France Faking Google Domain Certificates

Google catches French govt spoofing its domain certificates (ZDnet, 9 Dec 2013) – France’s cyberdefence division, Agence nationale de la sécurité des systèmes d’information (ANSSI), has been detected creating unauthorised digital certificates for several Google domains. Google states on its own security blog that an intermediate certificate authority (CA) issued the certificate, which links back to ANSSI. “Intermediate CA certificates carry the full authority of the CA, so anyone who has one can use it to create a certificate for any website they wish to impersonate,” Google wrote. In a statement by ANSSI, the cyberdefence organisation revealed that this intermediate CA is actually its own infrastructure management trust administration, or “L’infrastructure de gestion de la confiance de l’administration” (IGC/A). ANSSI itself is the cyber response and detection division of the French republic. ANSSI states that the fraudulent certificates were a result of “human error, which was made during a process aimed at strengthening overall IT security”. Google states that the certificate was used in a commercial device, on a private network, to inspect encrypted traffic. According to the web giant, users on that network were aware that this was occurring, but the practice was in violation of ANSSI’s procedures. Google used the incident to highlight the need for its Certificate Transparency project, aimed at fixing flaws in the SSL certificate system that could result in man-in-the-middle attacks and website spoofing. Google’s answer to these flaws is for CAs to adopt a framework that monitors and audits these certificates, thus outing rogue CAs or when certificates are illegitimately issued. This is not the first time that the flaws of SSL certificates have been exposed. The US National Security Agency is alleged to have used man-in-the-middle attacks through unauthorised certificates against Google in the past. Additionally, in August 2011, abreach at DigiNotar, another CA, found that an Iranian hacker had created rogue certificates for Google domains, intercepting user passwords for Gmail.

Provided by MIRLN.

Image courtesy of