French Govt Agency Fakes Google Certificates For Multiple Domains
In recent news, it has been identified that a firm in association with the French government has been exploiting the concept of SSL Certificates. They were continuously issuing multiple rogue certificates for different Google domains without proper authorization or license. The intermediate certificate authority was associated with the French Ministry of Finance. For some time now, the act was in vogue and continued to keep sending certs until Google found the fraudulent activity. The search engine company triggered an investigation that began on the first week of December.
Official news on this discovery and the fraud that took place was related by the company’s engineer on a blog post. He is a security personnel with Google who found plenty of the company domain certificates being protected using ANSSI organization issued certificates. The ANSSI is a French government agency, which is responsible for defending their country against cyber-attacks while maintaining the public key infrastructure as well as the root key authority.
It has also been confirmed that no illegal activity was carried out using these SSL Certificates. They were purely pushed in for surveillance purposes unlike hackers who use secure sockets layer to dupe authenticity with servers as well as browsers. The French agency acted as an intermediate CA which usually have the authority to sign certificates and assign it to any domain name unless the root certificate authority bans them from doing so.
Google, as soon as it realized the wrong use of the intermediate CA authority banned usage of further issuance. All major browser vendors, ANSSI and other involved were intimated as well. While the ANSSI was a legit user and authorized to do so, the misuse was pioneered by the French Ministry of finance. The Treasury department used it to sign domain names without proper authorization and it was caused by a human error, the community confirmed in their post.
Even though, it was an error that took place with the French government wings, no consequences or damages occurred due to this issuance. Multiple commercial devices were using this intermediate issued SSL certificates so as to monitor encrypted traffic. A similar issue was witnessed earlier with the Turkish government where another CA certificate was exploited and a third-party company was monitoring all traffic for security purposes.
Surveillance is taking a huge call on privacy these days and such news further fuels the already annoyed user community. SSL traffic is primarily inspected to stop data leakage and stop malware intrusion. If it is used for this purpose, there’s no issue associated with it.