24 Oct
2023
24 Oct
'23
7:05 a.m.
I am still left wondering why the attacker did not use a block
device and/or memory snapshot of the Linode VM in order to extract
the real TLS key material and avoid having to issue new ones, which
appeared in CT logs.
I suspect it is easier to ask some firm to create a generic Man-In-The-
Middle hardware that bridges network traffic than it is to carry out a
technical procedure.
Whilst I am no lawyer, I reckon there are legal implications.
In my experience, it is not uncommon for the ISP to be served a court
order to install a MitM device. Some courts have granted some state
institutions a "default" court order which covers any ISP that meets
certain criteria.
I expect (hope) that to gain access to a specific customer machine a
court order has to be issued for that particular customer.
Conrad