History of Risks & Threat Events to CAs and PKI
In Risk Management terms, History refers to the series of attack events that are documented and examinable, for the purpose of validating threat attack models.
This is an ongoing effort to document those events that have been reasonably seen as attacks and threats relevant to the CA and the usage of certificates. The purpose of this page is to help risk assessments validate their threat models against recorded events.
Only attacks with whose existence is established by sufficiently reliable reporting are listed here. Consequences need to be identifiable, but they do not need to be against any specific party. To some extent, where we set the bar is difficult to justify because we lack a clear history of user damages. However, some history is better than none.
2001. False certs. An unknown party used weaknesses in validation to get two certificates issued in the name of Microsoft.com (Guerin). The attacker was thought to be of the reputational variety: interested in embarrassment of CA not exploitation.
2003. Phishing. This attack bypasses the security afforded by certificates due to weaknesses in the secure browsing model (Grigg1). The existence of an unsecured mode of communication (HTTP) alongside a secure mode (HTTPS) provides an easy borders-of-the-map or downgrade attack, which user interfaces offer little resistance against. Consequences best guesstimate runs at around $100m per annum (FC 1343).
2008.1. Interface breach. One CA created a false certificate for a vendor by probing the RA of a competitor for weaknesses (Leyden). Consequences limited to lowered reputations for all of those involved.
2008.2. Weak root. An academic group succeeded in attacking a CA with weak cryptographic protections in its certificates (Sotirov et al). This resulted in the attackers acquiring a signed certificate over two keys, one normal and one that acted as a sub-root. This gave them the ability to sign new certificates that would be accepted by major vendors. Consequences: as the root that was attacked was slated to be removed within the month, consequences were limited. Faster rollout of the new root, perhaps a few certificate re-issuances and reputation damage.
2010. Stuxnet. Two code-signing certificates, stolen from two separate chip manufacturers in Taiwan, were used to sign drivers that were installed as part of a rootkit to infect Windows machines (Krebs), (Wikipedia1). The overall goal was a highly targetted sabotage of Iranian centrifuges engaged in production of high-grade nuclear material. Consequences: Various non-authoritive reports suggested that Stuxnet succeeded in knocking out and perhaps destroying some 1000 centrifuges, estimated at 10% of Iran's centrifuge capacity (ISIS) and delaying Iran's weapon building program by 1.5-2 years (NYT20120601.2). DEBKA suggests the damage is far more severe and sweeping than first reported, effecting and targetting thousands or even millions of significant computers (DEBKA1), and carrying on into 2012 (DEBKA2). Attacker is USA/Israeli government joint venture (NYT, wapo).
2011.1. False certs. A lone Iranian attacker, ichsunx2, breached approximately 4 CAs. His best success was to use weaknesses in an Registration Authority to acquire 9 certificates for several high profile communications sites (Zetter). It was claimed that the attacker operated under the umbrella of the Iranian state but no evidence for that was forthcoming. No known user damages. Browser vendors revoked-by-patch ioerror.
2011.2. Breached / collapsed CA. The same attacker, icksunx2, breached a Dutch CA and issued several certificates. The CA’s false certs were first discovered in an attack on Google’s gmail service, suggested to be directed against political activists opposed to the Iran government. Controls within the CA were shown to be grossly weak in a report by an independent security auditor (FOX-IT1, FOX-IT3), and the CA filed for bankrupcy protection (perhaps for that reason). Vendors discovered that revocation was not an option, and issued new browsers that blocked the CA in code. Known user damages: rework by google, and vendor-coordinated re-issuance of software to all browser users. Potential for loss of confidentiality of activists opposed to Iranian government. Many Netherlands government agencies had to replace their certificates.
2011.3. Certificate Stealing. 3 separate incidents indicate that certificates are now worth stealing. Infostealer.Nimkey is a malware distributed through traditional spam/phishing channels (Yahoo). Once it infects, it searches the victim computer for keys and sends them to a server in China. Duqu is a variant of Stuxnet that used a stolen code-signing cert to install drivers (Wikipedia2). From inspection of the malware, the attack was variously quoted as IP/data collection/espionage, stealing keys, or attacking CAs (McAfee). Identity fraud of some form was used to get a valid certificate issued in the name of a company by intercepting the verification communications to that company's employee (F-secure). Consequences. Re-issuance of certificates and reviews of security. In none of these 3 cases were any direct damages assessed.
2011.4. Spear Phishing. A group of 9 certificates were identified in targetted malware injection attacks (FOX-IT2). As the certificates were all alleged to be only 512 bits, the conjecture is that new private keys were crunched for them. Consequences. One public-facing sub-CA in Malaysia was dropped, 3 other CAs re-issued some certs and reviewed controls. No known customer breaches, but probably replacement certs for the holders (minor).
2011.5. Website hack. A captive CA for a telecom had its website hacked, and subscriber information and private IP compromised (Goodin). Attacker was listed as a hacker who tipped off the media, claiming not to be the first. Parent telecom shut down the website.
2012.1. Weak Key scan. Two academic groups independently scanned the net for all published certificates (6-11 million examples) and analysed them (Heninger, et al) and (Lenstra, et al). They found that 1% of certificates were in common, and 0.4% were constructed with poor parameters which permitted the revealing of the secret keys. The keys were traced to 3 popular hardware devices that had one popular software package at its core. Consequences: Damages have not been assessed but would involve some rework and reputational loss by the suppliers of these devices. Gain in reputation for the academic groups.
2012.2. CA breached contract against MITMs. A CA announced that it had issued a subroot to a company for the purposes of intercepting the secure communications of its employees (SpiderLabs). This is contrary to contract with vendors and industry compact. At some moment of clarity, the CA decided to withdraw the subroot. Consequences: loss or damage to that customer due to contract withdrawal. Such contracts have been estimated to cost $50k. Destruction of the equipment concerned, maybe $10k. Loss of reputation to that CA, which specialises in providing services to US government agencies. Potential for delisting the CA concerned in vendors' trust lists which could be a bankruptcy event (TheRegister). Loss of time at vendors which debated the appropriate response.
2012.3. A malware called Flame was signed by a Microsoft sub-CA that was perverted by means of an older algorithm (arstechnica). The malware is thought to be a follow-up to Stuxnet (above). Damages to Iran are unknown as yet. Microsoft revoked 3 sub-CAs in a security update effecting all distributions.
2012.4 In the vendor's words: "We recently received two malicious utilities that appeared to be digitally signed using a valid [Vendor] code signing certificate. The discovery of these utilities was isolated to a single source. As soon as we verified the signatures, we immediately decommissioned the existing [Vendor] code signing infrastructure and initiated a forensics investigation to determine how these signatures were created. We have identified a compromised build server with access to the [vendor] code signing infrastructure. We are proceeding with plans to revoke the certificate and publish updates for existing [vendor] software signed using the impacted certificate. ...." If nothing else, kudos for a model disclosure!
2012.5 A CA here issued 2 intermediate roots to two separate customers 8th August 2011Mozilla mail/Mert Özarar. The process that allowed this to happen was discovered later on, fixed, and one of the intermediates was revoked. On 6th December 2012, the remaining intermediate was placed into an MITM context and used to issue an unauthorised certificate for *.google.com DarkReading. These certificates were detected by Google Chrome's pinning feature, a recent addition. "The unauthorized Google.com certificate was generated under the *.EGO.GOV.TR certificate authority and was being used to man-in-the-middle traffic on the *.EGO.GOV.TR network" wired. Actions. Vendors revoked the intermediates microsoft, google, Mozilla. Damages. Google will revoke Extended Validation status on the CA in January's distro, and Mozilla froze a new root of the CA that was pending inclusion.
Help in improving the facts gratefully accepted. Be careful with speculation, we need facts for this exercise. Embarrassing the victims does not help the mission of this page, so names of CAs and vendors are typically dropped.
Commentary & References
Discussed in this mozilla thread and comments incorporated 20120411.