Attacks/Breaches
9/6/2011
10:55 AM
50%
50%

Stolen Digital Certificates Compromised CIA, MI6, Tor

"Operation Black Tulip" security audit launched by the Dutch government finds that some of the 531 bad certificates were used to compromise at least 300,000 Iranian IP addresses.

10 Massive Security Breaches
(click image for larger view)
Slideshow: 10 Massive Security Breaches
On Monday, Fox-IT, the security auditors investigating the false digital certificates issued by Dutch certificate authority DigiNotar, released a preliminary report finding that the extent and duration of the breach was much more severe than had previously been disclosed.

In particular, attackers could have used the stolen certificates to spy on users of popular websites for weeks, without their being able to detect it. "It's at least as bad as many of us thought," said Chester Wisniewski, a senior security advisor at Sophos Canada, in a blog post. "DigiNotar appears to have been totally owned for over a month without taking action, and they waited another month to take necessary steps to notify the public."

Likewise, the list of fraudulent digital certificates obtained from DigiNotar has been growing, expanding to include not just Facebook, Google, Microsoft, Skype, Twitter, and WordPress, but also the CIA, MI6, and Mossad intelligence services, as well as the pro-privacy Tor Project.

The first known certificate to be stolen dates from July 10, 2011. But while DigiNotar learned about the fraudulently issued certificates sometime later, it only made a public acknowledgement after Google users began experiencing related attacks. As the scale of the breach became clear, last week the Dutch government--which maintains a digital ID system based on DigiNotar-issued certificates--seized control of the certificate authority, commissioned Fox-IT to begin an immediate audit, dubbed "Operation Black Tulip," and warned Dutch residents that the identity system could no longer be trusted.

The Tor Project, working with the Dutch government, has been maintaining a full list of all compromised certificates, which currently number 531, although security experts expect that number to grow. The list includes intermediary certificate authorities (CAs), including Comodo, Equifax, Thawte, and VeriSign root certificate issuers, which are sites that can be used to issue new certificates.

"We cannot determine whether they succeeded in creating any intermediate CA certs. That's really saying something about the amount of damage a single compromised CA might inflict with poor security practices and regular internet luck," said Jacob Appelbaum, a core member of the Tor Project, on the Tor blog.

Attackers gaining access to digital certificates for Tor is also a worry, because the anonymizing network is often used by human rights activists to mask their activities in oppressive countries.

Meanwhile, on Tuesday, the hacker behind the attacks against the Comodo certificate authority earlier this year claimed credit in a Pastebin post for the successful hack of DigiNotar, saying he'd been able to obtain a "full remote desktop connection" into its network. In addition, he said he'd compromised four more high-profile CAs, but stopped short of naming them.

As with the Comodo hacks, the target of the attacks appears to be Iranian Internet users. "The recent compromise of Dutch certification authority DigiNotar was used to spy on Iranian Internet users on a large scale," said Feike Hacquebord, a senior threat researcher at Trend Micro, in a blog post. "We found that Internet users in more than 40 different networks of ISPs and universities in Iran were met with rogue SSL certificates issued by DigiNotar. Even worse, we found evidence that some Iranians who used software designed to circumvent traffic censorship and snooping were not protected against the massive man-in-the-middle attack."

The preliminary audit of DigiNotar has reached similar results. "Fox-IT analyzed the lookups against DigiNotar's OCSP servers (which browsers check to see if a certificate has been revoked) and determined that during the active attack period more than 99% of queries originated in Iran," said Wisniewski at Sophos. According to the report, at least 300,000 unique IP addresses in Iran used the bad Google certificates.

In response to the attacks, Google, Microsoft, and Mozilla took the unusual step of permanently blocking all DigiNotar certificates. As a result, users of fully patched versions of Chrome, Firefox, and Internet Explorer 7 running on Windows 7 or Vista are protected against related attacks. Apple, however, has yet to patch OS X or Safari, and users of older Microsoft operating systems are also at risk.

On Saturday, Microsoft detailed the risks faced by vulnerable Windows users, as well as techniques they could use to protect themselves. Start by staying away from open wireless networks, since attackers could use such networks to launch man-in-the-middle attacks, said Microsoft. Meanwhile, other attack vectors include an attacker controlling the network infrastructure used by the user, or using DNS--either by controlling the DNS server used by the user's ISP, or tricking the user into using a malicious DNS server.

"Without this type of 'man-in-the-middle' access, an attacker would be unlikely to be successful in carrying out an attack," according to Microsoft. But two of those exploitation techniques are difficult to avoid in countries that heavily control their Internet infrastructure. In addition, successful attacks against Windows XP or Windows Server 2003 users could route them to malicious update sites, warned Microsoft.

Security professionals often view compliance as a burden, but it doesn't have to be that way. In this report, we show the security team how to partner with the compliance pros. Download the report here. (Free registration required.)

Comment  | 
Print  | 
More Insights
Register for Dark Reading Newsletters
White Papers
Cartoon
Current Issue
Dark Reading Tech Digest, Dec. 19, 2014
Software-defined networking can be a net plus for security. The key: Work with the network team to implement gradually, test as you go, and take the opportunity to overhaul your security strategy.
Flash Poll
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2014-2208
Published: 2014-12-28
CRLF injection vulnerability in the LightProcess protocol implementation in hphp/util/light-process.cpp in Facebook HipHop Virtual Machine (HHVM) before 2.4.2 allows remote attackers to execute arbitrary commands by entering a \n (newline) character before the end of a string.

CVE-2014-2209
Published: 2014-12-28
Facebook HipHop Virtual Machine (HHVM) before 3.1.0 does not drop supplemental group memberships within hphp/util/capability.cpp and hphp/util/light-process.cpp, which allows remote attackers to bypass intended access restrictions by leveraging group permissions for a file or directory.

CVE-2014-5386
Published: 2014-12-28
The mcrypt_create_iv function in hphp/runtime/ext/mcrypt/ext_mcrypt.cpp in Facebook HipHop Virtual Machine (HHVM) before 3.3.0 does not seed the random number generator, which makes it easier for remote attackers to defeat cryptographic protection mechanisms by leveraging the use of a single initial...

CVE-2014-6123
Published: 2014-12-28
IBM Rational AppScan Source 8.0 through 8.0.0.2 and 8.5 through 8.5.0.1 and Security AppScan Source 8.6 through 8.6.0.2, 8.7 through 8.7.0.1, 8.8, 9.0 through 9.0.0.1, and 9.0.1 allow local users to obtain sensitive credential information by reading installation logs.

CVE-2014-6160
Published: 2014-12-28
IBM WebSphere Service Registry and Repository (WSRR) 8.5 before 8.5.0.1, when Chrome and WebSEAL are used, does not properly process ServiceRegistryDashboard logout actions, which allows remote attackers to bypass intended access restrictions by leveraging an unattended workstation.

Best of the Web
Dark Reading Radio
Archived Dark Reading Radio
Join us Wednesday, Dec. 17 at 1 p.m. Eastern Time to hear what employers are really looking for in a chief information security officer -- it may not be what you think.