TrustCor System was no longer supported by Mozilla and Microsoft as a result of a Washington Post article that exposed the company’s connections to spyware-focused government contractors.
Following negotiations that lasted weeks, Firefox and Microsoft have decided to stop trusting. TrustCor Networks’ certificates have also deleted the organization from its own root certificate repositories.
The actions were taken as a result of a Washington Post article that was released this month and exposed. TrustCor’s apparent linkages to Network Forensics, a company that sells malware. And other companies with connections to American intel agencies.
However, following an examination of the evidence concerning TrustCor. Firefox and Microsoft made the decision to withdraw trust for the core certificate authority (CA). Rendering TrustCor’s certificates is useless for products such as Firefox and Edge browsers.
Project coordinator Kathleen Wilson made the following statement. In the Firefox CA group discussion on Wednesday: “Our conclusion is that the legitimate concerns. Program outweighs the benefits to end users.”
“Certificate authorities (CAs) play crucial and employee overall roles in the IoT ecosystem. It is unethical for a CA to have ties to a business that disseminates malware through ownership and operation. The replies from Trustcor’s VP of CA services further support the validity of Mozilla’s worries. “
In the discussion group, executives from Apple and Google had previously voiced their worry about the accusations and supporting documentation against TrustCor System. But as to the time of publication, neither business had declared its position over the root CA.
Since their public-key infrastructure (PKI) serves as the cornerstone of the crypto trust chain, root CAs have a significant amount of influence inside the certificate ecosystem. They are among the most important and trustworthy CAs for browser manufacturers. Central CAs can use its PKI to sign and certify the certificate of third-party transitory CAs lower down the trust chain in addition to creating their own certificates.
When considering security, one of the areas that is still not given due focus by many organizations is Certificate Authorities (CAs). CAs are / should be a key component in any corporate security strategy as they are machine identity enablers. A root CA is the most significant piece in that hierarchy as it holds the potential to impact the security and the trust of the entire certification hierarchy due to any abuse or compromise. This view needs to be factored in when organizations conduct threat modeling or assessments.
Additionally, there can be also compliance implications if there are weak or non-existent checks and balances in place for ensuring the security of a CA. What is more alarming is that CA compromise has been found to be achieved using living-off-the-land (LOTL) techniques and tools. LOTL attacks are problematic from a detection standpoint and are an incident response (IR) nightmare. As root CAs pose a cascading risk, they have been a favorable target of nation state APT actors aiming to mount a crippling attack.