Google Warns Users of Possible Man-in-the-Middle Attacks

Google issued warnings this morning of a possible man-in-the-middle attack against users attempting to access various Google services over a secured and encrypted HTTPS protocol. Google notes that the man-in-the-middle attacks appear to be "primarily located in Iran."

HTTPS is the standard for encryption and requires a set of keys to work. The first key, a private key, is known only by the provider of the service. The second key, a public key, is verified by a third-party so it is known to be trusted and distributed in browsers. A verified public key can only decrypt a message signed by its private counterpart and vice-versa.

What Is a Man In the Middle Attack?


Image via CNET 

A man-in-the-middle attack happens when a hacker compromises a connection between a user and the service they are trying to access - in this case, Google. The hacker uses fraudulent, but verifiable credentials, to the user, making the user believe he or she is talking Google's servers.

However, the attacker actually intercepts the message (usernames, passwords, email contents, etc.), decrypts them with the hacked private key, then re-encrypts them with Google's true public key and sends it on through to Google, where it's received as normal. This go-between communication is what Google warned about in today's announcement.

In this case, the fraudulent security certificate was issued by the formerly trusted DigiNotar. Since the news of this announcement, the Chrome team, Mozilla Firefox team and Microsoft's Internet Explorer teams have jumped to update their browsers to revoke the trust of any certificates issued by DigiNotor.

The questions remain to discover is DigiNotar purposefully issued what they certainly had to know where falsified certificates, or if the service, itself, was hacked. Chester Wisniewski suggests the entire process for verifying those companies who issue certificates is untrustworthy.

Ironicly enough, last month Google started issuing warnings to webmasters who house malware that could initiate man-in-the-middle attacks.

Here are a few examples of what good certificates look like:




About the author

Thom is a seasoned techincal SEO and digital analytics veteran. His current role as VP of Development and IT at Internet Marketing Ninjas includes the improvement of internal processes, leading the creation and refinement of industry-leading tools across multiple brands.

Previously he was a premier independent consultant, held a a senior search position at nationally renown TopRank Online Marketing and led all digital web-related technology's at Rochester Institute of Technology's Saunders College of Business. He also led analytics strategy efforts for the university's mobile initiative.

Part of the ClickZ Academy faculty, Thom has also taught for several well-respected colleges and universities. He is a regular speaker at ClickZ Live events and is a veteran of TEDx as well.