What to do to Safeguard Against a Malicious SSL Certificate Attack
How DigiCert, web browsers, and informed consumers protect against SSL fraud.
SSL certificates help protect web users in two ways. First, SSL encrypts sensitive information such as usernames, passwords, or credit card numbers. Second, SSL certificates verify the identity of websites.
While this second point may happen to varying degrees depending on the certificate a website admin purchases or the certificate provider he or she uses, all SSL certificates at least confirm that the website you are on (for example, www.ExampleBank.com) is in fact www.ExampleBank.com, as opposed to a fake website posing as www.ExampleBank.com.
What's the worst that could happen?
As with any aspect of computer security, as long as there is a strong incentive (financial, political, etc.) to attempt to game the system, there will be malicious players in the game who will try to find exploits or loopholes in a secure system.
Many of the potential attacks against an SSL certificate are either untenable because hacking technology has not caught up to security technology (for example, a brute force attempt to "crack" an ssl certificate would take years), or are relatively easy to protect against.
Modern web browsers are configured to detect common certificate issues and warn users before they are even allowed to proceed to a website that has potential issues.
With SSL security issues, as with many issues in online security, users acting against warnings, use of outdated web browsers or operating systems, and acting against best practices (for example, clicking on links in spammy emails) are the primary issues that increase user vulnerability.
Most true breaches in the system, when they do occur, are usually resolved within a small timeframe through automatic updates or widely available patches.
Total failure of trust.
Many low-end attacks may target consumers and rely on tactics such as misdirection (taking a user to login.ExampleBank.hidden-domain.com instead of login.ExampleBank.com). However, there is one scenario from which no built-in security feature available can completely shield a consumer — the failure of a trusted part of the authentication system.
The reason a certificate based system works is that it relies on Certificate Authorities (like DigiCert) to affirm that anyone who gets a certificate for ExampleBank.com really does own ExampleBank.com. If a malicious party were to obtain an authentic certificate for a website, it would be possible to completely spoof the online interaction so perfectly that the users would never know that their every action was being watched, monitored, cataloged, and potentially stolen.
The bank example seems obvious. However, when we consider what kind of organization might have the necessary resources to hack into a secure environment and completely compromise a system of certificate issuance that is audited regularly for security purposes, thoughts may turn from run-of-the-mill credit card theft and towards a nation-state interested in spying on the online activities of its citizens.
Sites such as Twitter, Facebook, Gmail, etc. seem like more apt targets for this second kind of attacker.
Protecting against systemic failure.
Although to the best of our knowledge the scenario described above has never happened to a large, trusted Certificate Authority (CA) such as DigiCert, less secure organizations have been compromised to varying degrees.
In at least one case of severe negligence on the part of a CA, their roots were immediately pulled from all browsers upon discovery of the breach. A CA with no roots is, essentially, no longer a CA. Anyone accessing a site "secured" with their certificates would see overt warning signals like in the image above.
As to what a user can do, the single most important thing is to always make sure that automatic updates are turned on and manual updates are done regularly to ensure that up-to-date operating system and browser software can help protect from any attacks that have been detected.
Learn to recognize visual trust marks associated with SSL certificates such as the SSL lock icon and the EV trusted green bar.
System administrators can help protect their users by implementing advanced standards of SSL security such as EV SSL certificates, and maintaining server software up-to-date.
At DigiCert, we will continue to follow and implement new procedures for enhanced security to help protect our customers and the greater internet community as a whole. System security and redundancies as well as administrator-based protections are part of the infrastructure framework that has helped us protect against breaches up to this point, and we are always in the process of changing and updating our systems to stay ahead of potential security problems.