Connect with us

Hi, what are you looking for?

Tech & Science

Russia’s latest sanction busting move creates a cybersecurity risk

Russia aims to by-pass global Internet security and the whole situation has the potential to become a disaster.

Since the start of Russia's invasion of Ukraine, broadcasters around the world have been seeking to show "Servant of the People"
Since the start of Russia's invasion of Ukraine, broadcasters around the world have been seeking to show "Servant of the People" - Copyright AFP Jonathan NACKSTRAND
Since the start of Russia's invasion of Ukraine, broadcasters around the world have been seeking to show "Servant of the People" - Copyright AFP Jonathan NACKSTRAND

Russia has formed a domestic trusted Transport Layer Security (TLS) certificate authority (CA) to help Russian sites renew their TLS certificates and continue providing services to their visitors and bypass sanctions.

TLS certificates are used to digitally bind a cryptographic key to an organization’s details, enabling web browsers to confirm the domain’s authenticity and ensure that the communication between a client computer and the target website is secure.

The role of the CA is important for the CA signs the certificate, certifying that they have verified that it belongs to the owners of the domain name which is the subject of the certificate.

This means the whole situation has the potential to become a disaster, according to cybersecurity evangelists and digital certificate experts Murali Palanisamy, chief solutions officer, and Alon Nachmany, Field CISO of AppViewX. Both experts have bene in touch with Digital Journal.

Palanisamy outlines the importance of the Russian activity and what this means for the digital realm, noting: “To truly grasp the potential dangers of Russia developing a TLS Certificate Authority (CA), it’s important to understand what CAs do and what impact they have on the digital world.”

One consequence of the TLS is to produce the padlock icon in the web address bar to indicate a secure connection on a website. If the browser does not find a valid TLS certificate, this leads to a warning for the user that the website is not secure and this leads to the majority of Internet users veering away from the site. Hence, the absence of the TLS would impact heavily in Russian businesses – which explains the internal CA moves by the Russian state.

Drawing upon a real-life example, Palanisamy  explains: “Similar to the Registry of Motor Vehicles (RMV) that issues a driver’s license to a person, a TLS CA is a trusted, third party entity that issues identities to machines (computers and servers, mobile devices, electronic systems, networks and data, etc.).”

Palanisamy continues his analysis: “Due to the sanctions, Russian websites that use specific certificates from a Public CA that has main business in the US for their websites will not be able to renew their certificates if they expire.”

The consequence of this means that: “Expired certificates are also a grave security concern and can have a detrimental impact on a business. In fact, according to a recent report, the consequences of expired certificates include cybersecurity breaches (55 percent), loss of employee productivity (47 percent), system outages due to lack of complete visibility (35 percent) and financial losses from outages (33 percent).”

This situation sees an elevated risk in relation to cybersecurity. Palanisamy  explains: “While Russian businesses are working to update all the new TLS certificates, it’s not an easy task and it will take time to accomplish this. Until that time there’s a risk of potential attacks.”

Furthermore, whether the likes of Google Chrome, Microsoft Edge, Mozilla Firefox, and Apple Safari will accept the certificates issued by the new Russian certificate authority remains to be seen.

With the cybersecurity risks, these arise because: “Hackers can hijack a domain name and use it to extort ransom for its return”, Palanisamy says. “They can also redirect users to what appears as an identical website and deploy malware or collect user credentials and credit card information and much more. All of these threats are extinction-level events.”

The issue has an even wider scope, according to Palanisamy: “What’s concerning Russia’s TLS CA is that many organizations will need to use the new CA, due to the sanctions. As such, the Russian government now has more ability to inspect the traffic, creating it as a surveillance state that can also spoof any Western entities and track activities.”

In the second part of this article, Alon Nachmany explains why the Russian Federation is undertaking this process, which is linked to preserving Russian infrastructure.

Written By

Dr. Tim Sandle is Digital Journal's Editor-at-Large for science news. Tim specializes in science, technology, environmental, and health journalism. He is additionally a practising microbiologist; and an author. He is also interested in history, politics and current affairs.

You may also like:

World

Got a problem? Yes, you do. Fix it. Try “Life, Liberty, and the Pursuit of Happiness.” You could do worse.

World

The Ukrainian govt. issues a daily catalogue of Russia's losses in the four-month long war, while remaining cagey about its own casualties.

World

Lawmakers investigating the attack on the US Capitol detailed Donald Trump's efforts to recruit the Justice Department into his scheme.

Life

The 54-year-old designer told AFP the diplomatic gesture was a "special, magical moment" for him after years spent working on the bike.