SSL certificate acquisition for trust breaking

Fake certificates can be acquired by legal process or coercion. Or, an adversary can trick a Certificate Authority into issuing a certificate. These fake certificates can be used as a part of Man-in-the-Middle attacks. [1]

ID: T1338

Tactic: Establish & Maintain Infrastructure

Version: 1.0

Detection

Detectable by Common Defenses (Yes/No/Partial): No

Explanation: The certificate authority who is hacked cannot easily see they've been compromised, but [https://www.google.com Google] has caught on to this occurring in previous attacks such as DigiNotarDigiNotar2016 and [https://www.verisign.com Verisign].

Difficulty for the Adversary

Easy for the Adversary (Yes/No): No

Explanation: One example of it occurring in the real world is the DigiNotarDigiNotar2016 case. To be able to do this usually requires sophisticated skills and is traditionally done by a nation state to spy on its citizens.

References

  1. Ryan Singel. (2010, March 24). Law Enforcement Appliance Subverts SSL. Retrieved March 2, 2017.