Understanding the security story of the year: "Iranian" hack attack on SSL

Last week's attack on Dutch certificate authority DigiNotar completely blew my attempt to avoid the Internet while I was on holidays: it seemed like enormously important news, but of such a highly technical bent that none of the traditional nonspecialist media could coherently discuss it.

In short, one of the companies that is authorized to create SSL certificates that your browser trusts — the certificates that let you make trusted, private connections to your bank, your Gmail, your government — was terminally compromised. The most likely culprit is a boastful "Iranian hacker" who claims to be a patriot who compromised the CA in order to allow the Iranian government to forge certs from Gmail and other companies to facilitate spying on dissidents.

Now, Electronic Frontier Foundation staffers Eva Galperin, Seth Schoen and Peter Eckersley have written a timely postmortem on the attack, explaining what's known, what's speculated, the risk it presents to you, and what you can do to make yourself safer now and in the future. This is the kind of analysis I was hoping for when I interrupted my net.fast last week — it's pretty crucial stuff to know.

SSL certificates are the glue that holds the encrypted portions of the Internet together — they are how your browser knows that the website you visit is the website you intended to visit. The official report on the attacks from Fox-IT includes data from DigiNotar that suggests that over 300,000 (primarily Iranian) Internet users may have been had their communications intercepted, but the danger to Internet users extends well beyond Iran.

The problem we face with Certificate Authorities is not just that there are particular vulnerabilites in any one CA. Rather, the massive structural crisis is that, as the SSL Observatory has shown, there are many hundreds of certificate authorities and an attacker only needs to break into one of those order to start issuing fraudulent certificates. Furthermore, these CAs appear to exist within around fifty countries' jurisdictions. Any one of these countries could conceivably compel a CA to create fraudulent certificates for purposes of espionage or for spying on that country's citizens. The DigiNotar hack has merely underlined how fragile the certificate authority system really is. Anyone who values the privacy and security of their communications and financial transactions online should take steps to protect themselves.

Statements have appeared strongly suggesting that the DigiNotar attacker is the same person who attacked Comodo earlier this year. The Tor Project has published extensive updates on the scope of the attack, including the list of the 531 fraudulent certificates issued by DigiNotar. This list shows that the attacker was prepared to facilitate spying against many major Internet sites. The attacker claims to be an individual Iranian who has chosen to help the government monitor individuals' communications. Additionally, he claims to have compromised four additional as-yet-unspecified certificate authorities. If true, the Iranian government may still have the power to forge new certificates in the name of these other authorities.

A Post Mortem on the Iranian DigiNotar Attack