Download - Nation-State Attacks On PKI
![Page 1: Nation-State Attacks On PKI](https://reader034.vdocuments.site/reader034/viewer/2022052600/557e8e82d8b42a7e0c8b5047/html5/thumbnails/1.jpg)
Session ID:
Session Classification:
Phillip Hallam-Baker Comodo Group Inc.
STU-W25B
Studio
NATION-STATE ATTACKS ON PKI
![Page 2: Nation-State Attacks On PKI](https://reader034.vdocuments.site/reader034/viewer/2022052600/557e8e82d8b42a7e0c8b5047/html5/thumbnails/2.jpg)
Why are state actors different?
![Page 3: Nation-State Attacks On PKI](https://reader034.vdocuments.site/reader034/viewer/2022052600/557e8e82d8b42a7e0c8b5047/html5/thumbnails/3.jpg)
Motive
![Page 4: Nation-State Attacks On PKI](https://reader034.vdocuments.site/reader034/viewer/2022052600/557e8e82d8b42a7e0c8b5047/html5/thumbnails/4.jpg)
Capabilities
![Page 5: Nation-State Attacks On PKI](https://reader034.vdocuments.site/reader034/viewer/2022052600/557e8e82d8b42a7e0c8b5047/html5/thumbnails/5.jpg)
Targets
![Page 6: Nation-State Attacks On PKI](https://reader034.vdocuments.site/reader034/viewer/2022052600/557e8e82d8b42a7e0c8b5047/html5/thumbnails/6.jpg)
Iran
![Page 7: Nation-State Attacks On PKI](https://reader034.vdocuments.site/reader034/viewer/2022052600/557e8e82d8b42a7e0c8b5047/html5/thumbnails/7.jpg)
2009 Protests
![Page 8: Nation-State Attacks On PKI](https://reader034.vdocuments.site/reader034/viewer/2022052600/557e8e82d8b42a7e0c8b5047/html5/thumbnails/8.jpg)
Media cycle
![Page 9: Nation-State Attacks On PKI](https://reader034.vdocuments.site/reader034/viewer/2022052600/557e8e82d8b42a7e0c8b5047/html5/thumbnails/9.jpg)
► Discovered July 2010
► At least 5 Variants
► Possibly reduced production of U-235 by 30%
► Used signed code
► Legitimate code signing certificates
► Stolen keys
► Needed to sign driver code
► Estimated to cost > $1 million to write
► [Raised to >$100 million after Olympic Games disclosure]
StuxNet
![Page 10: Nation-State Attacks On PKI](https://reader034.vdocuments.site/reader034/viewer/2022052600/557e8e82d8b42a7e0c8b5047/html5/thumbnails/10.jpg)
2011 Arab Spring
![Page 11: Nation-State Attacks On PKI](https://reader034.vdocuments.site/reader034/viewer/2022052600/557e8e82d8b42a7e0c8b5047/html5/thumbnails/11.jpg)
Medium
![Page 12: Nation-State Attacks On PKI](https://reader034.vdocuments.site/reader034/viewer/2022052600/557e8e82d8b42a7e0c8b5047/html5/thumbnails/12.jpg)
► Reseller Breached March 15 2011
► Vector unkown
► Located API used to request certs
► Requested issue of certs for 7 domains
► Targeting Social Media sites
► Breach detected March 15 2011
► Reseller received email saying certificates ready
► Reseller knew that request had not been made
► Notified Comodo
Comodo Certificate MisIssue
![Page 13: Nation-State Attacks On PKI](https://reader034.vdocuments.site/reader034/viewer/2022052600/557e8e82d8b42a7e0c8b5047/html5/thumbnails/13.jpg)
► IP Address from which request launched
► In Iran
► Requests for cert status
► Same Iranian address
► Email correspondence from attacker
► IP address is in Iran
► Company purports to be Israeli
► Content cut and pasted from actual Israeli firms
Information Gathered
![Page 14: Nation-State Attacks On PKI](https://reader034.vdocuments.site/reader034/viewer/2022052600/557e8e82d8b42a7e0c8b5047/html5/thumbnails/14.jpg)
► Certificates Revoked
► But browsers don’t check this properly
► All reseller issue authority suspended
► Browser Providers notified
► Need to push new browser binaries (!)
► Responder Notification
► Certificate Subjects notified
► FBI
► Public (gated on browser patches)
► Revealed Iranian connection
► Accused of being alarmist, distracting attention etc.
Comodo and Industry Response
![Page 15: Nation-State Attacks On PKI](https://reader034.vdocuments.site/reader034/viewer/2022052600/557e8e82d8b42a7e0c8b5047/html5/thumbnails/15.jpg)
► 1) So counted green movement people in Iran isn't most of Iran, so when
Obama says I'm with Iranian young community, I should say as Iranian
young simply I hate you and I'm not with you, at least 90% of youngs in Iran
will tell you same thing, it's not my sentence. But you have bad advisors,
they report you wrong details, maybe you would think better if you have
better advisors.
► 2) To Ashton and others who do their best to stop Iranian nuclear
program, to Israel who send terrorist to my country to terror my country's
nuclear scientist (http://www.presstv.com/detail/153576.html), these type
of works would not help you, you even can't stop me, there is a lot of more
computer scientist in Iran, when you don't hear about our works inside Iran,
that's simple, we don't share our findings as there is no use for us about
sharing, so don't think Iran is so simple country, behind today's technology,
you are far stronger then them, etc.
Iran mounts PR offensive
![Page 16: Nation-State Attacks On PKI](https://reader034.vdocuments.site/reader034/viewer/2022052600/557e8e82d8b42a7e0c8b5047/html5/thumbnails/16.jpg)
PR Response
![Page 17: Nation-State Attacks On PKI](https://reader034.vdocuments.site/reader034/viewer/2022052600/557e8e82d8b42a7e0c8b5047/html5/thumbnails/17.jpg)
► Reseller breached
► Issue platform secure
► Mis-Issue detected in
hours
► Notified browser
providers
► Attacker objective failed
► Still operational
Incident comparison
► CA breached
► Lost control of Logs, HSM
► Mis-Issue not detected
► Discovered by targets
► Attacker succeeded
► Liquidated
Comodo DigiNotar
![Page 18: Nation-State Attacks On PKI](https://reader034.vdocuments.site/reader034/viewer/2022052600/557e8e82d8b42a7e0c8b5047/html5/thumbnails/18.jpg)
Conclusions
![Page 19: Nation-State Attacks On PKI](https://reader034.vdocuments.site/reader034/viewer/2022052600/557e8e82d8b42a7e0c8b5047/html5/thumbnails/19.jpg)
► State Actors matter
► Money isn’t the motive or even the enabler
► Different objectives ⇒ different targets
► Consequences may be life, not property
► Security basics matter
► Separate perimeter from core
► Deploy controls to test effectiveness of your controls
► Security is not a competitive advantage, share your knowledge
► Disclosure matters
► Notify responders immediately
► Plan for public disclosure in days
Lessons learned