On Wednesday, April 25, 2018 at 10:33:59 AM UTC-7, Matthew Hardeman wrote: > Also, during the period of the attack, they were using a self-signed > certificate. > > As yet there's no public evidence that they achieved issuance of any > certificate. There is some question as to whether they could have. > > On Wed, Apr 25, 2018 at 12:32 PM, Matthew Hardeman <[email protected]> > wrote: > > > I seriously doubt that. > > > > MyEtherWallet.com is/was hosted on Amazon CloudFront, and I believe the > > private keys for those certs stay locked at Amazon. That was likely the > > starter cert that MyEtherWallet.com first went with before securing an EV > > cert. > > > > On Wed, Apr 25, 2018 at 11:42 AM, Santhan Raj via dev-security-policy < > > [email protected]> wrote: > > > >> On Wednesday, April 25, 2018 at 1:57:28 AM UTC-7, Ryan Hurst wrote: > >> > On Tuesday, April 24, 2018 at 5:29:05 PM UTC+2, Matthew Hardeman wrote: > >> > > This story is still breaking, but early indications are that: > >> > > > >> > > 1. An attacker at AS10297 (or a customer thereof) announced several > >> more > >> > > specific subsets of some Amazon DNS infrastructure prefixes: > >> > > > >> > > 205.251.192-.195.0/24 205.251.197.0/24 205.251.199.0/24 > >> > > > >> > > 2. It appears that AS10297 via peering arrangement with Google got > >> > > Google's infrastructure to buy (accept) the hijacked advertisements. > >> > > > >> > > 3. It has been suggested that at least one of the any cast 8.8.8.8 > >> > > resolvers performed resolutions of some zones via the hijacked > >> targets. > >> > > > >> > > It seems prudent for CAs to look into this deeper and scrutinize any > >> domain > >> > > validations reliant in DNS from any of those ranges this morning. > >> > > >> > This is an example of why ALL CA's should either already be doing > >> multi-perspective domain control validation or be working towards that in > >> the very near future. > >> > > >> > These types of attacks are far from new, we had discussions about them > >> back in the early 2000s while at Microsoft and I know we were not the only > >> ones. One of the earlier papers I recall discussing this topic was from the > >> late 08 timeframe from CMU - https://www.cs.cmu.edu/~dga/pa > >> pers/perspectives-usenix2008/ > >> > > >> > The most recent work on this I am aware of is the Princeton paper from > >> last year: http://www.cs.princeton.edu/~jrex/papers/bamboozle18.pdf > >> > > >> > As the approved validation mechanisms are cleaned up and hopefully > >> reduced to a limited few with known security properties the natural next > >> step is to require those that utilize these methods to also use multiple > >> perspective validations to mitigate this class of risk. > >> > > >> > Ryan Hurst (personal) > >> > >> What is interesting to me is the DV certificate that Amazon had issued > >> for myetherwallet.com (https://crt.sh/?id=108721338) and this > >> certificate expired on Apr 23rd 2018. > >> > >> Could it be that the attackers were using this cert all along in place of > >> a EV cert? > >> _______________________________________________ > >> dev-security-policy mailing list > >> [email protected] > >> https://lists.mozilla.org/listinfo/dev-security-policy > >> > > > >
I agree and am obviously speculating at this point. I did see the (ridiculously silly) self-signed certificate that was used, but the skeptic in me keeps questioning the timeline of this attack and recent multiple cert issuances, - a self-signed cert created on 2018-03-23 and observed by Censys on 2018-03-29 (https://censys.io/certificates/4f151e2efd755fb1b9a4d50fa6db2af0008dff02ffbef8178be54f9db6e86d75) I assume this is the cert used in the attack from the screenshots - the self-signed cert was created exactly a year after the Amazon certificate was issued - the self-signed cert was used in an attack the day when/after the Amazon DV cert expired (April 23rd 2018) - additionally, and this may have nothing to do with the attack, 3 distinct EV certs issued to myetherwallet.com by Digicert and Comodo on 2018-03-30 and 2018-03-31, even though the existing EV cert (issued by Digicert) was still valid - https://crt.sh/?id=370369641 - https://crt.sh/?id=371216075 - https://crt.sh/?id=378737050 Again, I'm obviously speculating and all this could be coincidence and business as usual, but if I were writing this crime novel, the plot wouldn't be "1-2 days of attack to steal $150K" but "a year of silent attack to steal $17M and get caught due to an expired cert". Why would anyone with $17M want to go through all this trouble to steal just another $150K? _______________________________________________ dev-security-policy mailing list [email protected] https://lists.mozilla.org/listinfo/dev-security-policy
