9:30 ET, 10 December 2013

Google discovered the unauthorized use of digital certificates issued by an intermediate certificate authority linked to ANSSI for several Google domains.

Google has revealed that late on December 3rd it became aware of unauthorized digital certificates for several Google domains and immediately has started the investigation. Security experts at Google found that the digital certificates were issued by an intermediate certificate authority (CA) linked to the French certificate authority ANSSI.

ANSSI is the French CyberSecurity agency that operates with French intelligence agencies, the organization declares that an intermediate CA is generating fake-certificate to conduct MITM attack and inspect SSL traffic. Be aware that an intermediate CA certificate carries the full authority of the CA, attackers can use it to create a certificate for any website they wish to hack.

“ANSSI has found that the intermediate CA certificate was used in a commercial device, on a private network, to inspect encrypted traffic with the knowledge of the users on that network. ”

Google discovered the ongoing MITM attack and has blocked it, Google has declared that ANSSI has requested to block an intermediate CA certificate.

gmail

“As a result of a human error which was made during a process aimed at strengthening the overall IT security of the French Ministry of Finance, digital certificates related to third-party domains which do not belong to the French administration have been signed by a certification authority of the DGTrésor (Treasury) which is attached to the IGC/A.

The mistake has had no consequences on the overall network security, either for the French administration or the general public. The aforementioned branch of the IGC/A has been revoked preventively. The reinforcement of the whole IGC/A process is currently under supervision to make sure no incident of this kind will ever happen again” stated the ANSSI advisory.

The ANSSI attributed the incident to “Human Error” made by someone from at Finance Ministry sustaining that the intermediate CA certificate was used in a commercial device, on a private network, to inspect encrypted traffic with the knowledge of the users on that network.

Google has updated Chrome’s certificate revocation metadata to block the ANSSI intermediate CA and has reported it to the agency and other browser vendors.

Despite the reply of ANSSI the incident is considerable a serious breach, The Google’s Certificate Transparency project is an important initiative to highlight breach like this one and preserve users’ security and privacy.

As remarked by security expert Fabio Petrosanti a recent law proposal, see Art. 246, is giving power to governmental agencies to act with massive interception capabilities

http://translate.google.com/translate?depth=1&ie=UTF8&prev=_t&rurl=translate.google.com&tl=en&u=http://www.assemblee-nationale.fr/14/projets/pl1473.asp

Can we really speak of incident or we are faced with yet another government espionage operation?

Pierluigi Paganini

(Security Affairs –  Cyber espionage, digital certificates, Google)
rsa-logo