Internal MITM attack in French Government Agency

On Saturday Adam Langley from Google documented a MITM attack on Google sites that happened in France in early December. A French government agency associated with the Treasury obtained certificates for Google sites in order to be able to transparently (i.e. without users noticing)  proxy and decode the traffic to those Google sites. According to the government agency this was only done for internal traffic within the ministry.

Google noticed the unauthorized certificate through one of the monitoring mechanisms built into the Chrome browser and followed up with the certificate authority in question ANSSI, which confirmed that the certificate had been emitted in disregard of their own policies.  The certificate has been revoked.

Google, Microsoft and Mozilla have updated their certificate stores to reflect the revocation. Google and Microsoft have their respective automatic update mechanisms will take care of the propagation for Chrome and Windows 7 and above. Mozilla’s upadte will be released later this week in Firefox 26.