SSL certificate acquisition for trust breaking
Fake certificates can be acquired by legal process or coercion. Or, an adversary can trick a Certificate Authority into issuing a certificate. These fake certificates can be used as a part of Man-in-the-Middle attacks. 
Tactic: Establish & Maintain Infrastructure
DetectionDetectable by Common Defenses (Yes/No/Partial): No
Explanation: The certificate authority who is hacked cannot easily see they've been compromised, but [https://www.google.com Google] has caught on to this occurring in previous attacks such as DigiNotarDigiNotar2016 and [https://www.verisign.com Verisign].
Difficulty for the AdversaryEasy for the Adversary (Yes/No): No
Explanation: One example of it occurring in the real world is the DigiNotarDigiNotar2016 case. To be able to do this usually requires sophisticated skills and is traditionally done by a nation state to spy on its citizens.
- Ryan Singel. (2010, March 24). Law Enforcement Appliance Subverts SSL. Retrieved March 2, 2017.