Comment by codethief - Hacker Neue

codethief Apr 17, 2025 parent

> every black hat nation state actor would love to break into on their cert issuance servers and export a bunch of legit signed certs to run man-in-the-middle attacks

I might be misremembering but I thought one insight from the Snowden documents was that a certain three-letter agency had already accomplished that?

9Ljdg6p8ZSzejt Apr 17, 2025

This was DigiNotar. The breach generated around 50 certificates, including certificates for Google, Microsoft, MI6, the CIA, TOR, Mossad, Skype, Twitter, Facebook, Thawte, VeriSign, and Comodo.

Here is a nice writeup for that breach: https://www.securityweek.com/hacker-had-total-control-over-d...

9Ljdg6p8ZSzejt Apr 17, 2025

Edits: I believe this is what you were referring to. It was around 500, not 50. Dropped a 0.

codethief OP Apr 17, 2025

I do remember that breach but that was before Snowden. I'm relatively sure Snowden published some document about the NSA trying to undermine CAs, too.

This item has no comments currently.