Stolen Digital Certificates Compromised CIA, MI6, Tor

On Monday, Fox-IT, the security auditors investigating the false digital certificates issued by Dutch certificate authority DigiNotar, released a preliminary report finding that the extent and duration of the breach was much more severe than had previously been disclosed.

In particular, attackers could have used the stolen certificates to spy on users of popular websites for weeks, without their being able to detect it. "It's at least as bad as many of us thought," said Chester Wisniewski, a senior security advisor at Sophos Canada, in a blog post. "DigiNotar appears to have been totally owned for over a month without taking action, and they waited another month to take necessary steps to notify the public."

Likewise, the list of fraudulent digital certificates obtained from DigiNotar has been growing, expanding to include not just Facebook, Google, Microsoft, Skype, Twitter, and WordPress, but also the CIA, MI6, and Mossad intelligence services, as well as the pro-privacy Tor Project.

The first known certificate to be stolen dates from July 10, 2011. But while DigiNotar learned about the fraudulently issued certificates sometime later, it only made a public acknowledgement after Google users began experiencing related attacks. As the scale of the breach became clear, last week the Dutch government--which maintains a digital ID system based on DigiNotar-issued certificates--seized control of the certificate authority, commissioned Fox-IT to begin an immediate audit, dubbed "Operation Black Tulip," and warned Dutch residents that the identity system could no longer be trusted.

The Tor Project, working with the Dutch government, has been maintaining a full list of all compromised certificates, which currently number 531, although security experts expect that number to grow. The list includes intermediary certificate authorities (CAs), including Comodo, Equifax, Thawte, and VeriSign root certificate issuers, which are sites that can be used to issue new certificates.

"We cannot determine whether they succeeded in creating any intermediate CA certs. That's really saying something about the amount of damage a single compromised CA might inflict with poor security practices and regular internet luck," said Jacob Appelbaum, a core member of the Tor Project, on the Tor blog.

Attackers gaining access to digital certificates for Tor is also a worry, because the anonymizing network is often used by human rights activists to mask their activities in oppressive countries.

Meanwhile, on Tuesday, the hacker behind the attacks against the Comodo certificate authority earlier this year claimed credit in a Pastebin post for the successful hack of DigiNotar, saying he'd been able to obtain a "full remote desktop connection" into its network. In addition, he said he'd compromised four more high-profile CAs, but stopped short of naming them.

As with the Comodo hacks, the target of the attacks appears to be Iranian Internet users. "The recent compromise of Dutch certification authority DigiNotar was used to spy on Iranian Internet users on a large scale," said Feike Hacquebord, a senior threat researcher at Trend Micro, in a blog post. "We found that Internet users in more than 40 different networks of ISPs and universities in Iran were met with rogue SSL certificates issued by DigiNotar. Even worse, we found evidence that some Iranians who used software designed to circumvent traffic censorship and snooping were not protected against the massive man-in-the-middle attack."

The preliminary audit of DigiNotar has reached similar results. "Fox-IT analyzed the lookups against DigiNotar's OCSP servers (which browsers check to see if a certificate has been revoked) and determined that during the active attack period more than 99% of queries originated in Iran," said Wisniewski at Sophos. According to the report, at least 300,000 unique IP addresses in Iran used the bad Google certificates.

In response to the attacks, Google, Microsoft, and Mozilla took the unusual step of permanently blocking all DigiNotar certificates. As a result, users of fully patched versions of Chrome, Firefox, and Internet Explorer 7 running on Windows 7 or Vista are protected against related attacks. Apple, however, has yet to patch OS X or Safari, and users of older Microsoft operating systems are also at risk.

On Saturday, Microsoft detailed the risks faced by vulnerable Windows users, as well as techniques they could use to protect themselves. Start by staying away from open wireless networks, since attackers could use such networks to launch man-in-the-middle attacks, said Microsoft. Meanwhile, other attack vectors include an attacker controlling the network infrastructure used by the user, or using DNS--either by controlling the DNS server used by the user's ISP, or tricking the user into using a malicious DNS server.

"Without this type of 'man-in-the-middle' access, an attacker would be unlikely to be successful in carrying out an attack," according to Microsoft. But two of those exploitation techniques are difficult to avoid in countries that heavily control their Internet infrastructure. In addition, successful attacks against Windows XP or Windows Server 2003 users could route them to malicious update sites, warned Microsoft.

Security professionals often view compliance as a burden, but it doesn't have to be that way. In this report, we show the security team how to partner with the compliance pros. Download the report here. (Free registration required.)