Case Project 2: Fraudulent digital Certificates

Case Project 2: Fraudulent digital Certificates

Case Project 2: Fraudulent digital Certificates

The growing use of fraudulent digital certificates has many security experts concerned, since it
is a technology that is very important to using the Internet for secure transactions. Research at
least two recent incidences of attackers or governments using fraudulent digital certificates.
How did they use them? What was the reason? How did Web browser vendors react? What did
they do to stop these fraudulent certificates? Write a one-page summary of your findings.

Sample Essay

Turkish Registrar use fake digital certificates on Google

            The fraudulent digital certificates were issued by TURKTRUST Inc which is a domain registrar in Turkey to Google. The main motive behind the issuance of these certificates was to attack Google online properties. These fake certificates were issued by an intermediate certificate authority from Turkey. These intermediate certificate authorities have all the rights held by digital certificates hence can generate fake certificates for any website they wish to resemble. The fake certificates issued by TRURKTRUST were meant to spoof information, conduct phishing attacks or perform attacks on Google subscribers. Google reacted swiftly through detecting and immediately blocking the fraudulent digital certificates. They later commenced an intensive investigation to establish the source of the fake certificates and traced them back to Turkish TURKTRUST Inc. They consequently issued an advisory to other web vendors on fraudulent certificates. Google also upgraded their facilities such as the Chrome to block any intermediary certificate authority (Raiu, 2012).

DigiNotar certificate breach

            In the case of DigiNotar which is a Dutch digital certificate authority, hackers used fraudulent digital certificates to hack its systems. The hackers’ main reason was to abuse SSL and EV-SSL certificate authority of the firm. DigiNotar reacted through revoking all digital certificates that were issued fraudulently. This was after it had ordered for an external security audit. However, DigiNotar declined to mention the issuers of the fraudulent certificates. The company also withheld the sale and issuance of SSL and EV-SSL certificates till the security audit was completed. In order to stop the fraudulent certificates, DigiNotar installed routers in its mechanisms to redirect any illegitimate certificate. However, Diginotar still relies on browser updates to protect itself fully from the fraudulent certificates (Prins & Cybercrime, 2011).


References

Prins, J. R., & Cybercrime, B. U. (2011). DigiNotar Certificate Authority breach’Operation Black Tulip’. Fox-IT, November.

Raiu, C. (2012). Cyber-threat evolution: the past year. Computer Fraud & Security, 2012(3), 5-8.

Get a 15 % discount on an order above $ 100
Use the following coupon code :
BEST22
error: Content is protected !!