Researchers have discovered that digital code signing certificates are being sold for more than is required to buy a gun in the web’s underground markets.
On Tuesday, security researchers from Venafi said there is a flourishing trade in the sale of digital code signing certificates, which can be used to verify software applications.
These certificates are a fundamental way of ensuring software and apps are legitimate, but if compromised, can be used to install malware on networks and devices while avoiding detection.
A single certificate can fetch up to $1,200. Credit cards can go for as little as a few dollars, while US passports can be picked up for roughly $850 — and a handgun may only set buyers back $600.
« We’ve known for a number of years that cybercriminals actively seek code signing certificates to distribute malware through computers, » said Peter Warren, chairman of the CSRI. « The proof that there is now a significant criminal market for certificates throws our whole authentication system for the internet into doubt and points to an urgent need for the deployment of technology systems to counter the misuse of digital certificates. »
The six-month investigation was carried out by the CSRI in partnership with the Cyber Security Centre at the University of Hertfordshire.
To read the original article: http://www.zdnet.com/article/illicit-certificates-worth-more-than-guns-on-the-dark-web/