24 Oct
2023
24 Oct
'23
2:06 a.m.
Hello,
I was reading about this incident of alleged lawful intercept used
on Hetzner and Linode in Germany in order to successfully MitM
TLS-encrypted traffic for a period of months:
https://notes.valdikss.org.ru/jabber.ru-mitm/
The link at the bottom on some ideas to detect and mitigate is also
worth a read:
https://www.devever.net/~hl/xmpp-incident
I am still left wondering why the attacker did not use a block
device and/or memory snapshot of the Linode VM in order to extract
the real TLS key material and avoid having to issue new ones, which
appeared in CT logs.
At the moment my best guess is that perhaps the filesystem was
protected by LUKS and the skills to extract key material from a
memory dump, while existing, were in short supply. Meanwhile, the
procedure to MitM network traffic through their own hardware on
Hetzner and Linode is probably very well documented and tested, so
maybe could be done straight away, and it was perhaps considered
expedient to just risk the new certs being noticed.
DNSSEC+CAA start to seem like very good ideas.
Thanks,
Andy
--
https://bitfolk.com/ -- No-nonsense VPS hosting
24 Oct
24 Oct
6:35 a.m.
tis 2023-10-24 klockan 02:06 +0000 skrev Andy Smith via BitFolk Users:
...
...
Meanwhile, the procedure to MitM network traffic through their own
hardware on Hetzner and Linode is probably very well documented and
tested, so maybe could be done straight away, and it was perhaps
considered expedient to just risk the new certs being noticed.
DNSSEC+CAA start to seem like very good ideas.
On the topic of CAA records, assuming that one is using a CA that
supports the RFC 8657 extension one might also want to specify
accounturl and/or validationmethods.
In this scenario to protect/mitigate against someone using their local
MITM capabilities to intercept ACME HTTP-01 challenges.
* Supported by Let's Encrypt:
https://community.letsencrypt.org/t/enabling-acme-caa-account-and-method-bi…
* All the fun details: https://www.rfc-editor.org/rfc/rfc8657
Can look something like this.
$ dig +short arrakis.se CAA
0 issue "letsencrypt.org;
accounturi=https://acme-v02.api.letsencrypt.org/acme/acct/902027977;
validationmethods=dns-01"
$
// Andreas
7:05 a.m.
I am still left wondering why the attacker did not use a block
device and/or memory snapshot of the Linode VM in order to extract
the real TLS key material and avoid having to issue new ones, which
appeared in CT logs.
I suspect it is easier to ask some firm to create a generic Man-In-The-
Middle hardware that bridges network traffic than it is to carry out a
technical procedure.
Whilst I am no lawyer, I reckon there are legal implications.
In my experience, it is not uncommon for the ISP to be served a court
order to install a MitM device. Some courts have granted some state
institutions a "default" court order which covers any ISP that meets
certain criteria.
I expect (hope) that to gain access to a specific customer machine a
court order has to be issued for that particular customer.
Conrad
10:21 a.m.
Hello,
On Tue, Oct 24, 2023 at 08:05:01AM +0100, Conrad Wood via BitFolk Users wrote:
I suspect it is easier to ask some firm to create a
generic Man-In-The-
Middle hardware that bridges network traffic than it is to carry out a
technical procedure.
Whilst I am no lawyer, I reckon there are legal implications.
Yes, dg said much the same here:
https://infosec.exchange/@dgl/111287709326897207
and that makes sense to me thinking more about it: seems likely that
whatever updated wiretap law they have covers only snooping on
communications and some other sort of warrant might be needed to
rummage around inside a filesystem.
On IRC dg also mentioned about https://crt.sh/ which has a handy
Atom feed so you can see which certs are being issued, e.g.:
https://crt.sh/?Identity=bitfolk.com&exclude=expired&deduplicate=Y
Thanks,
Andy
--
https://bitfolk.com/ -- No-nonsense VPS hosting
25 Oct
25 Oct
8:58 a.m.
On Tue 24 Oct 2023 02:06:09 GMT, Andy Smith via BitFolk Users wrote:
DNSSEC+CAA start to seem like very good ideas.
Moreover, DNSSEC+DANE, as they already use Let’s Encrypt, having a CAA
doesn’t prevent them to issue another cert to another party.
But with the public key in the DNS, then the only way to listen to TLS
traffic would be to extract the private key from the running VM.
--
Alarig
423
days inactive
424
days old
4 comments
4 participants
participants (4)
-
Alarig Le Lay -
Andreas Olsson -
Andy Smith -
Conrad Wood