Editing Scenario 08: Certificate authority hack

Jump to navigation Jump to search

Warning: You are not logged in. Your IP address will be publicly visible if you make any edits. If you log in or create an account, your edits will be attributed to your username, along with other benefits.

The edit can be undone. Please check the comparison below to verify that this is what you want to do, and then save the changes below to finish undoing the edit.

Latest revision Your text
Line 11: Line 11:
 
'''[F1]''' A company based in State A provides certificate authority services, including for government departments and agencies of State A. It has now been hacked by intruders, who assume control of the company’s certificate-issuing servers and, for several weeks, proceed to issue fraudulent certificates for private sector services, such as email or VoIP based telephony, but also for services related to the company register in State A (<b>incident 1</b>). Indicators of compromise (IoCs) point to the use of proxies (an unaffiliated group) in incident 1.
 
'''[F1]''' A company based in State A provides certificate authority services, including for government departments and agencies of State A. It has now been hacked by intruders, who assume control of the company’s certificate-issuing servers and, for several weeks, proceed to issue fraudulent certificates for private sector services, such as email or VoIP based telephony, but also for services related to the company register in State A (<b>incident 1</b>). Indicators of compromise (IoCs) point to the use of proxies (an unaffiliated group) in incident 1.
   
'''[F2]''' The fraudulent certificates are later used in a massive man-in-the-middle attack to intercept free email communication of several hundreds of thousands of individuals in State A (<b>incident 2</b>). Available evidence shows that State B’s intelligence service ordered and paid the above-mentioned group to issue some of the fraudulent certificates, including to the company register in State A. State B's intelligence service then used the certificates in conducting its mass surveillance operation.
+
'''[F2]''' The fraudulent certificates are later used in a massive man-in-the-middle attack to intercept free email communication of several hundreds of thousands of individuals in State A (<b>incident 2</b>). IoCs show that this mass surveillance operation was fully orchestrated by State B’s intelligence service, which had ordered and paid the group to issue some of the fraudulent certificates in incident 2, including to the company register in State A.
   
 
'''[F3]''' Eventually, all of the certificates issued by the company are blacklisted by the major internet browsers, the attack is contained, and the company files for bankruptcy.
 
'''[F3]''' Eventually, all of the certificates issued by the company are blacklisted by the major internet browsers, the attack is contained, and the company files for bankruptcy.

Please note that all contributions to International cyber law: interactive toolkit are considered to be released under the Creative Commons Attribution-ShareAlike 4.0 International (CC BY-SA 4.0) (see International cyber law: interactive toolkit:Copyrights for details). If you do not want your writing to be edited mercilessly and redistributed at will, then do not submit it here.
You are also promising us that you wrote this yourself, or copied it from a public domain or similar free resource. Do not submit copyrighted work without permission!

Cancel Editing help (opens in new window)