French Government ANSSI responsible of a MITM against Google SSL-TLS

9:30 ET, 10 December 2013

Google discovered the unauthorized use of digital certificates issued by an intermediate certificate authority linked to ANSSI for several Google domains.

Google has revealed that late on December 3rd it became aware of unauthorized digital certificates for several Google domains and immediately has started the investigation. Security experts at Google found that the digital certificates were issued by an intermediate certificate authority (CA) linked to the French certificate authority ANSSI.

ANSSI is the French CyberSecurity agency that operates with French intelligence agencies, the organization declares that an intermediate CA is generating fake-certificate to conduct MITM attack and inspect SSL traffic. Be aware that an intermediate CA certificate carries the full authority of the CA, attackers can use it to create a certificate for any website they wish to hack.

“ANSSI has found that the intermediate CA certificate was used in a commercial device, on a private network, to inspect encrypted traffic with the knowledge of the users on that network. ”

Google discovered the ongoing MITM attack and has blocked it, Google has declared that ANSSI has requested to block an intermediate CA certificate.


“As a result of a human error which was made during a process aimed at strengthening the overall IT security of the French Ministry of Finance, digital certificates related to third-party domains which do not belong to the French administration have been signed by a certification authority of the DGTrésor (Treasury) which is attached to the IGC/A.

The mistake has had no consequences on the overall network security, either for the French administration or the general public. The aforementioned branch of the IGC/A has been revoked preventively. The reinforcement of the whole IGC/A process is currently under supervision to make sure no incident of this kind will ever happen again” stated the ANSSI advisory.

The ANSSI attributed the incident to “Human Error” made by someone from at Finance Ministry sustaining that the intermediate CA certificate was used in a commercial device, on a private network, to inspect encrypted traffic with the knowledge of the users on that network.

Google has updated Chrome’s certificate revocation metadata to block the ANSSI intermediate CA and has reported it to the agency and other browser vendors.

Despite the reply of ANSSI the incident is considerable a serious breach, The Google’s Certificate Transparency project is an important initiative to highlight breach like this one and preserve users’ security and privacy.

As remarked by security expert Fabio Petrosanti a recent law proposal, see Art. 246, is giving power to governmental agencies to act with massive interception capabilities

Can we really speak of incident or we are faced with yet another government espionage operation?

Pierluigi Paganini

(Security Affairs –  Cyber espionage, digital certificates, Google)





FAIR USE NOTICE: Under the "fair use" act, another author may make limited use of the original author's work without asking permission. Pursuant to 17 U.S. Code § 107, certain uses of copyrighted material "for purposes such as criticism, comment, news reporting, teaching (including multiple copies for classroom use), scholarship, or research, is not an infringement of copyright." As a matter of policy, fair use is based on the belief that the public is entitled to freely use portions of copyrighted materials for purposes of commentary and criticism. The fair use privilege is perhaps the most significant limitation on a copyright owner's exclusive rights. Cyber Defense Media Group is a news reporting company, reporting cyber news, events, information and much more at no charge at our website Cyber Defense Magazine. All images and reporting are done exclusively under the Fair Use of the US copyright act.

Global InfoSec Awards 2022

We are in our 10th year, and these awards are incredibly well received – helping build buzz, customer awareness, sales and marketing growth opportunities, investment opportunities and so much more.


10th Anniversary Exclusive Top 100 CISO Conference & Innovators Showcase