Discussion

The digital certificates have proved its worth by becoming an essential aspect of internet security. In the year of 2011, an Iranian hacker known with the name of Ich Sun hacked an Italian reseller website comprising of the Comodo’s authentic certificates. The hacker breached into the reseller’s account to use his credentials and requested Comodo for the authentic digital certificates (LOO 2017). After that, it replicated those certificates and manipulated each of them so that it resembles the original certificates. The aim of this report is to discuss the IT security problems regarding the Comodo certificate hack and recommend effective solutions in order to mitigate the problem.

On March 23, 2011, an Iranian hacker named Ich Sun hacked into the account of an Italian reseller comprising of the Comodo’s authentic digital certificates and was successful in replicating those certificates (Zheng 2013). The hacker according to his own desire then manipulated the replicated certificates for which many of the websites along with the information stored in those websites were affected and eventually got susceptible to further threats. Many organisations that run on transactional events were affected due to such breach. An undesirable third party of the concerned hacking issue tampered with the Secured Sockets Layer or the SSL of the company website.

In this case, the Comodo incorporation issued nine fraudulent certificates unknowingly when the hacker breached the registration authority of Comodo. This enabled the attacker to imitate some major servers and websites. A registration authority or RA is a body in a network that engages in verifying the user requests for a digital certificate and forwards it to the certification authority or the CA for issuing that particular certificate (Kaliyamurthie 2013). As the small enterprise was based on the several transactions, it was the hugely affected due to the fraudulent certification. It was seen that the transaction never happened directly between the company and the client. There was a third party involved in between the company and the clients. The resulted transaction had some of the percentages lost during the whole process. As the problem was detected a lot later, the clients were the first to be affected by the transactional mishap. Due to this reason, the company had to lose a lot of its shares in the commercial market that in turn had a negative impression on the company’s reputation.

Secured transactions mostly take place between the company and the client’s bank account where the transaction taking place is purely based on the trusted certificates that are issued by corporations like Comodo. By the time the transactional loss of the company was detected  a lot of its client credentials had been breached and the attacker got the possession of the clients’ usernames and passwords. The company actually suffered an identity theft when it was exposed to face security threats in the form of trusting fraudulent certificates. When the attacker got hold of the original certificates issued by Comodo, he tampered the targeted certificate with DNS or Domain Name System with redirected traffic to the fraudulent website with fraudulent digital certificates (Eastlake 2013). The overall business in 2011 was affected due to this attack in a single day. Not only the transaction process or the bank accounts were affected due to the attack, but also several email websites fell in the grasp of the attack that mainly included giants like the Gmail, Yahoo!, and Hotmail. Valuable information within the company was misplaced and the clients of the company suffered the loss. The loss in valuable information resulted in the building up of trust issues and undesirable miscommunication between the company and the clients. However, it was restored later.

Description of the IT security problem

The fraudulent activities in the replication of the digital certificates issued by Comodo Corporation led to several security problems. Some of the major security problems that rose due to the fraudulent hacks in the digital certificates include impersonation of login credentials, spying without permission, vending false certificates, monetary thefts and vulnerability to cyber attacks.

Impersonation of login credentials is the prime problem that arises due to the hacking of the digital certificates. The login credentials of a certain user or a company may be used by unauthorized sections to access certain valuable information that may be harmful to the company or the concerned client. The information gathered with the help of unauthorized credentials may be used for illegal purposes for which the person may be held responsible (Jana and Bandyopadhyay 2013). Besides that, the login credentials may also be used to address websites with false identification to get access to the information on the website and later use them according to one’s needs. Spying without permission is another problem that may arise due to the hacking of digital certificates. In this problem, generally, a spyware is injected into the system as the socket layers of the network are left exposed (Giannetsos and Dimitriou 2013). The injected spyware may then keep on spying the activities and report it to its server from time to time. Spywares may also steal confidential information used in banking sites, email accounts, social networking sites and online games. The most alarming part of a spyware in the system is that the dedicated spyware is that it persists in the system undetected.

Another problem in the system that may arise with the fraudulent activities in the digital certificate authorization is the vending of fraudulent and bogus certificates. The original digital certificates issued by the registration authority may be manipulated and modified according to the hacker’s need (Heer and Varjonen 2016). Replicating those certificates will allow the hacker to have the capability of breaching through the user’s portal or user account. False certificates also perforate the security layer of the network through which a particular transaction is taking place. The fraudulent activities of the digital certificates are also harmful in the monetary transactions. Due to the false certification of the websites, the accounts are susceptible to online threats in the form of financial fraud and overdrawn amounts. Other monetary thefts include the exposure of card details like the card number and the card password. Monetary thefts due to fake digital certificates are on the rise in today’s world. Last but not the least, the fraudulent activities of the digital certificates also increases the vulnerability to several types of cyber attacks. The general types of cyber attacks include the Distributed Denial of Service or DDoS attack, injecting malware into the system, deep rooting a ransom-ware into the system and presenting the system with the intrusion of worms that mainly responsible for corrupting the internal features of the system (Yan and Yu 2015). The cyber attacks are increasing in today’s system and need to be minimized with the maintenance of certain protocols and secured guidelines.

Major security problems

We know prevention is better than cure. The damage done by a hacker can never be undone. The only remedy to combat these situations is by tightening the security to these loose ended networks. The slightest of prevention will give a primary resistance to these hackers to whom the resistance is being offered to. There are several ways to prevent the above mentioned problems faced due to the fraudulent of digital certificates issued online. These solutions are as follows: staying updated, tightening the access control, updating at regular intervals, tightening the network security, installing a website application firewall and installing security applications.

Staying updated with the latest security that a company or a user can take to prevent the certificate hacks (He, Zhang, and Vittal 2013). Updating the security helps to avoid the prying eyes of the hackers. Having a basic knowledge of certificate hacks and cyber threats in the modern days may be helpful in preventing the cyber threats.

The administrative section of the website is the main section of the website that the company or a user has kept for an external view. Alarming the clients and employees about the usage of strong usernames and passwords may allow to tighten up the access control (Balsa 2014). The company or the user may also indulge in the changing the default database prefix from wp6_ to something else that cannot be guessed too quickly. Besides that, the number of login attempts should also be limited.

Although it costs money for software, it is a wise decision for the companies to update everything from time to time. The companies or the users are too reluctant in updating the necessary items for which they have to face hacking threats (Stalling 2017). Delaying an update exposes a particular website to hacking threats for which it is essential to update the site itineraries at regular intervals.

Tightening up the network security is another major solution through which the hacking threats of the digital certificates can be mitigated. As the small companies use an easy access route to the website servers, it is essential to entail login expiries at regular intervals (Rhodes-Ousley 2013). Along with that, it is also important to use encrypted SSLs for transferring information between the website and the concerned database.

To provide added security to the personalized or commercial network, it is important to engage in the installation of the website application firewall. It is a software or hardware that stands between the website server and the data connection to have close surveillance of precise data. The firewall helps in blocking the hacking threats along with the number of spams made during a certain period.

Installation of the security applications is another major preventive measure that can help the company or the user to prevent cyber threats in the form of digital certificate hacks (Lee, Lee and Han 2013). The paid versions of this software help to provide prevention to the website in subscription basis plan. The free plugins offered with the software also helps to get an added advantage.

In order to prevent future hacks of the digital certificates, both the company and the clients can undertake certain guidelines through which they will be benefitted. These actions from their ends will help them to protect their valuable data by eliminating the possibility of digital certificate hacks or the perforation of the security sockets layer (Rewagad and Pawar 2013). This list of guidelines includes the installation of the website application firewalls, installation of security applications, tightening up the access control and network security and using a more encrypted SSL (Lin 2013). Installation of the website application firewall will enable the website to prevent hacking threats and spam outrages. Installation of the security applications will help the website to tighten up the security of both the server and the database. With encrypted SSLs, websites will be able to build a shield against all kind of online cyber attacks and predetermined spying (Rid and Buchanan 2015). These are some of the measures for the company and its clients.

Conclusion

This to conclude that this report is comprised of the fraudulent activities regarding the digital certificates issued by Comodo Corporation in accordance with a hack in 2011. This attack was led by a single Iranian hacker named Ich Sun. The description of IT security problems regarding this issue governing a small company has been discussed along with the major security problems due to the certificate hacks. In addition to that, a proposed solution has also been mentioned which could have been used to avoid the issue. This solution is helpful for the company to stay alert and tighten the security in the future.

References

Balsa, E., Brandimarte, L., Acquisti, A., Diaz, C. and Gurses, S., 2014. Spiny CACTOS: OSN users attitudes and perceptions towards cryptographic access control tools.

Eastlake 3rd, D., 2013. Domain name system (DNS) IANA considerations (No. RFC 6895).

Giannetsos, T. and Dimitriou, T., 2013, April. Spy-Sense: spyware tool for executing stealthy exploits against sensor networks. In Proceedings of the 2nd ACM workshop on Hot topics on wireless network security and privacy (pp. 7-12). ACM.

He, M., Zhang, J. and Vittal, V., 2013. Robust online dynamic security assessment using adaptive ensemble decision-tree learning. IEEE Transactions on Power systems, 28(4), pp.4089-4098.

Heer, T. and Varjonen, S., 2016. Host identity protocol certificates (No. RFC 8002).

Jana, D. and Bandyopadhyay, D., 2013, September. Management of identity and credentials in mobile cloud environment. In Advanced Computer Science and Information Systems (ICACSIS), 2013 International Conference on (pp. 113-118). IEEE.

Kaliyamurthie, K.P., Udayakumar, R., Parameswari, D. and Mugunthan, S.N., 2013. Highly secured online voting system over network. Indian Journal of Science and Technology, 6(6), pp.4831-4836.

Lee, S.W., Lee, J.I. and Han, D.G., 2013, October. A study of the threat of forgery of certificates issued online. In Security Technology (ICCST), 2013 47th International Carnahan Conference on (pp. 1-5). IEEE.

Lin, C., He, J., Zhou, Y., Yang, X., Chen, K. and Song, L., 2013, August. Analysis and identification of spamming behaviors in sina weibo microblog. In Proceedings of the 7th Workshop on Social Network Mining and Analysis (p. 5). ACM.

LOO, W.S., 2017. Digital certificates: success or failure?.

Rewagad, P. and Pawar, Y., 2013, April. Use of digital signature with diffie hellman key exchange and AES encryption algorithm to enhance data security in cloud computing. In Communication Systems and Network Technologies (CSNT), 2013 International Conference on(pp. 437-439). IEEE.

Rhodes-Ousley, M., 2013. Information security: the complete reference. McGraw Hill Education.

Rid, T. and Buchanan, B., 2015. Attributing cyber attacks. Journal of Strategic Studies, 38(1-2), pp.4-37.

Stallings, W., 2017. Cryptography and network security: principles and practice (p. 743). Upper Saddle River, NJ: Pearson.

Yan, Q. and Yu, F.R., 2015. Distributed denial of service attacks in software-defined networking with cloud computing. IEEE Communications Magazine, 53(4), pp.52-59.

Zheng, Z.J., 2013. Certificate Authorities.