If you think the “HTTPS” in your address bar means you’re safe. You’re wrong.
The most secure sites are still subject to possible “man in the middle” (MiTM) attacks. For a few years now, there have been several vulnerabilities found in HTTPS protocol. HTTPS status is granted by an SSL (Secure Socket Layer) certificate and thought to be the most secure connection online. This is the certificate granted to any company who pays and that certificate is supposed to guarantee a secure encryption protocol to the users of the website. Ironically, this can be reproduced by an attacker who intercepts the communications between the end users and provides a falsified certificate.
Most recently, “Symantec” was caught in a rogue certificate scandal with “Google”. Bottom line is that if a person can replicate or reproduce a certificate that looks genuine, your thought to be privacy is out the window.
Symantec issued “Google” certificates to someone other than “Google”
This happened mid September 2015, and Google engineers happened to stumble upon the fake certificates during their regular security checks. Symantec has since fired the employees involved in the scandal. This goes to show the public that no matter how large the company, even “Google” can be vulnerable due to mistakes made at other large corporations like “Symantec”. Who would have thought?
The NSA purposely produces fake SSL certificates
Privacy advocates have succeeded in convincing Google, Facebook, Apple and other companies to turn on SSL for all of their users on all of their pages (not just the homepage), but the new disclosures suggest that the effort could be futile against the NSA.
This is not directly exposed in any NSA document, but there are companies out there selling SSL proxy programs that do just that. These can be set up by the companies you are communicating with (ie. Google, Facebook, etc..) or even your employer. Data does suggest that even without the companies consent, the NSA or any attacker could still get in the middle of the communication and intercept the encrypted data.
The NSA compelled many companies to do this through secret court orders.
The NSA was exposed by Edward Snowden in recent years for much of what is called “mass surveillance”. Although, in part of this dumping of sensitive NSA data and program practices was the “BULLRUN PROJECT”.
How does SSL interception work?
The SSL proxy intercepts traffic between your computer and the Internet. When you surf to a “secure” site, it, and not your browser, get the real Web server certificate and handles setting up a perfectly good SSL connection between it and the Web server. The proxy then sends you a digital certificate, which looks like the Web server’s certificate, and sets up a “secure” connection between your browser and the proxy.
If your company has set up the proxy correctly you won’t know anything is off because they’ll have arranged to have the proxy’s internal SSL certificate registered on your machine as a valid certificate. If not, you’ll receive a pop-up error message, which, if you click on to continue, will accept the “fake” digital certificate. In either case, you get a secure connection to the proxy, it gets a secure connection to the outside site — and everything sent over the proxy can be read in plain text. Whoops.
Now if your company can do this at your business’ firewall couldn’t the NSA do something like this at a tier-one ISP? At a major company’s Web hosting facility? I don’t see why not. After all the NSA set up Room 641A at what was then AT&T’s 611 Folsom St. building in the mid-2000s for surveillance.
Stop the NSA from Spying on You
Follow the steps outlined in this article to become anonymous online. If you would like to make mobile phone calls anonymously, read this article and follow the steps. The Real Strategy is constantly looking for ways to leverage technology in the peoples favor. This information is completely free, as are the solutions.
You may also like: