Stuxnet and Private Keys!

Recent cyber-attacks used malware signed with legitimate code signing certificates. The Public Key Infrastructure (PKI) is there to provide assurance that a program you are installing and running is trustworthy and was signed by the rightful owner. However, the integrity of this mechanism relies on the owners of these programs in securing safely their private keys against unauthorized access. The private key together with other elements such as, the contents of the program file is used to create a digital signature that provides a means to verify the identity of the file signer and the integrity of the file. It is critical that users (owners/developers of programs) keep their private keys secure and confidential. Unfortunately, the past incidents show that some companies failed to safeguard these keys properly and eventually the stolen keys were used in malicious activities.

It is believed that Stuxnet existed for quite some time before it was discovered and it went unnoticed or better managed to make it to legitimate networks and machines because it used valid digitally signed code where private keys and certificates were stolen from two legitimate companies. There are various possibilities how the private keys and certificates might have leaked out, but to find out and read more go here:

http://www.verisign.com/code-signing/information-c…de.pdf

Leave a Comment

Your email address will not be published. Required fields are marked *

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Scroll to Top