Fake Google SSL Certificate Emerges With Ability to Hijack User Accounts

Mozilla will be releasing new versions of Firefox, Firefox Mobile and Thunderbird to revoke certificates signed by DigiNotar after reports of at least one fake SSL certificate from DigiNotar for various Google services.

Google will also mark DigiNotar untrusted in the next release of the Chrome OS (Chromium). Microsoft followed suit by removing DigiNotar from the default certificates store on Windows 7, Vista, Server 2008 and 2008 R2.

A user "alibo" posted on Google's Help forum on Aug. 28 a screenshot of a SSL certificate warning that it appeared in Chrome while accessing Gmail. The warning didn't appear when "alibo" tried to access Gmail over a VPN connection. Alibo claimed the warning came up only with google.com domains and not for Yahoo or Bing.

Alibo's post included a link to text-sharing site Pastebin with the contents of the fake SSL certificate for Gmail.com as viewed on Aug. 27. The certificate was issued by DigiNotar, an official Dutch certification authority, on July 10, meaning the fake certificate was valid for at least five weeks. The certificate was revoked by the Dutch CA on Aug. 29 at 16:59:03 GMT.

Chester Wisniewski, a senior security advisor at Sophos, speculated on the Naked Security blog that the new versions from Google and Mozilla were "because DigiNotar has not explained how the Google certificate was signed and to prevent further abuse."

DigiNotar validates and registers certificates for various government and professional sites in the Netherlands. DigiNotar was acquired by VASCO Data Security International in January of this year. VASCO did not respond to eWEEK's requests for comment or explanation as to what may have happened.

"I think my ISP or my government did this attack (because I live in Iran and you may hear something about the story of Comodo hacker!)" alibo wrote. Alibo's internet service provider was ParsOnline, but claimed on the forum that a friend on a different ISP was seeing the same problem.

Earlier in the year, Comodo, a certificate authority in the United States, was tricked into issuing fake SSL certificates for a handful of sites, including Google, Skype and Yahoo, when an attacker managed to obtain a reseller's login credentials. Comodo revoked the certificates immediately before it could be used.

The DigiNotar certificate was valid, but there was "no hard evidence about the origin of the attack," Kaspersky Labs' Roel Schouwenberg told eWEEK. The certificate could be used to eavesdrop on and potentially hijack user sessions on all Google services using SSL, including Gmail, secure search and Google+. The fact that DigiNotar had ties with government agencies made this "an even trickier situation," Schouwenberg said.

It's unclear at this time how widespread the problem was or who has been affected.

Even though the certificates have been revoked, the fake ones can still cause problems for users as not all browsers check certificates against the revoked list by default. Other browsers have not yet followed Mozilla's footsteps, but users would be "prudent" to remove DigiNotar from the trusted certificates list on the Web browser until there is further clarification, Wisniewski recommended. He noted, however, that Mozilla's decision could pose issues for Websites who have legitimately purchased certificates from DigiNotar, Wisniewski said.

Security researchers were in an uproar, trying to figure out what may have happened. DigiNotar is not saying whether it had been compromised, whether attackers had managed to steal the keys necessary to sign their own certificates or if it was tricked into signing the certificate for someone pretending to be Google.

"#Google MiTM attack by #Iran #government, again? Can anybody confirm or provide pcap and traceroute?" Hamid Kashfi, an independent security consultant based in Sweden, posted on Twitter.

Wisniewski noted there was only "circumstantial" evidence to back up the claim that the Iranian government was using the certificate to spy on its citizens. While Comodo's CEO Melih Abdulhayoglu had initially claimed the compromise was "definitely" initiated by the Iranian government, it turned out to be the work of a lone attacker with no government ties.

"I think it might still be a stretch to attribute this to the Iranian government," said Moxie Marlinspike on Twitter. "We all know how that went last time."

Marlinskpike had discussed problems with SSL and the trust system at Black Hat earlier this month and introduced a new project Convergence to create a new system of user-defined notaries instead of relying on the certificate authorities.

"It is simply more evidence that the current CA infrastructure that we have decided to "trust" is totally untrustworthy. It doesn't matter how this happened, it has happened before and unfortunately will happen again," Wisniewski said before encouraging users to download Marlinspike's Firefox plugin and bypass certificate authorities altogether.

"Placing trust in more than 600 certificate authorities to be honest and not screw up is quite a leap of faith," he said.