Comment by jcims
2 years ago
> * The attacker failed to reissue TLS certificate and MiTM proxy started to serve expired certificate on port 5222 for jabber.ru domain (Hetzner)
This is gold.
2 years ago
> * The attacker failed to reissue TLS certificate and MiTM proxy started to serve expired certificate on port 5222 for jabber.ru domain (Hetzner)
This is gold.
The absolute lack of giving a shit is one of your major clues this was a lawful intercept scenario.
Someone was forced to do it, but they didn’t personally agree with it so they eventually made a “mistake” to tip off the target?
There is the plain incompetence explanation: the hosting provider gave control of the operation to the government entity. The underpaid and indifferent government employee did the best they could with their level motivation and skill level.
I mean, I’ve seen the auto renew fail a lot with the certbot. They definitely should have checked it in the renew period to make sure it was working, but I feel for them