The Comodo Group, an Internet security company, has been attacked in the last month by a talkative and professed patriotic Iranian hacker who infiltrated several of the company’s partners and used them to threaten the security of myriad big-name Web sites.
But the case is not a problem for only Comodo, which initially believed the attack was the work of the Iranian government. It has also cast a spotlight on the global system that supposedly secures communications and commerce on the Web.
The encryption used by many Web sites to prevent eavesdropping on their interactions with visitors is not very secure. This technology is in use when Web addresses start with “https” (in which “s” stands for secure) and a closed lock icon appears on Web browsers. These sites rely on third-party organizations, like Comodo, to provide “certificates” that guarantee sites’ authenticity to Web browsers.
But many security experts say the problems start with the proliferation of organizations permitted to issue certificates. Browser makers like Microsoft, Mozilla, Google and Apple have authorized a large and growing number of entities around the world — both private companies and government bodies — to create them. Many private “certificate authorities” have, in turn, worked with resellers and deputized other unknown companies to issue certificates in a “chain of trust” that now involves many hundreds of players, any of which may in fact be a weak link.
The Electronic Frontier Foundation, an online civil liberties group, has explored the Internet in an attempt to map this nebulous system. As of December, 676 organizations were signing certificates, it found. Other security experts suspect that the scan missed many and that the number is much higher.
Making matters worse, entities that issue certificates, though required to seek authorization from site owners, can technically issue certificates for any Web site. This means that governments that control certificate authorities and hackers who break into their systems can issue certificates for any site at will.
Experts say that both the certificate system and the technology it employs have long been in need of an overhaul, but that the technology industry has not been able to muster the will to do it. “It hasn’t been perceived to be a big enough problem that needs to be fixed,” said Stephen Schultze, associate director of the Center for Information Technology Policy at Princeton. “This is a wake-up call. This is a small leak that is evidence of a much more fundamental structural problem.”
In the Comodo case, the hacker infiltrated an Italian computer reseller and used its access to Comodo’s systems to automatically create certificates for Web sites operated by Google, Yahoo, Microsoft, Skype and Mozilla. With the certificates, the hacker could set up servers that appear to work for those sites and try to view the unscrambled e-mail of millions of people, experts say. Comodo says it has suspended the Italian reseller and a second European reseller that the hacker also infiltrated.
In a series of online messages teeming with bravado, the hacker described himself as a software-engineering student and cryptography expert and said he worked alone. He suggested he was avenging the Stuxnex computer worm, which was directed at Iranian nuclear installations last year. And he indicated that he intended to use the certificates he created to snoop on opponents of the Iranian regime. “As I live, you don’t have privacy in Internet, you don’t have security in digital world,” he warned.
The certificate system was created at the dawn of e-commerce in the early 1990s before security was a major issue. Security experts say the system is not up to the challenge of today’s immense, commercial and much-attacked Internet. It was designed primarily to let businesses take credit card payments online, and less to confirm the authenticity of Web sites.
The crucial tool available to Comodo and the browser makers — revocation — is ineffective, security experts say. After the Comodo case, Google, Mozilla and Microsoft rushed out patches so their browsers would recognize and reject the bad certificates. But this solution requires many millions of Internet users to update their browser software, which many people never do.
Moreover, because certificate authorities’ servers are seen as unreliable, most browser makers allow users to proceed to an alternative site, and hackers can exploit this weakness, security experts say.
Browser makers have another problem: Faced with a suspicious certificate authority, there is little they can do shy of rescinding it. But if they did that, millions of Web users might encounter troubling error warnings when they visited sites with certificates from that company, causing a cascade of problems for users and site owners. Cutting out a large player like Comodo, which controls at least 95,100 active certificates, could effectively “break the Web,” said Dan Kaminsky, chief scientist at the security firm DKH.
They are effectively “too big to fail,” said Christopher Soghoian, a former Federal Trade Commission technologist who is now a graduate fellow at the Center for Applied Cybersecurity Research at Indiana University. “The problem is that the browser vendors don’t have a small stick, they only have a big stick." He said he could not recall a single instance in which the browser vendors had rejected a certificate authority.
Microsoft and Mozilla said that they would consider removing certificate authority if it was in the best interest of Internet users, and that they remained in talks with Comodo about its security practices. “Participation in Mozilla’s root program is a privilege, not a right,” the company, the nonprofit maker of Firefox, said. Apple, maker of the Safari browser, declined to comment. (Google’s Chrome browser defers to the choices of operating system makers like Microsoft and Apple about which certificate authorities are accepted.)
Mozilla, Microsoft and Google said they would work together and with certificate authorities and the security community on improvements to the system. One approach proposed by Comodo and Google engineers in January would allow Web site owners to specify which certificate authorities may issue certificates for their sites.
An initiative preferred by security experts would overhaul the system more radically. It would give Web sites similar control while securing their certificates within a new encrypted version of the domain name system, the central directory of the Web, making it the de facto central certificate authority through which Web sites could generate their own certificates.