked Belgacom with spearphishing QuantumInsert to insert Regin malware (TheIntercept, f-secure). Malware was signed but the certs were just pretending to be Microsoft code-signing certs. Presumably people would be tricked into thinking these were real certs and Microsoft protection was just buggy. Regin was fingered to be part of 5eyes hacktool kit qwerty. Consequences. Internal systems were breached, customer private communications was grabbed. "Belgacom invested several million dollars in its efforts to clean-up its systems and beef-up its security after the attack. However, [some] believe parts of the GCHQ malware were never fully removed."
2010 APT RSA-RI provided a case study of a multiple-APT (Advanced Persistent Threat) attack on a company that traced back to 2010. Two trojans were found being validly digitally signed by x.509 certificates (Case Study). "Digitally signed malware is rare, and implies a higher level of sophistication from an adversary." Consequences. The case study revealed no consequences, which weakened the effect of the report.
2011.1. False certs. A claimed-lone Iranian attacker, ichsunx2, breached approximately 4 CAs. His best success was to use weaknesses in an Registration Authority to acquire 9 certificates for several high profile communications sites (Zetter). It was claimed that the attacker operated under the umbrella of the Iranian state but no evidence for that was forthcoming. Consequences. No known user damages. Browser vendors revoked-by-patch ioerror.
Same CA also suffered a "compromise of its ‘UTN-USERFirst- Hardware’ certificate" which signed directly 85k certificates including 50 intermediate CAs, bringing it up to a total market-impact of 120k domains (WEIS 2013 Asghari et al). Consequences: unknown, the total market patch is interesting but not germane as yet.
2011.2. DigiNotar. The same attacker, icksunx2, breached a Dutch CA and issued 531 certificates (wikipedia). The CA’s false certs were first discovered in an attack on Google’s gmail service, suggested to be directed against political activists opposed to the Iran government. Controls within the CA were shown to be grossly weak in a report by an independent security auditor (FOX-IT1, FOX-IT3, also see enisa report), and the CA filed for bankrupcy protection (perhaps for that reason). Vendors discovered that revocation was not an option, and issued new browsers that blocked the CA in code. Consequences: Rework by google, and vendor-coordinated re-issuance of software to all browser users. Potential for loss of confidentiality of activists opposed to Iranian government. Many Netherlands government agencies had to replace their certificates. Tantalising hint from Brazil case that the CA may have been hacked by NSA. GCHQ reported MITMs against google (DerSpiegel-GCHQ).
2011.3. Certificate Stealing. 3 separate incidents indicate that certificates are now worth stealing. Infostealer.Nimkey is a malware distributed through traditional spam/phishing channels (Yahoo). Once it infects, it searches the victim computer for keys and sends them to a server in China. Duqu is a variant of Stuxnet that used a stolen code-signing cert to install drivers (Wikipedia2). From inspection of the malware, the attack was variously quoted as IP/data collection/espionage, stealing keys, or attacking CAs (McAfee). Identity fraud of some form was used to get a valid certificate issued in the name of a company by intercepting the verification communications to that company's employee (F-secure). Consequences: Re-issuance of certificates and reviews of security. In none of these 3 cases were any direct damages assessed.
2011.4. Spear Phishing. A group of 9 certificates were identified in targetted malware injection attacks (FOX-IT2). As the certificates were all alleged to be only 512 bits, the conjecture is that new private keys were crunched for them. Consequences: One public-facing sub-CA in Malaysia was dropped, 3 other CAs re-issued some certs and reviewed controls. No known customer breaches, but probably replacement certs for the holders (minor).
2011.5. Website hack. A captive CA for a telecom had its website hacked, and subscriber information and private IP compromised (Goodin). Attacker was listed as a hacker who tipped off the media, claiming not to be the first. Parent telecom shut down the website.
2012.1. Weak Key scan. Two academic groups independently scanned the net for all published certificates (6-11 million examples) and analysed them (Heninger, et al) and (Lenstra, et al). They found that 1% of certificates were in common, and 0.4% were constructed with poor parameters which permitted the revealing of the secret keys. The keys were traced to 3 popular hardware devices with one popular software package at its core that mishandled the random numbers on key generation (Wikipedia). Consequences: Damages have not been assessed but would involve some rework and reputational loss by the suppliers of these devices. Gain in reputation for the academic groups.
2012.2. CA breached contract against MITMs. A CA announced that it had issued a subroot to a company for the purposes of intercepting the secure communications of its employees (SpiderLabs). This is contrary to contract with vendors and industry compact. At some moment of clarity, the CA decided to withdraw the subroot. Consequences: loss or damage to that customer due to contract withdrawal. Such contracts have been estimated to cost $50k. Destruction of the equipment concerned, maybe $10k. Loss of reputation to that CA, which specialises in providing services to US government agencies. Potential for delisting the CA concerned in vendors' trust lists which could be a bankruptcy event (TheRegister). Loss of time at vendors which debated the appropriate response.
2012.4 In the vendor's words: "We recently received two malicious utilities that appeared to be digitally signed using a valid [Vendor] code signing certificate. The discovery of these utilities was isolated to a single source. As soon as we verified the signatures, we immediately decommissioned the existing [Vendor] code signing infrastructure and initiated a forensics investigation to determine how these signatures were created. We have identified a compromised build server with access to the [vendor] code signing infrastructure. We are proceeding with plans to revoke the certificate and publish updates for existing [vendor] software signed using the impacted certificate. ...." If nothing else, kudos for a model disclosure!
2012.5 A CA here issued 2 intermediate roots to two separate customers 8th August 2011Mozilla mail/Mert Özarar. The process that allowed this to happen was discovered later on, fixed, and one of the intermediates was revoked. On 6th December 2012, the remaining intermediate was placed into an MITM context and used to issue an unauthorised certificate for *.google.com DarkReading. These certificates were detected by Google Chrome's pinning feature, a recent addition. "The unauthorized Google.com certificate was generated under the *.EGO.GOV.TR certificate authority and was being used to man-in-the-middle traffic on the *.EGO.GOV.TR network" wired. Actions. Vendors revoked the intermediates microsoft, google, Mozilla. Damages. Google will revoke Extended Validation status on the CA in January's distro, and Mozilla froze a new root of the CA that was pending inclusion.
2012.6 writes Symantec: "the VOHO attack campaign of June, 2012. What was particularly interesting about this attack was the use of the watering hole attack technique and the compromise of B9’s trusted file signing infrastructure. The VOHO campaign was ultimately targeting US defense contractors whose systems were protected by B9’s trust-based protection software but when the Hidden Lynx attackers’ progress was blocked by this obstacle, they reconsidered their options and found that the best way around the protection was to compromise the heart of the protection system itself and subvert it for their own purpose. This is exactly what they did when they diverted their attention to B9 and breached their systems. Once breached, the attackers quickly found their way into the file signing infrastructure that was the foundation of the B9 protection model, they then used this system to sign a number of malware files and then these files were used in turn to compromise the true intended targets."
2012.7 A security provider's code-signing cert was compromised through a misconfigured VM and the cert was used to sign dozens of malware. This was part of a targetted attack at a particular unnamed segment of industry, presumably one which was served by the provider. Consequences. "compromised specific Websites (a watering hole style attack...). We believe the attackers inserted a malicious Java applet onto those sites that used a vulnerability in Java to deliver additional malicious files, including files signed by the compromised certificate."
2013.1 Brazil. The Ministry of Mines and Energy was attacked by the 5E group of intelligence agencies, led by Canada's CSEC, in what seems to be a state-industrial espionage campaign (globo).
...the author of the presentation makes the next steps very clear: among the actions suggested is a joint operation with a section of the American NSA, TAO, which is the special cyberspy taskforce, for an invasion known as “Man on the Side”. All incoming and outgoing communications in the network can be copied, but not altered. It’s like working on a computer with someone looking over your shoulder.
A vague accusation was previously made on Brazilian TV that certificate-based MITM attacks may have been made against many overseas corporations by the NSA:
Now, documents published by Fantastico appear to show that, far from “cracking” SSL encryption—a commonly used protocol that shows up in your browser as HTTPS—the spy agencies have been forced to resort to so-called “man-in-the-middle” attacks to circumvent the encryption by impersonating security certificates in order to intercept data. ... However, in some cases GCHQ and the NSA appear to have taken a more aggressive and controversial route—on at least one occasion bypassing the need to approach Google directly by performing a man-in-the-middle attack to impersonate Google security certificates. ... One document published by Fantastico, apparently taken from an NSA presentation that also contains some GCHQ slides, describes “how the attack was done” to apparently snoop on SSL traffic. The document illustrates with a diagram how one of the agencies appears to have hacked into a target’s Internet router and covertly redirected targeted Google traffic using a fake security certificate so it could intercept the information in unencrypted format.
The attack happened, but the role of certificates is obscured by the fog of journalism (ElReg). Consequences: uncertain, the purpose is economic or industrial espionage: the aim of the Canadian agency: “Discover contacts of my target” – the Ministry of Mines and Energy of Brazil.
2013.2 Android's Secure Random. The default Java random number generator for all Android was found to be weak. This lead to breaches of the ECDSA key as signatures were made without sufficient randomness ElReg. Likely, this would also impact any client-certificates or similar cert-protected operations on Androids. Consequences. At least one Bitcoin theft was rumoured, but need more details here... No evidence of PKI breaches as yet, probably because Android is more client-side and PKI has concentrated on server-side keys.
2013.3 Lavabit. FBI subpoened the SSL encryption key of a small email provider (Register). While stating they were only interested in tracking one customer (Snowden) it gave them access to all customers, and was probably an illegally broad request, not particularised. "On Aug. 5, Judge Claude M. Hilton ordered a $5,000-a-day fine until Mr. Levison produced the keys in electronic form. Mr. Levison’s lawyer, Jesse R. Binnall, appealed both the order to turn over the keys and the fine. After two days, Mr. Levison gave in, turning over the digital keys — and simultaneously closing his e-mail service, apologizing to customers on his site. That double maneuver, a prosecutor later told his lawyer, fell just short of a criminal act" (NYT). Consequences: loss of an entire business. Compromise of entire customer base's secret communications, as the key has probably now gone to the NSA, and we know the NSA escrow encrypted traffic for future decryption. Indirect damage to reputation of all SSL sites, as it is clear that the USA courts will overreach to demand keys (something that UK's RIP permitted but was apparently never used).
2013.4 Signed Trojans. In two separate incidents, trojans were discovered to be signed by valid certificates signed by the same CA (1, 2). In both cases, the trojans seemed to be attacks on online banking, and one cert had signed 70b variants of trojans. The claimed companies for the certificates, one in Brazil, the other in France, did not exist, although it looks like the Brazilian name was registered as a company (whatever that means). Also see #WildNeutron below. Consequences: revocation and press reports (embarrassment).
2013.5 Fibre Tapping. Over the last several years, a major public email and phone supplier put SSL protection by default on all email and other services users. The NSA bypassed the protections of SSL by tapping unencrypted links between data centers (WaPo, FC1). The graphic reveals the story better than words. Consequences: potential breach of all and any services that might have been exposed over the unencrypted links, including access capabilities, intellectual property, financial data. Reports of entire databases, etc, being compromised in copying make this breach far bigger than the credit card hacking breaches, possibly the largest corporate breach to date. For the future, encrypted links seem more likely, and more end-to-end security models will likely be used. Reputation for security has taken a big hit, as the encryption of offsite data and the tapping of fibre is a widely known threat (FC2).
2013.6 ANSSI. The French cyberdefense agency (their description) ANSSI national government CA issued an intermediate CA cert to the French Ministry of Finance who went on to issue several fraudulent certificates for Google domains (google, SSI). The usage was apparently to decrypt SSL traffic within the ministry. The intermediates were revoked by the CA. Consequences. This should result in revocation of the top-level CA by browsers as several warnings have been shot in this direction. However, it is unlikely that they will do so; the CAs exercise considerable pressure in secret over the vendors. As this is a top-level western powers government CA, likely a compromise will be found (ElReg). Damages likely reduced to embarrassment and annoyance (bugzilla).
2014.1 Heartbleed. Researchers discovered and announced a flaw in the OpenSSL implementation of the TLS protocol for some recent versions allowed an attacker to access private data including keys from effected clients and servers. This in effect compromised (made uncertain) all keys in webservers running the buggy versions, as well as opened up client certificates to compromise. The attack did not cause any diagnostics to differentiate, therefore detection was difficult. Only action is to upgrade OpenSSL and regenerate keys and certs where effected. After three weeks, 73% of certs remained to be reissued and 87% were yet to be revoked (Dumitras). Consequences: Massive re-issuance and re-install exercise for all OpenSSL sites. CRA reported credible exploit over 900 customers but no damages as yet. Schneier claimed 6 weeks after "In the end, the actual damage was also minimal, although the expense of restoring security was great." Costs in rework have been suggested as high as $500m FC CHS lost 4.5m records. Research shows revocation is unreliable (SecurePKI) which has been theoretically observed countless times.
2014.2 Review. This discovery of Heartbleed above triggered a wide-spread review of common cryptographic libraries used and [[|processes]] employed for TLS/SSL; other suppliers reported goto fail similar finds, as well as more for OpenSSL CVE-2014-0224. Good history of SSL/TLS. Although not an attack on CAs nor PKI, it does break open the customer by attacking near to the certs. Consequences: No damages reported as yet. Gotofail and Poodle may have been implicated by review. Breaches like this (Heartbleed, Lucky13, gotofail) are setting an overall ceiling on expectations over security using secure browsing stack of HTTPS and TLS and causing rethinks at all levels.
2014.3 Indian CA. An intermediate CA was compromised in India and several false certs were issued for google sites and also Yahoo. Google took the unusual step of restricting the certs under that CA to Indian domains. Microsoft's auto-update system revoked the certs. No damages reported.
2014.4 Facebook analysis "we have designed and implemented a method to detect the occurrence of SSL man-in-the-middle attack on a top global website, Facebook. Over 3 million real-world SSL connections to this website were analyzed. Our results indicate that 0.2% of the SSL connections analyzed were tampered with forged SSL certificates, most of them related to antivirus software and corporate-scale content filters. We have also identified some SSL connections intercepted by malware."
2014.5 Poodle attack is a downgrade attack on TLS to SSL v3 which then breaks open the packet using an attack on the weak padding. This allows older servers to be broken. Cloudflare reports low levels of SSL3.0 usage -- 0.65% of all HTTPS. Mozo and Chrome both announced intent to drop SSL3.0 entirely in short term (within 2m), which may disrupt some laggards. Later, it was discovered that TLS 1.0 and 1.1 were also susceptible to puddle if the padding wasn't checked correctly which was detected on around 3-4% of scanned servers. Consequences: No damages reported as yet.
2014.6 Emmental attack consists of man-in-the-browser trojan introduced into user's platform via phishing that corrupts both DNS resolver and platform's CA root list. It then proceeds to pop up warnings to trick the user into installing matching malware on user's mobile phone, which is listed as the second channel. Is targetted at 34 banks in Europe. Consequences. None reported in the paper.
2014.7 DarkHotel. Kaspersky published details of a 4 year operation called DarkHotel that attacked against high-profile guests at hotels. By tricking the user and/or laptop into doing an upgrade, trojans were inserted. The updates were signed by somewhat valid RSA keys and Kaspersky strongly suggests that the majority of keys were factored / forged 512 bit keys, whereas some longer ones were stolen. Consequences. The somewhat vague description suggest that various executives had their corporate intellectual property stripped. As it was highly targetted, and a very expensive attack, this suggests defence companies or state secrets.
2014.8 Guardians of Peace. Over the year, Sony Pictures Entertainment got hacked by "Guardians of Peace" originally thought to be North Korean interests (meaning, probably state-endorsed cyberwarefare units) upset at the release of a politically sensitive comedy, but later indicated as a possible inside job. Entry may have been by spear phishing (ArsTechnica). Within the month, malware appeared signed by Sony certs. GoP release file dumps with a selection of business certs (banking, infra, servers) and "a Sony Corp. CA 2 “root” certificate - a digital certificate issued by Sony’s corporate certificate authority to Sony Pictures to be used in creating server certificates for Sony’s Information Systems Service (ISS) infrastructure. This may have been used to create the Sony Pictures certificate that was used to sign a later version of the malware that took the company’s computers offline."
Consequences. SEP itself filed "The current quarter is expected to include approximately $15m in investigation and remediation costs" and "the grand total could be $35 million for the fiscal year ending March 31,... 'The figure primarily covers costs such as those associated with restoring our financial and IT systems.' " RT. Damages appear to have been mitigated (transferred): "We had insurance against cyber-attacks and will be able to recover a significant portion of the costs." Early estimate to SEP included an estimated $90m against fully pulling the movie although it made $15m when released on the net, perhaps evidencing an unexpected positive consequence -- negative damage -- of the hack. Several other unreleased films such as Fury were pushed out onto filesharing networks, dampening their revenue prospects.
2014.10 flyingPig. GCHQ runs a scanning service called Flying Pig that analyses SSL attacks (DerSpiegel-GCHQ):
- Multiple examples of FIS (foreign intelligence service?) data exfiltration using SSL have been found using FLYING PIG
- In particular, certificates related to LEGION JADE, LEGION RUBY, and MAKERSMARK activity were found on FLYING PIG using known signatures
- These were then used to find previously unknown servers involved in exfiltration from US companies.
- FLYING PIG has also been used to identify events involving a mail server used by Russian intelligence.
Consequences. unclear.
2014? Steel Mill. BSI in Germany reported (BSI Report) attackers gained access to the steel mill through the plant’s business network, then successively worked their way into production networks to access systems controlling plant equipment. The attackers infiltrated the corporate network using a spear-phishing attack—sending targeted email that appears to come from a trusted source in order to trick the recipient into opening a malicious attachment or visiting a malicious web site where malware is downloaded to their computer. Once the attackers got a foothold on one system, they were able to explore the company’s networks, eventually compromising a “multitude” of systems, including industrial components on the production network. “Failures accumulated in individual control components or entire systems,” the report notes. As a result, the plant was “unable to shut down a blast furnace in a regulated manner” which resulted in “massive damage to the system.” According to the report, the attackers appeared to possess advanced knowledge of industrial control systems. “The know-how of the attacker was very pronounced not only in conventional IT security but extended to detailed knowledge of applied industrial controls and production processes,” the report says. (wired) Date unknown.
2014. Superfish was a program (,company) and root certificate installed in Lenovo laptops shipped September - December 2014 (forbes). The root certificate was a single key/cert pair for all installs, and was inserted into the system's root list. The Superfish program then MITM'd all the user's traffic and injected 'applicable' adverts in the browser's google search process. The root key was extracted, and due to it being the same on all installs, holders of the root could now MITM any Lenovas that have not been cleansed of the malware. Worse, Superfish also rewrote any certificate that appeared bad to be good to the client, thus making any system MITMable by any outside agent (Filippo). Epic fail. Consequences. Remedial work includes changes in procedure at Lenova, and cleansing ofan unknown number of users: 16m laptops shipped over 4 month period, or 40 million users as claimed by Pinhas of Superfish (Superfish).
2015 . Duqu 2.0 Kaspersky found a highly sophisticated penetration of its own systems which also penetrated various international events of diplomatic significance (ArsTechnica). The malware lived in memory only and was self-healing, it relied on a zero-day to install code into kernals that bypassed the certificate checking mechanisms of Windows. Point of entry was suspected as being a spear-phishing attack on a regional office non-technical staff member using a zero-day (Wired, Kaspersky). It was capable of bypassing more than a dozen anti-virus products . It was fingered as being an update of Duqu above and signs pointed at it being from Israel. Kudos to Kaspersky for coming clean on this as per normal as soon as the zero-day was patched. Consequences. a lot of watching and cleaning by the company, and possibly loss of secrets. Kaspersky estimated that the budget for the attack operation was $10m, and the entire framework or platform cost $50m (FAQ).
2015. CNNIC The national CA in China issued an intermediate root cert to a company MSC Holdings under contract for storage in a HSM and only for own company domains. The company installed it in an SSL-MITM proxy that MITMed all users over several google domains. Google became aware via Certificate Transparency) and raised the alarm (google). Google and Mozilla determined that CNNIC had been negligent because it had "delegated their substantial authority to an organization not fit to hold it." Consequences. No user damage has been claimed as yet. The intermediate was revoked at browser level. CNNIC will be de-listed from the root lists for Mozilla (mozilla) and Chrome, but not Apple nor Microsoft. CNNIC is invited to do remedial work then re-apply.
20xx. Intelligence Community. (More a threat actor than a single event.) Ross Anderson published a good summary of everything we can conclude from the Snowden revelations about the NSA and friends (up to 65) attacking industry and people Anderson. Primary threats to the CA business would be: key theft, implants, bad RNGs, supply chain, insiders. Primary threats to users would be mass surveillance, leakage to police, parallel construction, poor usability of cryptographic tools. Breaching the cryptography directly remains a theoretical threat at best.
2015. Wild Neutron used a stolen cert to sign code for install on victim platforms, as well as a Flash zero-day. This malware was active in 2011 then 2013, during which it attacked the big user-facing IT corps. (SecureList) Consequences. Unknown at this stage but the target list suggests high-level economic attack motivations (law, investment, bitcoin, M&A, IT, healthcare, real estate).
2015 CIN - Corruptor-Injector Networks. CINs appear to be pwned routers that are capable of presenting entire sites in facade, including deep interception and rewriting of certificate based security (cryptostorm). Cryptostorm claims to have intercepted the trace of activity of a CIN and is reverse engineering it. So far the complexity of the attack is beating them, but it seems to involve manipulation of all aspects of the SSL/Certificate workflow on a massive scale. The cost of mounting such infrastructure must be high - in the many millions, and indicates state-level long term support - APTs. Consequences. If carried out at scale, users of corrupted routers are likely to be completely pwned. It is likely that the attacks will be targetted and if state-level, then may be limited to those with state enemies, although given recent posturing, that may be cold comfort.
2015(?) Weaponised CRLs. Cryptostorm reports that CRLs are no longer being used seriously by many players, and they are pursuing evidence that a CRL may have been used in the Stux/Flame/Duqu attacks by USA/Israel against Iranian nuclear plants (Cryptohaven). Another group had discovered DOS attacks using CRLs. As a result, cryptostorm are now blocking CRLs internally. Note that these reports are preliminary, with little confirming detail. Consequences. Unravelling the utility of the CRL system is problematic for the integrity of the CA infrastructure. Without an after-the-event ability to reach the users, the CA loses one leg of its business case. Sites are switching to OCSP and similar but if the site is now delivering a liveness record, the CA is no longer in its dominating position in the marketplace.
2015 Ashley Madison. A website business holding 30 million accounts for people searching for extra-marital adventure was hacked completely. No known cause of the breach as yet. The hackers were on either an extortion mission or a judgmental mission, either way their demands were not met so the entire dataset was posted into Tor. Consequences. The business is almost certainly dead. Also there is a large externality as people are discovered to have been on the site. In few cases is precise detail easily available as yet, but all are tarred with the same brush. Mass anguish (Hunt) and an expectation of many divorces, professional repucussions, etc.
2015 Office of Personnel Management. The OPM, a USA federal agency responsible for most background checks for government and military (not spooks) was hacked. Security was lax. Approximately all background checks and personnel files are compromised (breached). USA government (MSM) points finger at China, but no evidence provided. NB, as with AshMad above, there is no known evidence that this was a CA-related breach, but is included for its headline nature. Damages. Unbelievably Huge. This trove lays open the entire pesonnel of the USA government and military for aggressive enemy spying operations, it is literally the largest known spying coup ever. In direct cost terms, USA Department of Defence costed it at $132m (DefenseOne, Appropriations, Threatpost) but this does not cover non-DoD agencies (e.g., VetAffairs will cost $5m) and only covers the industry standard "compliance" cost of monitoring for credit abuse, etc. E.g,. a joke.
2015 Accidental Issuance. A major CA accidentally issued and released a cert for a major website, which was spotted by Certificate Transparency logs within Chrome (CA blog. website blog). Immediately spotted, and revoked, the cert never left their control. Damages. Incident report. Embarrassment of negotiating with browsers for a pass, the website concerned, and some employees fired. Updated report indicates 23 certs mis-issued, 164 instances of dodgy issuance in testing, over 76 domain owners.
2015 Misuse under contract. From a vague article by Forbes: "Alibaba’s 25pp marketplace doesn’t need the phone to be unlocked to install on iOS. It flouts Apple security rules in other ways. FORBES has learned the store breaks Apple policy by using an Enterprise Certificate to install itself on users’ phones. These certificates are supposed to be used by businesses to disseminate bespoke apps within the confines of the corporate network and are strictly not for commercial use. Apple could simply revoke the certificate, but it would be easy for Alibaba’s subsidiary to obtain a new one and start breaking the rules all over again" (Forbes) which enterprise certificates were complicit in the spread of viruses delivering malware. Also talks about jailbreaking which involves replacing the Apple root control chain.
2015 Dell notebooks with rogue root CA. Dell delivers new XPS 15 notebooks with an in the Windows trust store installed root CA certificate including its private key (found by rotorcowboy). "[A] network attacker could use this CA do sign his or her own fake certificates for use on real websites and an affected Dell user would be none the wiser unless they happened to check the website's certificate chain. This CA could also be used to sign code to run on people's machines".. On deletion, the root CA is re-installed in the Windows trust store after every reboot. Just one day later a second bad root CA (DSDTestProvider) was found, delivered with the Dell System Detect Tool, also including its private key. Damages. Beside Dell's reputational damage, malware using these CAs was spotted in the wild as Symantec reports.
2016 Supply Chain. Efforts to deprecate old algorithms have shown how hard it is to deal with the supply chain problem. SHA1 has been in deprecation mode since 2000 or so due to SHA2 being standardised, yet the cryptography supply chain continues to fight back. Mozilla backed away from blocking SHA1-signed certs because corporate MITM boxes were not updated with newer root certificates (MozoMITM). CAcert itself has had trouble getting its own roots re-signed with SHA2 due to the costs of bringing people together and underlying internal strife blocking new works (proof?).
2016 KeRanger Apple Mac computers were targeted with a ransomware apparently signed by a developer's certificate, which was then revoked by Apple (Reuters). The malware was delivered over a popular download application, Transmission. Damages. None as yet, but a suggestion that lock-downs don't start until Monday...
2016 DROWN older routers sporting SSLv2 can be attacked with an Oracle attack which reveals keys (DROWN). Which can be used to attack all recorded sessions that aren't PFE. Upgrade to all users is suggested. Damages. Widespread upgrade costs predicted.
2016 Android apps accept any cert. Many apps in Android will accept any cert presented, thus making the system vulnerable to MITM. No warning is provided to the user that they are being MITM'd (pgut001). This potentially explains why Androids work with public Wifis that routinely MITM whereas laptops will reject. Worse: if the user attempts to install own certs, Android warns that the user eternally, whereas if the app installs own certs, no permission or warning is forthcoming (HowToGeek, Google groups).
2016 Carbanak. Criminal APT group launched spear phishing attack on employees of banks with attachments, some signed by valid and revoked certificates of major CAs, loaded malware on to users' computers. From there, the malware hopped into banks and other institutions to raid monetary accounts (Kaspersky). Started Damages. According to victims and the law enforcement agencies (LEAs) involved in the investigation, this could result in cumulative losses of up to 1 billion USD.
2016 Branding. One CA attacked another by attempting to trademark the brands used by the second CA (Let'sEncrypt). Damages. Waste of legal resources (fees!) by both. Loss of credibility (Brand!) for the attacker. What were they thinking?
2016 Startcom/WoSign. A CA permitted base domain certs to be issued if the requestor proved over a subdomain (github cert, mozilla). In particular, a person got a cert over github.com by proving they was in control of x.github.com. The CA did not report the incident nor did the next audit cover the incidents (no action). The CA had a further incident reported over accepting large port numbers, although this is bemusing because ports are not privileged except by convention (Incident report). In another incident, the CA backdated certs to before a deadline for dropping SHA1 (Mozilla).
The CA was cross-validated by another CA sparking calls to check that CA as well. It was discovered that the superior CA had been secretly sold to the same interests that owned the sub-CA (who owns who). More scurrilous suggestions that one country is safe and another is not, etc (more). Damages. Three browser vendors (Apple, Mozilla and google) started the process of dropping the CAs. Mozilla report.
2016 Easy Tool. Perhaps related to the previous, researchers discovered that an easy certificate tool provided by a CA had a number of weaknesses (StartEncrypt). The tool was fixed within a week or so. Damages. No breaches evident, so mostly embarrassment and continuing pain at the revelation that if one CA fails, all of them fail.
2016 C0m0d0. A CA used image recognition to scan the email address in its validation process (bug report). Austrians tricked it by changing the 1 (one) to an l ('ell') and got themselves a cert in the name of a telecom. Damages. CA reported to uber-CA, lots of explaining to do...
2017 Brazilian Bank. hackers took control of bank's domain / DNS account and rerouted the entire property to cloud copy that had been HTTPS-protected with Lets-Encrypt certs issued 6 months prior (Hijacked). Owned bank for 6 hours during which they milked any customers logging in. Damages. Customers redirected to phishing sites, malware injected into customers, ATMs/PoS might have been taken over as well. Massive rework, massive loss of banking credentials, but no report of money thefts at this stage.
Guidelines
Help in improving the facts gratefully accepted. Be careful with speculation, we need facts for this exercise. Embarrassing the victims does not help the mission of this page, so names of CAs and vendors are typically dropped.
Commentary & References
Discussed in this mozilla thread and comments incorporated 20120411.
SSL/TLS in a post-PRISM world is another list of breaches, includes "a video parody to explain the problem to non-technical people."
Recent Hacks is a list of data breaches with details in graphical and summary form.