back to article French gov used fake Google certificate to read its workers' traffic

A French government agency has been caught signing SSL certificates and impersonating Google. The bogus certificates were endorsed by the certificate authority of the French Treasury, DG Trésor. And the Treasury's own authorisation certificate was, in turn, vouched for by IGC/A (Infrastructure de Gestion de la Confiance de l' …

COMMENTS

This topic is closed for new posts.
  1. Destroy All Monsters Silver badge
    Windows

    I have to say...

    ...I am getting crackage fatique and my eyes are starting to bleed.

    I guess the correct french translation is "Une attaque 'barbouze au milieu'".

    This will probably be followed by a visit of Victor le Nettoyeur.

    1. captain veg Silver badge

      Close

      http://fr.wikipedia.org/wiki/Attaque_de_l'homme_du_milieu

      -A.

      1. Destroy All Monsters Silver badge

        Re: Close

        But also: barbouze = "secret service dude"

  2. phil dude
    Black Helicopters

    how is this not illegal?

    Does the rule of law exist? Or is this more of "do what I say, not what I do?"

    This behaviour is indistinguishable from the bad guys...

    P.

    1. Aitor 1

      Re: how is this not illegal?

      Obviously the rule of law douesn't exist, unless it is YOU who commit the crime.

      As for SSL... well, it is a joke. Firefox even REFUSE to disallow known counterfaiters...just check the forums.

      Only way is to use a VPN that uses the HTTPs port.

    2. Steve Davies 3 Silver badge

      Re: how is this not illegal?

      Don't you know by now that in France, they do as they want and the rest of the world can go and .... well you get the idea. They also ignore anything the EU/ECJ says if it is not in the interests of La Belle France.

      That said, rural French would say the same of La Parisienne's.

      Vive La Republique. I will snoop on you if I want to...

      Now where's the icon of De-Gaulle as a Dalek?

    3. Matt Bryant Silver badge
      Happy

      Re: phil dude Re: how is this not illegal?

      ".....This behaviour is indistinguishable from the bad guys..." The difference is clear - the bad guys want to steal stuff or blow stuff up, whereas the Fwench authorities just want to intercept any coms from whistleblowers revealing how much treasury cash gets spent by Fwench treasury ministers and civil servants on their mistresses.

    4. Anonymous Coward
      Anonymous Coward

      Re: how is this not illegal?

      "This behaviour is indistinguishable from the bad guys..."

      Hadn't you realised? Governments are the worst of the bad guys, who triumphed over all the others and consequently run things. When anyone else starts to threaten their monopoly of violence and robbery, they label those others "terrorists". That means "someone who isn't a government having the impertinence to behave like one".

    5. Dropper

      Re: how is this not illegal?

      If you are using a work computer you have no reasonable expectation of privacy. Why they would use such convoluted methods of monitoring network traffic and email is strange, but its common practice in many workplaces and pretty much guaranteed in every government agency on the planet.

      Signing your own certificates is bad, no question there, but whether it's illegal or not is something that only French law can answer. What is definitely not illegal is spying on your employees' internet activity. If you work for someone and use a computer, you should be aware that they can read your email if someone with sufficient authority within the organisation approves it, and they almost certainly monitor your internet activity.

      Wise people know pR0n belongs at home or on your phone..

  3. Chris Miller

    This is normal behaviour for most 'layer 7' firewalls. If you want to enforce rules about what can and cannot be sent in and out of your data centre, then you need to be able to spoof certificates. The usual way of doing this is to generate your own self-signed top-level certificate, which all the computers within your network will be configured to have included in their list of trusted certificates.

    If you don't want anyone else to be able to read your encrypted emails, don't use a computer whose list of trusted certificates you don't control.

    1. Sir Sham Cad

      Proxies

      And this is also how many enterprise proxy servers work to allow SSL connections to be policed (in the sense of applying policies). Enterprise PCs trust the inside cert on the proxy because GPO and the proxy decrypts the traffic and then establishes the SSL session with the remote host. Effectively the proxy pretends to be the remote host as far as your browser session is concerned.

      Of course that's not the same as forging another Trusted CA cert to get around having to have yours trusted by devices you can't or don't control. In this respect you remove the ability of the person who doesn't want their emails to be decrypted and read to control their cert trust list.

      1. Ben Liddicott

        Re: Proxies

        Exactly so.

        Essentially the same as this story here:

        http://forums.theregister.co.uk/forum/1/2012/02/09/tustwave_disavows_mitm_digital_cert/

        Don't use work computers for personal use, people!

        Also, don't use personal computers for work use.

      2. NogginTheNog

        Re: Proxies

        Agreed: personally I don't have a problem (or a suggestion of illegality) with a company or entity wanting to inspect traffic travelling across it's private network, whether it's to/from the public Internet or not.

        If you don't want personal information looked at then don't use a work network for personal use.

      3. Anonymous Coward
        Anonymous Coward

        Re: Proxies

        The UK Ministry of Defence proxies that implement its RESTRICTED <-> Internet interface do this as well.

        We had a discussion as to whether to remind personnel that the little padlock icon in the status bar of IE6 (sad, but sic) didn't mean what they thought it meant (nor what the Microsoft popup said about their traffic not being readable by third parties). In the end, it was decided that that particular sleeping dog should be left to slumber.

    2. localzuk Silver badge

      Indeed, this methodology is used in most schools too, to inspect HTTPS traffic for filtering effectively rather than filtering *all* HTTPS traffic.

      Nothing wrong with it in an enterprise network - it isn't an ISP doing it, its your employer and as such you have rules to follow internally.

      1. JohnG

        "Nothing wrong with it in an enterprise network - it isn't an ISP doing it, its your employer and as such you have rules to follow internally."

        True - but the employer should tell their employees clearly that they are doing this. In my experience, this is rarely the case - the information given to employees about any monitoring is vague (IMO, intentionally so).

        1. localzuk Silver badge

          @JohnG "True - but the employer should tell their employees clearly that they are doing this. In my experience, this is rarely the case - the information given to employees about any monitoring is vague (IMO, intentionally so)."

          Why should it be explained clearly? "Everything you do on the enterprise network is monitored" should just about cover it. You then no longer have any assumption of privacy on the network, so the enterprise can use whatever technologies it wants. Otherwise, what you're suggesting is that they itemise what tools they use! Which is pretty ridiculous really.

    3. Tom Chiverton 1

      It's not normal for the fake SSL certificate to be signed by a normal registrar, as opposed to some internal CA.

    4. Anonymous Coward
      Anonymous Coward

      Thanks... I'm glad someone saved me the bother...

      How anyone would think that if you use a computer owned by your employer and controlled by them that you would be secure is beyond me. Most employment contracts in the UK at least say that you will be subject to monitoring.

      What I find more shocking is the amount of technical people who just don't realise how SSL proxying works and jump on the "OMFG it's the MAN!" bandwagon.

  4. btrower

    Need a little clean up

    Of course all this stuff was possible and we knew it was happening to some extent. However, the pervasive nature of this and the, if you will, blasé, 'laissez faire" attitude is troubling.

    It is one thing for spies to be operating out of bounds, quite another for the entire regulatory apparatus, private, public, sovereign and supra-national to be shredding the rules at every turn.

    We need to dig this all up, find the extent, close down the most outrageous stuff and remove the caretakers who have had such horrendous judgment to bring us here.

  5. patrick_bateman

    and the problems is...?

    So the french goverment want to know what is sent and received by its own employees......

    fair game on them.

    We have enough trouble stopping people uploading patient info to their gmail acocunts and emailing it home!!!

    (yes i know mcafee and other products do document tracking, all costs.....)

    1. Destroy All Monsters Silver badge

      Re: and the problems is...?

      > fair game on them

      ONLY IN AMURRICA.

      Otherwise it is "surveillance of the employee" in this here socialist country, which ain't allowed AFAIK.

      But this is France, and a lot of very bizarre things have been going on since the pape was invited to Avignon.

      1. Anonymous Coward
        Anonymous Coward

        Re: and the problems is...?

        Otherwise it is "surveillance of the employee" in this here socialist country, which ain't allowed AFAIK.

        Like video surveillance, cars GPS and other similar employee spying monitoring systems, it is perfectly allowed as long as the employees have been made aware of it. What's more, the law is blurry enough to allow a mere "your internet activity might be monitored" IT policy to also cover SSL MITM.

        That's so-called "socialist" countries for you (show me a single socialist politician in France, and I'll buy you a beer or ten -- no, one that only calls himself socialist doesn't count, so my money is pretty safe).

  6. Robert Helpmann??
    Coat

    Trust but Verify

    ...man-in-the-middle SSL interception, a heavily frowned on practice that violates the trust model of internet security.

    You just can't trust anyone these days.

  7. Mark 85
    Big Brother

    violates the trust model of internet security

    I have seen damn little about internet security that I would trust. Fake certificates, "expired" certificates, the bad guys with phishing, drive by's, and the list goes on. So who do we trust? Google? The NSA? Any government?

    If "trust" were a valid model, we wouldn't need anti-virus, anti-malware software. If "trust" were a valid model, we could trust our governments, our employers and employees. If "trust" were a valid model, Google, FB, and every other site wouldn't be latching onto and analyzing our personal data and internet usage. NSA and every other "national security agency" wouldn't be feared.

    The old saying that when someone says "trust me" and the first thing you should do is check your wallet, is more valid than ever. But now we have to check our entire lives.... online, private, etc.

    1. Anonymous Coward
      Anonymous Coward

      Re: violates the trust model of internet security

      It goes to one of those "hard" problems of security in general: How can two people who've never met before be able to establish definitively they're who they claim to be? The simple answer is: they can't without someone to vouch for them, but now we're seeing the realization of the corollary question: Who vouches for the voucher? And that goes right to "Quis custodiet ipsos custodes?"

  8. Anonymous Coward
    Anonymous Coward

    Agree or disagre with it but an employer has every (legal) right to ensure the employees use of its computers and networks remains within company policy and locality criminal, corporate compliance laws etc**.. Its likely in the fine print of your employment contract, or the "acceptable use policy" agreement you click on every day when signing in but dont bother to read.

    SSL certificate interception is one way to do it, alternatively install loggers on everyones computers as part of the SOE - both get to the data unencrypted, certificate swaps are just a whole bunch more convenient to centralise and sort through.

    Company computers are like a company car or credit card or other work tool - be sensible, dont use them for going to your dealers to buy blow, or pay for hotels and hookers or sex swings or other personal shit etc.

    ** Am used to these interception certificates actually appearing as such, private signed certificate by the company etc, not purporting to be legit certificates from a (supposedly trustworrthy) public CA - this bit is approaching deceptive practice. Growing trend perhaps, to help governments and their interrigence organisations track govt data, identify potential 'problems' early on, leak sources etc?

    1. Callum

      it's not that simple

      your employer DOES NOT have the full right to view your http(s) traffic or emails , even in the workplace. (see data protection act). one of the big problems we had with our layer 7 FW was that around christmas employees shop online and we suddenly found ourself in possession of their card data including CCv numbers without adequate PCI/DSS processes around it.

      There can also be a fallout if an employee is using their work email to talk to a counsellor/doctor etc and the company take action based on those conversations.

      For us, the latest legal shambles is that we host our data centres in the USA and have implemented all of this without realising that the Federal Wiretap Act forbids it.

  9. Adam Inistrator

    I have stated before that this is a failure of my browser software to help me decide who is the certifies that the HTTPS connection is valid. FIREFOX IN PARTICULAR I AM LOOKING AT YOU!

  10. Graham Marsden
    WTF?

    "Trustwave"...

    ... run their website (that is responsible for ensuring people who take credit cards over the internet are PCIDSS complaint) using that well known secure piece of software, Flash...

  11. Crazy Operations Guy

    Well, thats another authority removed from my trusted list.

    Every time I set up a new machine or browser I immediately go into the certificate manager and delete all the authorities for nations I've never done business with or have a reason to trust.

    Why should I trust a certificate from a company whose name I can't even read? And why should I trust a certificate from a foreign government?

    1. btrower

      Re: Well, thats another authority removed from my trusted list.

      @Crazy Operations Guy:

      I concur. In fact, only a tiny handful of roots should be trusted and *all* of the current root CAs are not trustworthy.

      Too long to go into here, but not only the practice of the trust system is broken. The design is as well.

      As I have mentioned before, all of the big players are perfectly capable of giving you significantly better trust. They choose not to as a business decision. The cure to this is to make violating trust unprofitable.

  12. as2003

    Technical question?

    If some adversary (criminal, governmental or other), employs this MITM technique, then the end user will still see the green padlock in their browser but if they inspect the chain of certificates, they should notice that the certificates involved are not the usual ones, no?

    Are there any browser plugins that can warn about unexpected (but apparently legitimate) chains of certificates? Perhaps checking against previous experience and/or some independent database?

  13. Crisp

    Human Error

    Human error is when you make an accidental mistake.

    This wasn't human error, this was deliberate.

    1. BristolBachelor Gold badge
      Joke

      Re: Human Error

      The Human error was when a human ended their sentence with "...and they'll never know."

  14. ElReg!comments!Pierre

    He who controls the proxy...

    http://www.theregister.co.uk/2011/06/03/bofh_2011_episode_7

  15. umacf24

    Why can't they use their own, internal certificates?

    Interception is legitimate, on a private network. But it doesn't require certificates to be signed by a publicly trusted CA. All that's required is that an internal CA is trusted by the machines that are being intercepted.

    Evidently there are machines on the Ministry of Finance network that the administrators of the systems do not control. I wonder if they are:

    - Personal?

    - Spooks?

    - Hackers?

    I really don't know which would be worse! Either way it can't do the bond rating much good -- would you lend to an entity that can't control its own network?

    1. daftdave

      Re: Why can't they use their own, internal certificates?

      Sure they can use their own, Internal certificates. But, regardless of the arguments about data protection / snooping whatever: issuing a certificate in the name of Google when you have no authority to do so is plain fraud.

      Website: www.google.com

      Verified by: your boss.

      It's a joke, and a lie.

      What's worrying here is that it wasn't internal certificates, it was much worse. It was a certificate vendor who's certificates are trusted by the majority of browsers worldwide.

  16. Anonymous Coward
    Anonymous Coward

    non-story

    of course encrypted emails has to be proxied otherwise how else can they be inspected for virus or blocked extns?

    Where I work we get a splash page explaing that this is what is going to happen before being re-directed to gmail. If you want to read private emails privately you go home to do it (in private)

  17. Jamie Jones Silver badge

    Techie question....

    For my own personal https stuff, I'm thinking that it would be safer to go back to self-signed certificates on my server...

    Despite the initial browser warning that it's an untrusted source, the certificate chain can not be spoofed, because there is no-one else in the chain of trust to spoof it.

    Is this correct?

    Cheers, J.

    1. as2003

      Re: Techie question....

      I'm not an expert, but I'm pretty sure this would make a MITM attack even easier.

      A man-in-the-middle would be able to strip out your certificate and add their own, which now wouldn't even need to have a chain of trust, it could just be any old certificate.

      1. Jamie Jones Silver badge

        Re: Techie question....

        Hmmm. Thanks for the reply. I was wondering if there was some subtlety I hadn't thought of...

        However, I don't think this right. After all, even the 'chain of trust' has to stop somewhere, and so what would be stopping evil hacker NSA bloke from pulling the technique you describe at that root?

        I thought the private key (held presumably secure on the server) would thwart the type of attack you mention

        1. Charles 9

          Re: Techie question....

          No, because if they pwn YOUR end, they can STEAL your public key (what allows you to contact the server), replace it with THEIRS, and use your key to create a secure MITM.

          As for the NSA being able to do it, considering that SSL proxy is a known technique in the workplace, I wouldn't put it beyond them, throwing a spanner into the whole trust issue. Since the NSA is a state authority, and since no outside state can really be trusted, it poses the problem of trying to establish a new trust system that's capable of resisting the resources of something as powerful as a state while still being useable for the average Joe. The closest approach to date has been a kind of peer-based reputation system, but even that can be gamed by the state. Any attempt to control this would almost have to require attribution which would defeat the idea of anonymity on the Internet.

        2. as2003

          Re: Techie question.... @Jamie

          So if you sign your own certificate and someone navigates to your site, they'll see the usual "You're browsing on a secure connection, but we can't verify the identity of the site. Do you want to proceed?"

          Someone sat between your users and your server could then strip out your SSL and re-encrypt traffic with their own self-signed certificate. You wouldn't have to dig deep to see the certificates were different, but if your end user is expecting to see that warning, then would they do that? I doubt it.

          I suppose if you were able to convince a user to add you as a root certificate authority, then I guess you'd be more secure, as you suggest, but then how does your user know that initial connection hasn't been compromised and they aren't actually installing an attacker's certificate?

          I don't think getting your certificate signed by a CA is detrimental to security, and only adds barriers to adversaries, especially to common or garden ones you're much more likely to encounter.

          Again, correct me if I'm wrong...

          1. Jamie Jones Silver badge

            Re: Techie question.... @Jamie

            Ahhh. I get what you're saying now, and I agree.

            However, when I said 'my own personal stuff' I didn't mean my webserver for public consumption, I meant my *own* use for accessing my email etc. over https.. Not that I have anything to hide - in fact, my mail is so full of crap, I'd be doing a disservice making it public!

            1. Charles 9

              Re: Techie question.... @Jamie

              Even so, if your client has been pwned without your knowledge (due to a drive-by, for example), they could disguise the fact they stole your key by replacing any DISPLAYS of their key with your original one (false facades are common in malware now). In that event, how would you be able to tell that the key you see is the key you're actually using?

              1. Jamie Jones Silver badge

                Re: Techie question.... @Jamie

                Yep. That makes sense.

                However, if my client has been compromised, it's 'game over' already. After all, self-signed certificate or not, they have me pwned.

                I'd never use a public terminal, for instance, to access anything even requiring a password (https or no https). Heck, I won't even use anyone elses systems for private/financial stuff.

                I was just curious if a self-signed certificate would stop the https being hacked by stopping people abusing 'technically legitimate' access to any CA certificate in the otherwise chain - or if there was some other subtle issue this option would throw up that I hadn't thought about.

                As an aside, if someone was intercepting my CA-signed connection via a CA certificate intercept, am I right in assuming that the attacker wouldn't be able to stop me being provided with a different certificate and signature - it's just the fact that the browser would normally accept it silently?

                As for my own systems, I know they are secure because I was visiting some dodgy site, and this flashing red banner told me I had lots of viruses, and it is now keeping me safe due to this .exe file I downloaded and ran... That and all those browser bars promising me extra security and loads of free smileys means that I'm really safe! :-)

      2. Vic

        Re: Techie question....

        > I'm not an expert, but I'm pretty sure this would make a MITM attack even easier.

        Only if you use a self-signed cert in an overly-simplistic manner.

        > it could just be any old certificate

        ...But would it have the same fingerprint as mine?

        I carry a piece of paper in my wallet with my fingerprint on for exactly this reason; I can tell instantly if a corprat cert is being used (because I don't get warned about my invalid cert), and I get a fingerprint to check if there's any doubt.

        I used to consider myself somewhat paranoid, but recent revelations have shown I'm simply not paranoid enough...

        Vic.

  18. All names Taken
    Paris Hilton

    No! No!

    you haveit all wrong doodz!

    This is merely an instance of (un)civil serventia in action.

    Admitted it is French form of (UN)civil serventia but (un)civil serventia it is all the same possibly with a dash of French misanthropy?

This topic is closed for new posts.

Other stories you might like