Like this ...
>> The faked certificates allowed websites to pretend to be authentic? Does anyone know how these were actually used?
I can't say how they *were* used, only how they *could* be used.
Without SSL, anyone who controls the digital path between your computer and another site can intercept the connection and pretend to be the other site. Having done this, the options are quite varied - they could forward all the traffic so the site still works but they can read it all in transit , or they could completely replace some or all of the information (ie feed you false pages). This si the basis of a Man In The Middle (MITM) attack - you sit in between two communicating parties and spy on or even alter the messages being passed.
SSL is supposed to stop this, because your client software (browser, email program, whatever) and the site negotiate a secure connection and your end can verify the credentials by following the cryptographic chain back to a root certificate. The MITM attacker won't have a valid certificate, and your client software can then flag up the "there's something wrong with the security" alerts.
But, if you've managed to get a fake but valid SSL certificate, then when you do your MITM attack, you do have a valid certificate, and so the end user never gets any alerts. This means if you are a government intent of suppressing dissent, you can eavesdrop on (in this case, it seems emails) that your citizens think are secure (the service is off-shore in a country hostile to your government, and the traffic is protected in transit by SSL).
Obviously, if you are planning an uprising and think your communications channel is secure, then you are likely to divulge details that would be useful to those that you are planning to rise up against.