A big company Web browser relies on to verify safe and secure websites with links to US intelligence agencies and law enforcement, new research has claimed.
An exposure by Washington Post (opens in a new tab) (TWP) (fee wall), drawing conclusions from documents, records, and interviews with security researchers.
TrustCor Systems’ Panamanian registry reveals that it shares personnel with a spyware developer formerly identified as affiliated with the Arizona company Packet Forensics, whose records are public previously disclosed that it had been selling “contact interception services” to US agencies “for over a decade.”
Root Certificate Infrastructure
Google Chrome, Apple Safari, Mozilla are attributed to secure browser Firefox and several other applications both allow TrustCor to sign root certificates for websites it considers safe and legitimate, directing users to them, rather than potentially convincing fakes.
TrustCor insists that it has never cooperated with government information requests or monitored users on behalf of a third party. However, the Pentagon declined to comment and Mozilla is demanding answers from TrustCor while threatening to remove its authority.
The revelations surrounding TrustCor pose a PR nightmare for browsers like Firefox, who market themselves as security toolbut their own products may now also no longer be considered safe for the end user.
MsgSafe, one email provider from TrustCor, which purports to provide end-to-end encryption, was denounced by security experts to TWP, claiming that the first version of the software contained spyware developed by a company with associated with Packet Forensics.
An expert familiar with the work of Packet Forensics unequivocally confirmed that they used TrustCor and MsgSafe’s certificate process to intercept communications and “help the US government catch suspected terrorists”. doubt”.
He also stated that TrustCor’s products and services were only used to search for “high-profile targets” and that there had been no reports of root certificates being used to verify fake websites. purposes such as data collection.
However, suspicion is sown by revelations that could cause reputational damage to the web browsers involved, as there is no way to know if TrustCor’s strategy has changed.
