← Back to context

Comment by simpaticoder

2 years ago

>The attacker managed to issue multiple SSL/TLS certificates via Let’s Encrypt

This implies that the attacker was able to validate domain ownership of jabber.ru and xmpp.ru by either a) being able to respond to the ACME protocol on domain(s) hosted http OR b) being able to write to a DNS TXT file for the domain(s). This implies that the victim already lost control of their process server and/or their nameserver.

9 comments

simpaticoder

Reply
tetromino_  2 years ago

No. Most probably it merely implies someone upstream of them (presumably their hosting provider under compulsion from German law enforcement) intercepted and spoofed their unencrypted, unauthenticated ACME HTTP traffic.

Same can happen to you.

  • lathiat  2 years ago

    The same way they are intercepting the jabber port they can intercept any other port for the HTTP ACME challenge. No need to get involved at the name server level.

    • deeth_starr_v  2 years ago

      Right. That makes the most sense. Let’s Encrypt wasn’t involved … it’d just need to be linode/hetzner

  • simpaticoder  2 years ago

    Okay, but the part I don't understand is why do it this way? If the hosting provider is a threat, they don't need new certs. They can just read your private keys off your disk and MITM with that.

    • T3OU-736  2 years ago

      Your private keys at rest are / should be encrypted, so it would take a bit more than just reading them.

      The next level of mitigating that sort of a thing is to have keys not be on the hosts at all. Enter HSM - Hardware Security Module. A wildly complex topic I cannot hope to cover in an HN comment, but fundamentally, the private keys are not on the same HW as the server software which needs them.

      A fundamental property of an HSM is that you, the HSM user, don't actually see the private key. You can ask the HSM to generate one. Derive things from it (in the cryptographic sense of derive). Even prove the provenance of such derived data. But the HSM should not reveal the actual private key.

      In the cloud world, the HSM equivalent is known as KMS (Key Management Service), and the Good cloud providers all let you manage your own (with the downside being that you now need to manage your own keys).

    • fulafel  2 years ago

      Here's a good example why trust is not binary ("you either trust Hetzner or don't"). Quite possibly wiretapping law doesn't require them to facilitate the server breakin.

    • sshine  2 years ago

      > just read your private keys off your disk

      Not just. The disk itself may be encrypted, the keys may be encrypted. Doing this unnoticed and without rebooting would require modifications to the hardware.