Controversial Surveillance Firm Blue Coat Was Granted a Powerful Encryption Certificate

Joseph Cox, reporting for Motherboard (edited for clarity): A controversial surveillance company called Blue Coat Systems -- whose products have been detected in Iran and Sudan -- was recently issued a powerful encryption certificate by Symantec. The certificate, and the authority that comes with it, could allow Blue Coat Systems to more easily snoop on encrypted traffic. But Symantec downplayed concern from the security community. Blue Coat, which sells web-monitoring software, was granted the power in September last year, but it was only widely noticed this week. The company's devices are used by both government and commercial customers for keeping tabs on networks or conducting surveillance. In Syria, the technology has been used to censor web sites and monitor the communications of dissidents, activists and journalists.Blue Coat assures that it is not going to utilize the certificates to snoop on us. The Register reports: We asked Blue Coat how it planned to use its new powers -- and we were assured that its intermediate certificate was only used for internal testing and that the certificate is no longer in use. "Symantec has reviewed the intermediate CA issued to Blue Coat and determined it was used appropriately," the two firms said in a statement. "Consistent with their protocols, Symantec maintained full control of the private key and Blue Coat never had access to it. Blue Coat has confirmed it was used for internal testing and has since been discontinued. Therefore, rumors of misuse are unfounded."

LOL! Sure, whatever you say!

[JustAnotherOldGuy]

"Blue Coat assures that it is not going to utilize the certificates to snoop on us."

Oh, heaven forbid, I'm sure any concern about this is just due to paranoia.

No way anyone would ever misuse power like this, and certainly not a company that sells web-monitoring software. Why, the very thought is just too silly to contemplate!

*cough*

Re:LOL! Sure, whatever you say!

It's not a wildcard certificate, it's a certificate-signing-certificate, that effectively makes them a Certificate Agency. It's not a browser-trusted certificate so any site using a certificate signed by it would also have to have Synamtec's certificate (which is a trusted certificate) presented as part of a trust chain in order for your browser to trust it (which is actually standard procedure for a lot of certs like Comodo or SSL Everywhere). In some ways this makes it worse: if it was a root certificate you could disable it in your browser. To block it you have to disable Symantec's cert and lose trust in all the other certs Symantec signed.

People are downplaying it because if they tried to spoof a site like google, chrome's built in certificate list would catch it immediately. Spoofing any of the millions of certificates that have not been pinned is fair game.

Re:Simple question

[The+MAZZTer]

If they were using it for internal use, and all the PCs they were using it with were under their control, they could have easily made their own certificates that would be limited in use to their own PCs only. So why ask for a certificate that can spoof any website and will be trusted by every PC?

Remove the Symatic Root CA

I'd say the Symantec root CA should be removed from browsers. Only substantial action will teach them to take their great responsibility as a CA seriously.

Re:Simple question

[sjames]

Simple answer, because the tinfoil hat club has been proven right over and over again in the 21st century.

Sad but true.

the certificate system does not provide security

not real security anyway. it may suffice for everyday mundane purposes for the little people, but people who need real security all use self-signed certificates and the corresponding cumbersome process to exchange them.

Re:Simple question

[whoever57]

Simple answer, because the tinfoil hat club has been proven right over and over again in the 21st century.

I don't think that the tinfoil hat club has been right. In fact, the surveillance and control has been worse than most claims of the tinfoil hat club.

Re:inflamatory headline is inflamatory

[KiloByte]

if your NSM can't see SSL then you don't have NSM.

It's the other way around: if your SSL doesn't protect you from some crap MITM box, then you don't have SSL.

If you say that a company should be able to snoop on all connections of their employees, that's trivial to do. Just install the company's CA root on every employee's machine. But you want to do this to innocent third parties, don't you? Tough cookies then. I see no legitimate reason for SSL interception without the owner's consent. Ever.

Wrong subject

[bugs2squash]

This story isn't about Bluecoat per se, it's a story about Symantec selling out our trust - I have no reason to believe that they have not sold out to so to many other companies and regimes and organizations beside Bluecoat.

For a company that trades on being trustworthy they sure know how to destroy confidence.

Re:Wrong subject

[Mondragon]

Since when has Symantec (or any CA) been trustworthy?

Why do you place any trust in them? Do you know who their directors are? Do you trust these people? Why?

Re:Understanding PKI

[jaseuk]

You will get a warning if you visit using Chrome or any other browser that supports key pinning / Strict Transport Security (HSTS). There are enough people using Chrome/Firefox for this to be an early warning system.

Jason

This is not a story

[Mondragon]

There are over 650 entities across the globe that can sign SSL certificates for any domain they want. For less than 6 figures USD you can buy an intermediate cert yourself. Not to mention that unless you ask for something like google.com or something similarly high profile, you can just *buy* a site certificate for sites you don't own from less-than-thorough CAs.

How is it special that Bluecoat can sign their own (maybe - assuming Symantec is not to be believed on who had the keys)? Most of the government actors they sell their products to *already* have their own CA that OSes and browsers trust, and thus can just use their own.

The global CA system is a hopelessly broken part of SSL for web sites (SSL is fine in general, and if you're using it to secure your own sessions with your own certs, everything is basically good otherwise), and being shocked about some non-story is not helping. Using SSL on the web means that you have placed permanent and absolute trust in everyone who controls a root, and everyone who they ever issued an intermediate signing cert to. That's not sane.

Watching the watchers

[geekmux]

Is it just me, or does it seem awfully odd that we have targeted recipients of these types of certs, while seemingly ignoring the issuer, assuming they would never be involved in misuse or abuse of certs?

In other words, who's watching the watchers? Do Symantec employees go through an extensive background investigation (to include financials to prevent coercion), polygraph testing, and subjected to massive audits? If not, given the power they wield, why?

Re:Watching the watchers

Symantec's Certification Authority personnel (as opposed to say, some lass who answers the phone on the front desk) will be operating according to a three ringer binder, and the procedures in that binder are subject to audit by their external auditors. For Symantec that auditor is the management consultancy KPMG.

Some of what's in the three ring binder will be set out in the CP / CPS documents published on their web site, the rest isn't, but typically

* Background check - yes
* Polygraph - probably not, unless the rule was written by Americans, because nobody else is still believing in fairies, father Christmas or Polygraph tests

The trust stores (Mozilla for Firefox and NSS, Microsoft for Windows, Apple for MacOS / iOS, Google to some extent for Android, Oracle to some extent for Java, and a handful of minor players of no consequence) require that they be shown the audit documents once per year for each CA root key they trust. Microsoft requires them to be posted as physical documents, Mozilla doesn't because frankly who wants to read physical documents anyway? The big audit society runs a (HTTPS of course) web site where auditors can upload documents to "prove" they're real and then they are readable by anyone. So you (and any other Firefox user) can read the audit reports shown to Mozilla and see for yourself.

A non-corporate group the CA/Browser forum exists for the CAs and the browser vendors (as major trust store owners) to negotiate new rules. It was created to give a seal of approval to EV, those certificates that make the green bar with the brand name in it work. It now also manages the Baseline Requirements for ordinary (non-EV certificates) too. The BRs say things you'd think were obvious, except nobody did them until relatively recently. Examples:

* Hey, let's not have website certs that last 10 freaking years. What lasts 10 years? Not a US President, not most DotCom businesses, not much. So no more of those. Ever. Let's try 5 years.
* Actually make that 3 years now we think about it. What kind of garbage certificates did we have 5 years ago? Yeah, no, 1024-bit RSA and "Server Gated Crypto" garbage, let's make it no more than 3 years
* If you say you know the name of the business the certificate is for, you need to really know. Not like "Oh, I misheard on the telephone". Get paperwork, check it. Or don't write the name of the business in the certificate.
* Also, there are a lot of companies called "Big Al's Burgers". Write which one it is. Check which one it is. Put the country, state and city of registration.
* Don't issue certificates for local names like "server4" and "webmail". Who owns those? Nobody. Anybody. Stop selling this crap.
* While we're on the subject, don't issue for 127.0.0.1, or 10.1.2.3, or you know, any RFC1918 or similar reserved address. You. Idiots.
* And that goes for foo.corp. Is .corp a TLD on the Internet? No it is not. So don't issue for that name using a public CA that's trusted for the Internet
* .Int is a real TLD. But it is not "for like, our internal stuff". It's for international organisations like ISO. So if you issue a cert for .Int, it better be to someone who controls the .int domain you issued for, understand?
* Raising things to the power 1 is not raising them at all. A "key" with the exponent set to 1 is not a safe key. Do not issue for that. Again, you idiots. ... and it goes on. But my point is, this was an utter quagmire, and it has been improving. Rather than saying "Oh my, this is awful, we should abandon it and just use self-signed certificates everywhere, I'm sure that will be safer" (ha, no real users will check those certificates) we should acknowledge that there is a long way to go, but we already started on the right route and we need to continue.

Re:Understanding PKI

[aaarrrgggh]

From what I understand, HSTS does not provide protection from a trusted certificate, it just prevents ssl stripping proxies.

Re:Simple question

[E-Rock]

Except if you're scanning your company machines, you can do exactly what the OP said Blue Coat should have done. Issue your own cert, and make all your workstations trust it.

Re:Bullshit

[KiloByte]

The article uses dumbed-down speech for normals in a way that's confusing to us. For Slashdot crowd, it'd be better to say "wildcard intermediate CA" outright -- most readers will understand, the rest can blargh the meaning from context and comments.

Re:Understanding PKI

[KiloByte]

Key pinning works well only for google.com and a handful of other sides that are hardcoded in Chrome (and I think Firefox too). Enabling HSTS is a security/privacy hole so that's no answer.

It will be an Intermediate Certificate

[ytene]

The linked article in the OP is a little vague, but based on my knowledge of the way that Symantec's certificate business is configured, I suspect it might actually be an Intermediate Certificate.

Basically the way this works is that Symantec have one single "Master" certificate, aka the "Root Certificate" for the CA. However, instead of using this one single digital key to sign all the certificates that all of Symantec's clients request, they actually use a series of "Intermediate Certificates". Think of this like a directory hierarchy with a root folder, some Top Level Directories, then a bunch of directories below that. Same deal.

This structure allows Symantec to grant the right to sign certificates based on logical groups or clusters; it also allows them to "bulk disallow" everything signed by the intermediate certificate by revoking that one file. Obviously, as the OP pointed out, an Intermediate is still allowed to "sign" certificates, with those produced having the full authority of being produced by Symantec.

What this would allow BlueCoat to do would be to sign any number of certificates as if they were signed by Symantec themselves. Bearing in mind, as others have pointed out, that BlueCoat sell filtering proxy servers and SSL interceptors, what this would allow them to do would be to effectively run "official" MitM (Man in the Middle) interceptions, in a pretty-much indetectable way, against any web site that uses Symantec Certificates.

There's quite rightly a fair bit of alarm in many posts here, suggesting that this would allow BlueCoat to spy on end users. However, the most likely scenario is that BlueCoat are using the certificates to upgrade the capabilities of their corporate proxy/filter/accelerator products for their large corporate clients. Big companies have a major issue with the leakage of proprietary information being sent off-network under the guise of SSL traffic; there are all sorts of malware packages that use SSL to communicate with their CNC hosts... In other words, there are many companies that want to have the ability to monitor even the SSL-protected traffic generated by their employees when those individuals access the web. I love a good conspiracy theory as much as the next tekkie, but in this case I suspect the actual implementation is only really of interest to you if you work for a large corporate and they haven't actually *told* you that they are doing this.

However, as other posters have pointed out, this isn't the whole story; this technology can be placed elsewhere in the network, for example within an ISP infrastructure, so it can equally easily be used to monitor private individuals.

So, if you don't want your colleagues in SecOps [at work] to know what you've got in your bank account, don't log into your online banking from work...

I'm not entirely sure of this, but because this specific story relates to Symantec certificates [i.e. the old Verisign business] I don't think the impact would be quite so relevant if you use certs from elsewhere. For maximum security, of course, I guess you could simply download OpenCA, build an air-gapped machine, install and run the OpenCA on something not connected to any other network, and get your signed certificates to the outside world by installing a CD-R burner on your CA hardware and then cutting a CD or DVD each time you create a certificate. Yes, you could use a USB key if you really wanted to, but since we all know how easy it is to infect a thumb drive, that doesn't make any sense.