[SSL Observatory] Syrian fake certificate for Facebook

Peter Eckersley pde at eff.org
Thu May 5 15:13:05 PDT 2011


A copy of the certificate is linked in this post:

https://www.eff.org/deeplinks/2011/05/syrian-man-middle-against-facebook

On Thu, May 05, 2011 at 04:28:19PM -0400, Danny O'Brien wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
> 
> http://advocacy.globalvoicesonline.org/2011/05/05/did-syria-replace-facebooks-security-certificate-with-a-forged-one/
> 
> http://advocacy.globalvoicesonline.org/wp-content/uploads/2011/05/certificate.jpg
> 
> Looks like it's not signed by a vouched CA. 
> 
> I've actually had a smattering of reports of such fake (but not CA-signed) certificates in the wild from across the world (Central America, S.E. Asia, and now the Middle East). The explanation could be as much the widespread use of MiTM tools by petty criminals in cyber-cafes aimed at tourists as they are by state attackers – I get to hear about their use in repressive regimes more, but that might be just selection bias at work.
> 
> Does anyone else see more of these examples? Enough to see a trend, either in casual criminal use in easily MiTM environments, or on wired ISPs (implying a more established adversary)?
> 
> d.
> 
> - -- 
> Danny O'Brien
> Internet Advocacy Coordinator
> Committee to Protect Journalists
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.10 (Darwin)
> 
> iQIcBAEBAgAGBQJNwwhkAAoJEOUAGQaj/eReubwP/294joHV2SHikHGQNw9NDxSN
> 9hwdFmqcwcxNW+dXW1HO9kFlLE2rFEDvLOKztLxSdVODuENrU7nA5m15CG32a/8a
> 3pGO72wx6lagnr27g9Lpuzx6VTB61xC8uzRTQrmso5JIweD0EZPh3vpzNNCxFUTz
> cx1H+Q4dfnRBDDsgVyHynApTYrUryN0FUdNTZCwxWB888dhDtlL5qM3Hao/hAd5T
> 4cRrs6IXamL5GlL9ArAXr6PLQn8x8nKeltZnYXFAJCLzVDoZw8/cFRgAfJy2OtUz
> hH2aUyT2+OiLTk6q59UNkTwQDhXIO2l3KelVb6IEzPRfiUO6nBuLr6tVkhPDR0x6
> Xmb0P+Y46Bah7fWZhHXI9GmqyDF0oLUZPrqa7QZv1irSYm18AM+3oQOMtRK7ouvZ
> Hgd6Mf3FRNxYR0w9GhC3aDAZktQkKt+g+KQCTFyDdPNXk37xumOrCJfQBWCqDRKs
> wG2GIZvfu5xRKmdm8PFuYyAkBzyxQLu8tSdlI0VmdhsicibSj/u+U2YbkNOiS1eN
> Kn5Hk+0GPjzaE26utWGFS7KsOHfZ1SeZX+WBgZ5A2kakRTfBaSicT6NNI/Qd6jYF
> q05/t1tAjip+sfoBhLHf39ykGnZcHFYEJrU8LBrP6NJ1Z8UMWfJEHYTRk7LSWtqt
> dYobXYwBJPulQNwferWP
> =9Mhl
> -----END PGP SIGNATURE-----

-- 
Peter Eckersley                            pde at eff.org
Senior Staff Technologist         Tel  +1 415 436 9333 x131
Electronic Frontier Foundation    Fax  +1 415 436 9993



More information about the Observatory mailing list