Fake Certificates Of Authority And How They Harm The Internet

The internet has always been known as a communication channel. It was created so that in case of an event like a nuclear war we would still be able to communicate with each other. But since the internet has been offered to the public it has had another job. And that job seems like it is to be all things for all people. What started off as something that was just supposed to communicate text is now something that sends out video, audio, pictures, video games and everything else that we can think of. And not only that, it is also to a point where we do our shopping and have delicate transactions take place. So because of that we have a bunch of different hacks that allow the internet and the web to act like we need it to. And that means several different hacks that allow us to protect ourselves during these delicate transactions that we make over the web.

certificates

One way that we are able to protect ourselves on the web is through the use of a technology that is called certificates of authority. A certificate of authority is a number that is provided to an entity by a third party that is confirming that a certain number is coming from that particular entity. For example, if you log on to Google’s website and you get a CA from them you know that you are on the Google website and it is safe to do business on there. The numbers are issued from a trusted third party that has been verified. It is a system that has been in place for awhile now and it works okay. But sometimes there are people with malicious intentions that take advantage of the system and they issue fake certificate to websites that should not have them.

This has happened a few times and the few times it has happened have been very dangerous. The most recent incident that we know about is a Turkish issuer of CA’s admitted that they issued fake ones to a few third party websites. If a black hat hacker is able to get hold of one of these fake certificates then they could act as the official version of the website that is supposed to be issued the certificate and take money in their name. And no one would be the wiser until it is way too late. The bad guy could pretend to be your normal banking website and your browser would not give you any warning that the website you are on is a fake. They would have your name and number and you would not realize that you have been scammed until they have taken all of your money out of the account.

That is why it is so dangerous when one these supposedly trusted services give away a fake certificate like this. It’s put normal customers at risk who do not know any better. Even people who are considered to be computer savvy are put at risk as well.

The issuing of these fake certificates is something that is dangerous to the web as a whole. It breaks down the trust that we have in these certificates and makes the web less trustworthy as a place to do commerce on. If we want the web to be a safe place for monetary commerce then we should make sure that these certificates of authority are as safe as possible.

photo: PabloBM

About Lee Munson

Lee's non-technical background allows him to write about internet security in a clear way that is understandable to both IT professionals and people just like you who need simple answers to your security questions.

Speak Your Mind

*