Russia has formed a domestic trusted Transport Layer Security (TLS) certificate authority (CA) to help Russian sites renew their TLS certificates and continue providing services to their visitors and bypass sanctions.
TLS certificates are used to digitally bind a cryptographic key to an organization’s details, enabling web browsers to confirm the domain’s authenticity and ensure that the communication between a client computer and the target website is secure.
The role of the CA is important for the CA signs the certificate, certifying that they have verified that it belongs to the owners of the domain name which is the subject of the certificate.
This means the whole situation has the potential to become a disaster, according to cybersecurity evangelists and digital certificate experts Murali Palanisamy, chief solutions officer, and Alon Nachmany, Field CISO of AppViewX. Both experts have bene in touch with Digital Journal.
Palanisamy outlines the importance of the Russian activity and what this means for the digital realm, noting: “To truly grasp the potential dangers of Russia developing a TLS Certificate Authority (CA), it’s important to understand what CAs do and what impact they have on the digital world.”
One consequence of the TLS is to produce the padlock icon in the web address bar to indicate a secure connection on a website. If the browser does not find a valid TLS certificate, this leads to a warning for the user that the website is not secure and this leads to the majority of Internet users veering away from the site. Hence, the absence of the TLS would impact heavily in Russian businesses – which explains the internal CA moves by the Russian state.
Drawing upon a real-life example, Palanisamy explains: “Similar to the Registry of Motor Vehicles (RMV) that issues a driver’s license to a person, a TLS CA is a trusted, third party entity that issues identities to machines (computers and servers, mobile devices, electronic systems, networks and data, etc.).”
Palanisamy continues his analysis: “Due to the sanctions, Russian websites that use specific certificates from a Public CA that has main business in the US for their websites will not be able to renew their certificates if they expire.”
The consequence of this means that: “Expired certificates are also a grave security concern and can have a detrimental impact on a business. In fact, according to a recent report, the consequences of expired certificates include cybersecurity breaches (55 percent), loss of employee productivity (47 percent), system outages due to lack of complete visibility (35 percent) and financial losses from outages (33 percent).”
This situation sees an elevated risk in relation to cybersecurity. Palanisamy explains: “While Russian businesses are working to update all the new TLS certificates, it’s not an easy task and it will take time to accomplish this. Until that time there’s a risk of potential attacks.”
Furthermore, whether the likes of Google Chrome, Microsoft Edge, Mozilla Firefox, and Apple Safari will accept the certificates issued by the new Russian certificate authority remains to be seen.
With the cybersecurity risks, these arise because: “Hackers can hijack a domain name and use it to extort ransom for its return”, Palanisamy says. “They can also redirect users to what appears as an identical website and deploy malware or collect user credentials and credit card information and much more. All of these threats are extinction-level events.”
The issue has an even wider scope, according to Palanisamy: “What’s concerning Russia’s TLS CA is that many organizations will need to use the new CA, due to the sanctions. As such, the Russian government now has more ability to inspect the traffic, creating it as a surveillance state that can also spoof any Western entities and track activities.”
In the second part of this article, Alon Nachmany explains why the Russian Federation is undertaking this process, which is linked to preserving Russian infrastructure.