Analyzing The Comodo Certificate Fraud Hack: Security Risks For Small Business Networks

Learning Outcomes

This assessment assesses the following Unit Learning Outcomes (ULO) and related Graduate Learning Outcomes (GLO):

ULO1 – Describe approaches to computer security including access control, identity verification and authentication in order to minimise cyber attacks on a system.

ULO2 – Compare and contrast different types of cryptography including current cryptographic algorithms and their applications.

ULO3 – Apply principles of public key cryptography to achieve secure communication networks by using digital certificates and digital signatures in compliance with industry standards.

Part A: Technical report

Choose one of the three organisations outlined above. You will need to research the Comodo certificate fraud hack in detail and analyse the security risks that it presents to the organisations you represent. You will then need to present a cost effective, feasible and welljustified solution to ensure the security of your computer network.

Part B – Oral presentation

In addition to the development of a written report, you will need to deliver an oral presentation discussing your report. Your presentation should introduce your scenario, describe the IT security issues that you have identified and you recommendations to resolve them.

Your oral presentation must last between seven and eleven minutes in duration. You will present to your peers using a slide pack created by you to guide and engage your audience. The slide pack will contain a minimum of five and a maximum of ten slides.

The Comodo Certificate Fraud Hack

The purpose of this report is to demonstrate and analyze the Comodo certificate fraud hack to identify the security risks associated with an organization that maintains a network of a series of small business clients. The report will analyze the security issues that led to the Comodo certificate fraud leading to the fraudulent issue of 9 SSL certificates in 7 domains [10]. Although the attacks could be detected within hours, and the certificates issued were revoked immediately, the attack unveiled the different security issues that needed urgent attention [1]. The report aims in discussing the major IT security problems that exposes an organization in different vulnerable situations.

On March 2011, the Comodo certificate fraud hack broke in issuing 9 SSL certificates fraudulently. The hack although could be identified within a few hours, it established the need for urgent security attention in the organization. Soon after the certificate hack the Comodo root keys and the intermediate hardware were compromised. This attack was promptly reported as well. After the initial attack on 15 March, an intrusion was detected in a reseller account of Comodo. The security measures that were enforced after the attack were not enough to eliminate the subsequent attacks. In the Comodo certificate fraud hack, an attacker could gain an access to the username and password of a trusted partner of Comodo in Southern Europe [11]. Therefore it can be commented that there must be a serious security IT security issue in Comodo that led to the failure of the project. It was found out that the hacker was still using the Comodo partner account and it can be assumed that the attacker intended to target the other domains as well.

However, as soon as the hack and the data breach were discovered, the remediation efforts began and the certificates that were fraudulently issued were revoked back [5]. In this way the web browsers were prevented to use the fraudulently issued certificates. Apart from that an additional audit and control were enforced to eliminate the effects of the data breach.

As a control mechanism, the IP address of the initial attack was recorded to reveal the source of the attack. It was revealed that two IP addresses were assigned to the Iranian ISPs [9]. These incidents indicate that the attacks might have originated in Iran. However, the attack could be detected on time and thus the effect could be reduced. The incident report of Comodo certificate fraud hack suggests that the attacker was well prepared about the attack and planned its targets quite intelligently.

IT Security Risks and Vulnerabilities

The analysis of Comodo certificate fraud hack therefore reveals that it is essential for the organizations to consider the different aspects of security risks that an organization or its employees might face [14]. In this context, the security issues associated with the organization operating with a network of clients will be analyzed. The Comodo certificate fraud hack was significant since with this attack, the attacker fraudulently issued SSL certificates. SSL certificates are needed for validating the legitimacy of a website to the browsers that assures the users that they are dealing with a legitimate site. The SSL certificates in a website further establishes the fact that the traffic between the browsers and the website a user is browsing is encrypted [13].  The attack was said to be politically motivated and it was speculated that the Iranian government was probably behind the attack. It is speculated that the Iranian government could have used the certificates in duping the anti-government activists in believing that they were legitimate sites, for example Yahoo mail.

Followed by the incident, an Iranian hacker has claimed the responsibility of the certificate hack against Comodo that provided an insight about the process by which a highly profile hack might be pulled off. The forged certificates that were issued created a means for the hacker to pose for a man in the middle attack or certain phishing attacks [12]. Comodo was quick enough to revoke the fraudulently issued certificates yet it gives rise to a criticism against the firm in putting too much trust in the resellers [2]. The process of issuing the certificated directly from the root could have eliminated the risk.

Although it was speculated that the Iranian government was associated with the attack, the hacker claimed that he acted alone in the attack and was not associated with the Iranian Cyber army or hacking cadre [8]. The attack therefore unveils that there are a number of security risks associated with an organization that operates and involves an online transaction system [4].  The different IT security risks associated with the organization that maintains a network or series of small business clients receiving payment from government are discussed in the following section.

A contractor is responsible for maintaining a network of small business clients receiving payment from government for the services they offer. It is the responsibility of the contractor to provide secure services to the clients as the clients are responsible for maintaining the confidentiality of the information that they are receiving from the government.

Security Risks Associated with Small Business Networks

The Comodo certificate hack unveiled a number of security risks and issues associated with TSL and SSL certificates and beyond [7]. The security risks associated with any online operation is increasing mainly because the hackers in a digitally pervasive and connected environment are increasing as well. The Comodo certificate hack gives rise to a significant question about the security of digital certificates [3]. Since the clients of the contractor receives confidential information from the government, the use of digital certificates in such transactions is mandatory, any risk in the digital security certificates might give rise to a man in the middle attack.

Hack of SSL certificates and issue of such fraudulent certificates are a significant risk since the user visiting a secure website feels free to share the confidential details with the site assuming that the information shared will be encrypted [6]. However, if in any case, the SSL certificates are hacked or a digital certificate is hacked, it might give rise to a man-in-the middle attack.

The security certificates are considered to be a trust worthy factors because it asks for a strict validation of payment and identity proof which prevents an attack by the hacker. Now in this case, if the certificate gets hacked, it will give rise to a huge data security risk. The users will continue to visit the website assuming it to be safe while in real sense it is not and it will expose the data entered by the users in the forged website. Since the clients of the organization deals with the exchange of confidential data with the government, the hack of the security certificates might result in the loss of the confidentiality of the data which cannot be afforded.

Apart from the risk of hacking into the digital certificates, the use of internet while exchanging the confidential data possesses a number of security risks.  One of the causes of security risk associated with the online data exchange is improper patch management. It is one loophole that the hackers make use of in order to get an access to a particular information system.

One of the significant security risks that is associated with the organization is that the contractor maintains the networks of a series of small business clients who often use their own devices. The employees of the small business might use their own device while in exchanging data with the government. The presence of malware or viruses in those devices might result in a data security risk. The personal devices of the employees might not have a same level of security that is maintained within the network thus posing an IT security risk.

Solutions for Eliminating Security Risks

Since the contractor is maintaining a network of small business clients, any security risk in one network might risk the other networks as well. Therefore it is needed for the organization to enforce improved security in the organizations and the network. The solutions for eliminating the data security risks and the risks of certificate hack from the organization are discussed in the following section.

In order to eliminate the data security risks from the organization, it is needed to enforce up to date security in the network to eliminate the risks such as certificate hack or man in the middle attacks. In order to ensure the same, an up to date security for the organization is to be adopted so that the contractor can guarantee a secure service to the clients who receive confidential information from the government sources. The SSL certificate hack poses a huge security threat to any organization that makes use of internet in their daily operation. In order to ensure secure online transaction it is recommended for the organization to involve a better software system to eliminate the security risks. Furthermore, the contractor should ensure that the data that is being shared is encrypted in order to reduce the data security risk.

Another significant data security issue associated with the organization is the use of personal device of the employees. This must be checked in order to reduce the chances of information loss from those devices by hacking into the device.

Another security measure that can be enforced involves the use of an up to date antivirus to protect the clients from some major security and IT threats including the security of the network [15]. The Comodo certificate hack could be imposed as the hacker could gain an access to the username and password of one of the officials associated with the organization. This is one of the majorly used cybercrime tactics. In order to eliminate the problem, it is essential to impose an accurate security. Phishing is one of the main causes of data security risk in the devices and the network of a particular organization. The phishing attacks are generally conducted via emails asking the users to click on malicious links. It is essential to enforce proper firewall control that will filter the spam mails.

Apart from these, the contractor is needed to ensure an up to date security in the services provided. On addition to that, the contractor should ensure regular and accurate patch management [16]. The contractor should limit the access to the network only to some trusted individuals thus eliminating the chances of internal privilege misuse.

Conclusion 

The report discusses the Comodo certificate Authority Fraud hack and the security risks that are exposed by the data security attack. Since the contractor is responsible for maintaining a network of series of small business clients. It is essential to ensure security of the transactions performed by the clients. The report discusses the various data security and IT risk that the organization might face and recommends solutions to eliminate the data security risks. A secure online transaction can be enforced by making use of an up to date security application such as antivirus and firewall.

References 

[1]. Roosa, Steven B., and Stephen Schultze. "Trust darknet: Control and compromise in the internet's certificate authority model." IEEE Internet Computing 17, no. 3 (2013): 18-25.

[2]. Zetter, Kim. "DigiNotar files for bankruptcy in wake of devastating hack." Wired magazine, September (2011).

[3]. Prins, J. Ronald, and Business Unit Cybercrime. "Diginotar certificate authority breach’operation black tulip’." Fox-IT, November (2011).

[4]. LOO, Wai Sing. "Digital certificates: success or failure?." (2017).

[5]. Zheng, Z.J., 2013. Certificate Authorities.

[6]. Gregory, Mark A., and David Glance. "Hacking." In Security and the Networked Society, pp. 3-49. Springer, Cham, 2013.

[7]. Kasten, James, Eric Wustrow, and J. Alex Halderman. "Cage: Taming certificate authorities by inferring restricted scopes." In International Conference on Financial Cryptography and Data Security, pp. 329-337. Springer, Berlin, Heidelberg, 2013.

[8]. Stallings, William. Cryptography and network security: principles and practice. Upper Saddle River, NJ: Pearson, 2017.

[9]. Huang, Zhengan, Shengli Liu, Xianping Mao, Kefei Chen, and Jin Li. "Insight of the protection for data security under selective opening attacks." Information Sciences 412 (2017): 223-241.

[10]. which revoked Diginotar’s, Thunderbird. "Iranian hacker brings down Dutch Certification Authority." Computer Fraud & Security (2011).

[11]. Ryan, Mark Dermot. "Enhanced Certificate Transparency and End-to-End Encrypted Mail." In NDSS. 2014.

[12]. Stallings, William. Cryptography and network security: principles and practice. Upper Saddle River, NJ: Pearson, 2017.

[13]. Singla, Sanjoli, and Jasmeet Singh. "Cloud data security using authentication and encryption technique." Global Journal of Computer Science and Technology (2013).

[14]. Ryan, Mark Dermot. "Enhanced Certificate Transparency and End-to-End Encrypted Mail." In NDSS. 2014.

[15]. Gregory, Mark A., David Glance, and Margaret Gardner. Security and the networked society. Springer, 2013.

[16]. Zhu, Quanyan, Miles McQueen, Craig Rieger, and Tamer Basar. "Management of control system information security: Control system patch management." In Proc. Workshop Foundations Dependable Secure Cyber-Physical Systems, CPSWeek, pp. 51-54. 2011.