Darknet Vendors Sell Counterfeit TLS CertificatesPro Tip: Change TLS Certificates Regularly for Better Data Security
Last August, Symantec announced it was selling its digital security certificate business to DigiCert. It followed a long-running quarrel with Google, which alleged that loose security controls at Symantec allowed bad actors to buy TLS certificates. Such certificates, for use with Transport Layer Security, provide authentication and data encryption between servers.
Counterfeit TLS certificates pose a big security risk. Fraudulent certificates issued in the name of real services could be used to support phishing scams. Fake certificates might also be used to intercept and decrypt traffic via a man-in-the-middle attack (see Microsoft Blacklists Fake Certificate).
Some malware distributors also use a legitimate certificate to sign their malware, which makes it less likely that security software will flag the code as being malicious.
With that use case in mind, researchers from Recorded Future's Insikt Group have examined the underground market for fraudulently requested SSL certificates and the complications they pose for malware detection. Previously, researchers suspected that many SSL certificates were stolen, Andrei Barysevich, director of advanced collection at Recorded Future, writes in a blog post. But there's long been a market for counterfeit certificates as well, and it continues to this day.
"For a number of years, security researchers have warned the public about cybercriminals using counterfeited code-signing certificates in their efforts to obfuscate malicious payloads, but only a handful of times were these underground services researched thoroughly," Barysevich writes.
Effective But Expensive
Recorded Future found four main vendors of TLS certificates in recent years. Three remain active, with two catering to Russian speakers. The vendors all appear to operate a bespoke market: Buyers specify what they need, and the vendors obtain the certificates, registered fraudulently using legitimate corporate details.
The counterfeit certificates get obtained from a range of legitimate CAs, including Comodo, Symantec and Thawte, which was part of Symantec.
The service isn't cheap. The least expensive certificates start at $299. Extended validation or EV certificates start at $349 and go up to $1,599, Barysevich writes.
Recorded Future communicated with two of the sellers, who claimed that the certificates they sold were registered by fraudulently using the details of real companies.
"With a high degree of confidence, we believe that the legitimate business owners are unaware that their data was used in the illicit activities," Barysevich writes.
Applications that get signed with a TLS certificate are often treated as being more legitimate. As a test, for example, Recorded Future worked with one SSL vendor, which used a fraudulent certificate to sign a remote access Trojan, Barysevich writes. The signed version managed to dupe some anti-virus suites.
"While ... eight anti-virus providers successfully detected the encrypted version of the payload, only two of them were effective against the code-signed version," he says.
Consider Automated Replacement
Security experts have long called for an overhaul of the certificate authority issuance system because of the way it can be abused.
Google's irritation with Symantec stemmed from a September 2016 incident in which the search giant found that Thawte had issued non-authorized certificates for www.google.com and google.com. Google eventually alleged that Symantec erroneously issued more than 30,000 certificates, although Symantec argued the figure was only 127.
Nonetheless, by last April, Google took the relatively unheard of step of distrusting all certificates that Symantec had issued prior to June 1, 2016. Google's phased plan calls for Chrome to reject most certificates issued by Symantec by this October (see Google Outlines Plan to Reject Symantec's Digital Certificates).
Distrusting old certificates isn't bad, especially as the web is increasingly embracing the use of TLS certificates for privacy reasons. In fact, U.K.-based security researcher Scott Helme contends that organizations should be regularly replacing their TLS certificates.
"At first it seems like shorter certificate validity periods would be nothing more than a pain, having to renew them more frequently, but there are some serious security benefits to reducing the lifetime on the certificates you get," Helme writes in a Friday blog post.
If an attacker does obtain the private key for a certificate, it's possible for the real owner of the certificate to revoke it. But Helme believes that the revocation process is broken, and there are variety of scenarios in which a browser will give a revoked TLS certificate a free pass unless it has expired.
But there are signs that TLS improvements lie ahead. In March 2017, the CA/Browser Forum's membership voted to reduce the maximum validity of a certificate to 825 days, Helme writes. That should help improve TLS hygiene. There are also positive moves to make TLS replacement less painful, including the Let's Encrypt project, which offers automated renewal of Domain Validation certificates (see Let's Encrypt Clashes with Comodo Over Trademark).
"Go for short certificates, look at automating as much of the process as possible and give yourself the best start," Helme writes. "If you have been using HTTPS for a long time, maybe with 39-month certs, perhaps now is the time to look at replacing that old process with something newer, faster, easier and cheaper."
Executive Editor Mathew Schwartz also contributed to this story.