Three Symantec Employees Fired for Issuing Fake Google SSL Certificates

Status
Not open for further replies.

Exterminator

Community Manager
Thread author
Verified
Staff Member
Well-known
Oct 23, 2012
12,527
Symantec employees mistakenly leak test SSL certificates
Symantec was forced to fire 3 employees after Google's engineers found rogue SSL certificates issued in its name used in the wild.

SSL certificates are a technology through which browsers and Web service providers create a secure and authorized channel of communication.

They are used billions of times each day and have become a common practice in securing communications between users and banks, online shops, social networks, and about any website it wants to protect its users and their private data from hackers and privacy-intruding government agencies.

Responsible for issuing these certificates is a Certificate Authority (CA). There are numerous CAs around the world, all which are recognized and trusted by browsers makers to issue certificates to authorized and trustworthy clients only.

One of those CAs is Symantec, a cyber-security vendor known primarily for its Norton antivirus engine.

Google's Certificate Transparency project was first to note the rouge SSL certs
This Friday, September 18, Google's engineers working for Certificate Transparency, a project which double checks for rogue SSL certificates used in the wild, has found a series of fake Google.com SSL certificates which were issued by Symantec. These rogue certificates were also observed by DigiCert's technicians in their logs as well.

What's worse is that these certificates were issued with an "extended validation" label, which means that Symantec had supposedly carried out extra checks on the client that requested the certificates to validate its real identity, as Boing Boing reports. This information was not officially confirmed by either Google or Symantec in their press releases.

Google has blacklisted the certificates in question. Since they were leaked only for a day, Google and Symantec don't believe they might have been used in real-world attacks.

If hackers would have had more time, these rogue SSL certificates could have been used in MitM (man-in-the-middle) attacks, allowing malicious actors to intercept secure communications between users and Google-operated services, like Gmail, Google+, YouTube, and such.

Not the first time rogue SSL certifitcates are detected in the wild
This is not the first time that this has happened. In 2011, Dutch-based CA Diginotar was breached and hackers issued hundreds of fake certificates. Some of these SSL certificates (also issued in Google's name) were used by the Iranian government to spy on political dissidents.

The Diginotar incident was what convinced browser makers and certificate authorities around the world to create the Certificate Transparency project.

The same thing happened in December 2013 when ANSSI also mistakenly issued fake Google certificates, and at the end of March this year, when the CNNIC CA issued some unauthorized digital certificates for several Google domains. After the last incident, Mozilla and Google banned all CNNIC existing root and extended validation SSL certs.

Symantec has addressed the issue by firing the employees at fault
Investigating its recent incident, Symantec was quickly to follow suite with Google's inquiries in this matter, fearing the axe above its head.

According to their official statement, the company says that these rogue certificates were issued for tests inside the company, and they were immediately revoked when Google notified them of the leak.

"We discovered that a few outstanding employees [...] failed to follow our policies," said Quentin Kiu of Symantec. "Despite their best intentions, this failure to follow policies has led to their termination after a thoughtful review process. [...] As much as we hate to lose valuable colleagues, we are the industry leader in online safety and security."
 
Status
Not open for further replies.

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top