Online banking traffic: Fake SSL certificates deployed across the internet.

As a forward-thinking IT leader with global operations, everyday ,Connectikpeople.co observes amazing behaviors related to hacking and cyber-attacks.

Today, let us talk about the recent Netcraft report which underscores the Fake SSL certificates deployed across the internet phenomenon.

 Connectikpeople.co can observes that dozens of fake SSL certificates impersonating banks, ecommerce sites, ISPs and social networks have been found.

According to Netcraft, some of these certificates may be used to carry out man-in-the-middle attacks against the affected companies and their customers. Meaning that, successful attacks would allow criminals to decrypt legitimate online banking traffic before re-encrypting it and forwarding it to the bank. This would leave both parties unaware that the attacker may have captured the customer's authentication credentials, or manipulated the amount or recipient of a money transfer.

The fake certificates bear common names (CNs) which match the hostnames of their

targets (e.g. www.facebook.com).

Netcraft mentioned that, as the certificates are not signed by trusted certificate authorities, none will be regarded as valid by mainstream web browser software; however, an increasing amount of online banking traffic now originates from apps and other non-browser software which may fail to adequately check the validity of SSL certificates.

‘’Fake certificates alone are not enough to allow an attacker to carry out a man-in-the-middle attack. He would also need to be in a position to eavesdrop the network traffic flowing between the victim's mobile device and the servers it communicates with. In practice, this means that an attacker would need to share a network and internet connection with the victim, or would need to have access to some system on the internet between the victim and the server. Setting up a rogue wireless access point is one of the easiest ways for an individual to carry out such attacks, as the attacker can easily monitor all network traffic as well as influence the results of DNS lookups (for example, making www.examplebank.com resolve to an IP address under his control)’’ said the report available in full detail via this link: Fake SSL certificates deployed across the internet.