{"id":44019,"date":"2021-11-19T04:00:09","date_gmt":"2021-11-19T04:00:09","guid":{"rendered":"https:\/\/www.threatshub.org\/blog\/web-trust-dies-in-darkness-hidden-certificate-authorities-undermine-public-crypto-infrastructure\/"},"modified":"2021-11-19T04:00:09","modified_gmt":"2021-11-19T04:00:09","slug":"web-trust-dies-in-darkness-hidden-certificate-authorities-undermine-public-crypto-infrastructure","status":"publish","type":"post","link":"https:\/\/www.threatshub.org\/blog\/web-trust-dies-in-darkness-hidden-certificate-authorities-undermine-public-crypto-infrastructure\/","title":{"rendered":"Web trust dies in darkness: Hidden Certificate Authorities undermine public crypto infrastructure"},"content":{"rendered":"<p>Security researchers have checked the web&#8217;s public key infrastructure and have measured a long-known but little-analyzed security threat: hidden root Certificate Authorities.<\/p>\n<p>Certificate Authorities, or CAs, vouch for the digital certificates we use to establish trust online. You can be reasonably confident that your bank website is actually your bank website when it presents your browser with an end-user or leaf certificate that&#8217;s linked through a chain of trust to an intermediate certificate and ultimately the X.509 root certificate of a trusted CA.<\/p>\n<p>Each browser relies on a trust store consisting of a hundred or so root certificates that belong to a smaller set of organizations. Mozilla&#8217;s CA Certificate List for example currently has <a href=\"https:\/\/ccadb-public.secure.force.com\/mozilla\/CAAIdentifiersReport\" target=\"_blank\" rel=\"nofollow noopener\">151 certs<\/a> representing <a href=\"https:\/\/ccadb-public.secure.force.com\/mozilla\/CAInformationReport\" target=\"_blank\" rel=\"nofollow noopener\">53 organizations<\/a>.<\/p>\n<div aria-hidden=\"true\" class=\"adun\" data-pos=\"top\" data-raptor=\"condor\" data-xsm=\",fluid,mpu,\" data-sm=\",fluid,mpu,\" data-md=\",fluid,mpu,\"> <noscript> <a href=\"https:\/\/pubads.g.doubleclick.net\/gampad\/jump?co=1&amp;iu=\/6978\/reg_security\/front&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=2&amp;c=2YZgQrobhCQh@knTk-KttygAAAAM&amp;t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0\" target=\"_blank\" rel=\"noopener\"> <img decoding=\"async\" src=\"https:\/\/pubads.g.doubleclick.net\/gampad\/ad?co=1&amp;iu=\/6978\/reg_security\/front&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=2&amp;c=2YZgQrobhCQh@knTk-KttygAAAAM&amp;t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0\" alt> <\/a> <\/noscript> <\/div>\n<p>Some of the more well-known CAs in the US include IdenTrust, DigiCert, Sectigo, and Let&#8217;s Encrypt.<\/p>\n<div aria-hidden=\"true\" class=\"adun\" data-pos=\"top\" data-raptor=\"falcon\" data-xmd=\",fluid,mpu,leaderboard,\" data-lg=\",fluid,mpu,leaderboard,\" data-xlg=\",fluid,billboard,superleaderboard,mpu,leaderboard,\" data-xxlg=\",fluid,billboard,superleaderboard,brandwidth,brandimpact,leaderboard,mpu,\"> <noscript> <a href=\"https:\/\/pubads.g.doubleclick.net\/gampad\/jump?co=1&amp;iu=\/6978\/reg_security\/front&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=4&amp;c=44YZgQrobhCQh@knTk-KttygAAAAM&amp;t=ct%3Dns%26unitnum%3D4%26raptor%3Dfalcon%26pos%3Dmid%26test%3D0\" target=\"_blank\" rel=\"noopener\"> <img decoding=\"async\" src=\"https:\/\/pubads.g.doubleclick.net\/gampad\/ad?co=1&amp;iu=\/6978\/reg_security\/front&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=4&amp;c=44YZgQrobhCQh@knTk-KttygAAAAM&amp;t=ct%3Dns%26unitnum%3D426raptor%3Dfalcon%26pos%3Dmid%26test%3D0\" alt> <\/a> <\/noscript> <\/div>\n<div class=\"adun_eagle_desktop_story_wrapper\">\n<div aria-hidden=\"true\" class=\"adun\" data-pos=\"mid\" data-raptor=\"eagle\" data-xxlg=\",mpu,dmpu,\"> <noscript> <a href=\"https:\/\/pubads.g.doubleclick.net\/gampad\/jump?co=1&amp;iu=\/6978\/reg_security\/front&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=3&amp;c=33YZgQrobhCQh@knTk-KttygAAAAM&amp;t=ct%3Dns%26unitnum%3D3%26raptor%3Deagle%26pos%3Dmid%26test%3D0\" target=\"_blank\" rel=\"noopener\"> <img decoding=\"async\" src=\"https:\/\/pubads.g.doubleclick.net\/gampad\/ad?co=1&amp;iu=\/6978\/reg_security\/front&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=3&amp;c=33YZgQrobhCQh@knTk-KttygAAAAM&amp;t=ct%3Dns%26unitnum%3D3%26raptor%3Deagle%26pos%3Dmid%26test%3D0\" alt> <\/a> <\/noscript> <\/div>\n<\/p><\/div>\n<p>But it&#8217;s not the known CAs that are the problem. Researchers affiliated with universities in China and the US recently examined the certificate ecosystem and found that there are a great many hidden root certificates. They&#8217;re a concern because root certificates and their associated CAs are supposed to be known \u2013 that&#8217;s the basis of the chain of trust.<\/p>\n<p>Seven computer scientists \u2013 Yiming Zhang, Baojun Liu, Chaoyi Lu, Zhou Li, Haixin Duan, Jiachen Li, and Zaifeng Zhang, affiliated with Tsinghua University, Beijing National Research Center for Information Science and Technology, 360Netlab, and QI-ANXIN Technology Research Institute in China, and University of California, Irvine, in the US \u2013 explore these obscure CAs in a paper titled, &#8220;Rusted Anchors: A National Client-Side View of Hidden Root CAs in the Web PKI Ecosystem.&#8221;<\/p>\n<div aria-hidden=\"true\" class=\"adun\" data-pos=\"top\" data-raptor=\"falcon\" data-xsm=\",fluid,mpu,\" data-sm=\",fluid,mpu,\" data-md=\",fluid,mpu,\"> <noscript> <a href=\"https:\/\/pubads.g.doubleclick.net\/gampad\/jump?co=1&amp;iu=\/6978\/reg_security\/front&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=4&amp;c=44YZgQrobhCQh@knTk-KttygAAAAM&amp;t=ct%3Dns%26unitnum%3D4%26raptor%3Dfalcon%26pos%3Dmid%26test%3D0\" target=\"_blank\" rel=\"noopener\"> <img decoding=\"async\" src=\"https:\/\/pubads.g.doubleclick.net\/gampad\/ad?co=1&amp;iu=\/6978\/reg_security\/front&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=4&amp;c=44YZgQrobhCQh@knTk-KttygAAAAM&amp;t=ct%3Dns%26unitnum%3D426raptor%3Dfalcon%26pos%3Dmid%26test%3D0\" alt> <\/a> <\/noscript> <\/div>\n<p>The <a href=\"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3460120.3484768\" target=\"_blank\" rel=\"nofollow noopener\">paper<\/a>[PDF] was presented at the Proceedings of the 2021 ACM SIGSAC Conference on Computer and Communications Security this week.<\/p>\n<p>With the help of the 360 Secure Browser, a widely used browser in China, the researchers analyzed the certificate chains in web visits by volunteers over the course of five months, from February through June 2020.<\/p>\n<p>&#8220;In total, over 1.17 million hidden root certificates are captured and they cause a profound impact from the angle of web clients and traffic,&#8221; the researchers report. &#8220;Further, we identify around five thousand organizations that hold hidden root certificates, including fake root CAs that impersonate large trusted ones.&#8221;<\/p>\n<div aria-hidden=\"true\" class=\"adun\" id=\"story_eagle_xsm_sm_md_xmd_lg_xlg\" data-pos=\"mid\" data-raptor=\"eagle\" data-xsm=\",mpu,dmpu,\" data-sm=\",mpu,dmpu,\" data-md=\",mpu,dmpu,\" data-xmd=\",mpu,dmpu,\" data-lg=\",mpu,dmpu,\" data-xlg=\",mpu,dmpu,\"> <noscript> <a href=\"https:\/\/pubads.g.doubleclick.net\/gampad\/jump?co=1&amp;iu=\/6978\/reg_security\/front&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=3&amp;c=33YZgQrobhCQh@knTk-KttygAAAAM&amp;t=ct%3Dns%26unitnum%3D3%26raptor%3Deagle%26pos%3Dmid%26test%3D0\" target=\"_blank\" rel=\"noopener\"> <img decoding=\"async\" src=\"https:\/\/pubads.g.doubleclick.net\/gampad\/ad?co=1&amp;iu=\/6978\/reg_security\/front&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=3&amp;c=33YZgQrobhCQh@knTk-KttygAAAAM&amp;t=ct%3Dns%26unitnum%3D3%26raptor%3Deagle%26pos%3Dmid%26test%3D0\" alt> <\/a> <\/noscript> <\/div>\n<p>Hidden root certificates refer to root CAs that are not trusted by public root programs. The situation is vaguely analogous to looking in your wallet and finding what appears to be official currency until you realize the banknote depicts Bozo the Clown. You&#8217;re not sure how this dubious bill arrived in your wallet \u2013 maybe you were defrauded \u2013 and you might be able to spend it \u2013 if no one looks too closely \u2013 but there&#8217;s probably something fishy going on.<\/p>\n<p>&#8220;Certificate issuance of hidden root CAs is usually not audited, allowing them to arbitrarily issue forged certificates and intercept secure connections, which breaks authentication and poses security threats,&#8221; the paper explains.<\/p>\n<p>Hidden root certificates, the authors explain, come from a variety of sources \u2013 some benign, others less so. They may be installed by VPN, parental control, or security software, malware, enterprise networks, or government agencies. Fundamentally, they are all problematic because they generally don&#8217;t conform to audited policies or allow for monitoring through a system like <a href=\"https:\/\/certificate.transparency.dev\/\">Certificate Transparency<\/a>. And they undermine the chain of trust because they don&#8217;t offer the same modes of verification as public root CAs.<\/p>\n<p>Baojun Liu, a postdoctoral researcher from Tsinghua University, offered an example of the risks posed by fake root CAs. &#8220;We discovered that a Windows Trojan implanted root certificates disguised as SecureTrust CA 2 into infected hosts, which was confirmed by the <a href=\"https:\/\/www.cisco.com\/c\/dam\/global\/zh_cn\/products\/security\/talos\/Threat_Roundup-for-April.pdf\" target=\"_blank\" rel=\"nofollow noopener\">threat intelligence of Cisco<\/a> [PDF],&#8221; he said in an email to <i>The Register<\/i>. &#8220;Cases of malware employing fake root certificates have also been reported in previous works.&#8221;<\/p>\n<p>These hidden root certs were implicated in about 0.54 per cent of all visits measured. Together they represented 5,005 certificate groups, most of which (4,362 groups or 87.2 per cent) included only one certificate. The remaining 12.8 per cent of groups accounted for 99.6 per cent of all certificates.<\/p>\n<p>The largest of these groups consisted of 254,412 root certificates from &#8220;Certum Trusted NetWork CA 2&#8221; \u2013 an entity posing as Certum CA, which uses a lowercase &#8220;w&#8221; in its certs with the word &#8220;Network&#8221;. Another lookalike CA identified was &#8220;Verislgn trust Network&#8221; \u2013 not to be confused with the legitimate &#8220;Verisign&#8221;.<\/p>\n<p>Even in scenarios where hidden root certs were being used legitimately by government agencies and enterprises for appropriate purposes, the researchers found implementation flaws \u2013 75 per cent of those certificate chains had verification errors from weak signature algorithms. This would be less of an issue if the certs were internally facing, but the researchers say a majority of self-built root CAs sign certificates for public websites.<\/p>\n<p>These hidden root certs magnify security problems though improper implementations. For example, the researchers found 41.4 per cent of hidden root CAs owned by government agencies and enterprises are used for direct signing of certificates in the chain. Root certs are supposed to sign intermediate certs which in turn get used to sign leaf certificates \u2013 that way the intermediate certificate can be revoked if there&#8217;s a security problem, leaving the root intact.<\/p>\n<p>Another problem: Over 79 per cent of hidden root certificates are valid for more than 60 years (current thinking, the boffins say, is that a lifespan of between six months and 16 years is more appropriate, depending upon the strength of the public keys at issue).<\/p>\n<p>The paper makes several recommendations for how to improve the situation. Operating systems should regulate root store modification better, the authors argue. Browsers should do more to communicate certificate concerns to internet users, and the ways in which local applications intercept traffic should be normalized, to help make malicious intervention more evident.<\/p>\n<p>&#8220;It could be quite beneficial if software [makers] would make their certificate usages more transparent for regulatory oversight,&#8221; said Liu. &#8220;As for far-reaching plans, establishing hierarchical authorization structures (e.g., managing system root certificates separately from user root certificates) or other forms for limiting the effective range of third-party CAs is also an admissible option.&#8221;<\/p>\n<p>Asked whether better automated detection measures might be built into browsers to catch non-compliant certificates, Liu said there aren&#8217;t presently any suitable lightweight tools for browsers yet and more serious tools like <a href=\"https:\/\/github.com\/zmap\/zlint\" target=\"_blank\" rel=\"nofollow noopener\">Zlint<\/a> aren&#8217;t a good fit.<\/p>\n<p>&#8220;However, such validation modules could be extended by sorting out security-sensitive non-compliances with rule-based checking, which is not an overly complex task for automated deployment,&#8221; he said. &#8220;And we&#8217;re also looking forward to doing so.&#8221; \u00ae<\/p>\n<p> READ MORE <a href=\"https:\/\/go.theregister.com\/feed\/www.theregister.com\/2021\/11\/19\/web_trust_certificates\/\">HERE<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Boffins measure the black hole of dubious certs and find it troubling Security researchers have checked the web&#8217;s public key infrastructure and have measured a long-known but little-analyzed security threat: hidden root Certificate Authorities.\u2026 READ MORE HERE&#8230;<\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"colormag_page_layout":"default_layout","footnotes":""},"categories":[63],"tags":[],"class_list":["post-44019","post","type-post","status-publish","format-standard","hentry","category-the-register"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.6 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>Web trust dies in darkness: Hidden Certificate Authorities undermine public crypto infrastructure 2026 | ThreatsHub Cybersecurity News<\/title>\n<meta name=\"description\" content=\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security &amp; Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.threatshub.org\/blog\/web-trust-dies-in-darkness-hidden-certificate-authorities-undermine-public-crypto-infrastructure\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Web trust dies in darkness: Hidden Certificate Authorities undermine public crypto infrastructure 2026 | ThreatsHub Cybersecurity News\" \/>\n<meta property=\"og:description\" content=\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security &amp; Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.threatshub.org\/blog\/web-trust-dies-in-darkness-hidden-certificate-authorities-undermine-public-crypto-infrastructure\/\" \/>\n<meta property=\"og:site_name\" content=\"ThreatsHub Cybersecurity News\" \/>\n<meta property=\"article:published_time\" content=\"2021-11-19T04:00:09+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/pubads.g.doubleclick.net\/gampad\/ad?co=1&amp;iu=\/6978\/reg_security\/front&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=2&amp;c=2YZgQrobhCQh@knTk-KttygAAAAM&amp;t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0\" \/>\n<meta name=\"author\" content=\"TH Author\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@threatshub\" \/>\n<meta name=\"twitter:site\" content=\"@threatshub\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"TH Author\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"5 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/web-trust-dies-in-darkness-hidden-certificate-authorities-undermine-public-crypto-infrastructure\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/web-trust-dies-in-darkness-hidden-certificate-authorities-undermine-public-crypto-infrastructure\\\/\"},\"author\":{\"name\":\"TH Author\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/person\\\/12e0a8671ff89a863584f193e7062476\"},\"headline\":\"Web trust dies in darkness: Hidden Certificate Authorities undermine public crypto infrastructure\",\"datePublished\":\"2021-11-19T04:00:09+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/web-trust-dies-in-darkness-hidden-certificate-authorities-undermine-public-crypto-infrastructure\\\/\"},\"wordCount\":1094,\"publisher\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/web-trust-dies-in-darkness-hidden-certificate-authorities-undermine-public-crypto-infrastructure\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/pubads.g.doubleclick.net\\\/gampad\\\/ad?co=1&amp;iu=\\\/6978\\\/reg_security\\\/front&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=2&amp;c=2YZgQrobhCQh@knTk-KttygAAAAM&amp;t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0\",\"articleSection\":[\"The Register\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/web-trust-dies-in-darkness-hidden-certificate-authorities-undermine-public-crypto-infrastructure\\\/\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/web-trust-dies-in-darkness-hidden-certificate-authorities-undermine-public-crypto-infrastructure\\\/\",\"name\":\"Web trust dies in darkness: Hidden Certificate Authorities undermine public crypto infrastructure 2026 | ThreatsHub Cybersecurity News\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/web-trust-dies-in-darkness-hidden-certificate-authorities-undermine-public-crypto-infrastructure\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/web-trust-dies-in-darkness-hidden-certificate-authorities-undermine-public-crypto-infrastructure\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/pubads.g.doubleclick.net\\\/gampad\\\/ad?co=1&amp;iu=\\\/6978\\\/reg_security\\\/front&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=2&amp;c=2YZgQrobhCQh@knTk-KttygAAAAM&amp;t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0\",\"datePublished\":\"2021-11-19T04:00:09+00:00\",\"description\":\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/web-trust-dies-in-darkness-hidden-certificate-authorities-undermine-public-crypto-infrastructure\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/web-trust-dies-in-darkness-hidden-certificate-authorities-undermine-public-crypto-infrastructure\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/web-trust-dies-in-darkness-hidden-certificate-authorities-undermine-public-crypto-infrastructure\\\/#primaryimage\",\"url\":\"https:\\\/\\\/pubads.g.doubleclick.net\\\/gampad\\\/ad?co=1&amp;iu=\\\/6978\\\/reg_security\\\/front&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=2&amp;c=2YZgQrobhCQh@knTk-KttygAAAAM&amp;t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0\",\"contentUrl\":\"https:\\\/\\\/pubads.g.doubleclick.net\\\/gampad\\\/ad?co=1&amp;iu=\\\/6978\\\/reg_security\\\/front&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=2&amp;c=2YZgQrobhCQh@knTk-KttygAAAAM&amp;t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/web-trust-dies-in-darkness-hidden-certificate-authorities-undermine-public-crypto-infrastructure\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Web trust dies in darkness: Hidden Certificate Authorities undermine public crypto infrastructure\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#website\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\",\"name\":\"ThreatsHub Cybersecurity News\",\"description\":\"%%focuskw%% Threat Intel \u2013 Threat Intel Services \u2013 CyberIntelligence \u2013 Cyber Threat Intelligence - Threat Intelligence Feeds - Threat Intelligence Reports - CyberSecurity Report \u2013 Cyber Security PDF \u2013 Cybersecurity Trends - Cloud Sandbox \u2013- Threat IntelligencePortal \u2013 Incident Response \u2013 Threat Hunting \u2013 IOC - Yara - Security Operations Center \u2013 SecurityOperation Center \u2013 Security SOC \u2013 SOC Services - Advanced Threat - Threat Detection - TargetedAttack \u2013 APT \u2013 Anti-APT \u2013 Advanced Protection \u2013 Cyber Security Services \u2013 Cybersecurity Services -Threat Intelligence Platform\",\"publisher\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\"},\"alternateName\":\"Threatshub.org\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\",\"name\":\"ThreatsHub.org\",\"alternateName\":\"Threatshub.org\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2025\\\/05\\\/Threatshub_Favicon1.jpg\",\"contentUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2025\\\/05\\\/Threatshub_Favicon1.jpg\",\"width\":432,\"height\":435,\"caption\":\"ThreatsHub.org\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\"},\"sameAs\":[\"https:\\\/\\\/x.com\\\/threatshub\"]},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/person\\\/12e0a8671ff89a863584f193e7062476\",\"name\":\"TH Author\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"caption\":\"TH Author\"}}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Web trust dies in darkness: Hidden Certificate Authorities undermine public crypto infrastructure 2026 | ThreatsHub Cybersecurity News","description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.threatshub.org\/blog\/web-trust-dies-in-darkness-hidden-certificate-authorities-undermine-public-crypto-infrastructure\/","og_locale":"en_US","og_type":"article","og_title":"Web trust dies in darkness: Hidden Certificate Authorities undermine public crypto infrastructure 2026 | ThreatsHub Cybersecurity News","og_description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","og_url":"https:\/\/www.threatshub.org\/blog\/web-trust-dies-in-darkness-hidden-certificate-authorities-undermine-public-crypto-infrastructure\/","og_site_name":"ThreatsHub Cybersecurity News","article_published_time":"2021-11-19T04:00:09+00:00","og_image":[{"url":"https:\/\/pubads.g.doubleclick.net\/gampad\/ad?co=1&amp;iu=\/6978\/reg_security\/front&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=2&amp;c=2YZgQrobhCQh@knTk-KttygAAAAM&amp;t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0","type":"","width":"","height":""}],"author":"TH Author","twitter_card":"summary_large_image","twitter_creator":"@threatshub","twitter_site":"@threatshub","twitter_misc":{"Written by":"TH Author","Est. reading time":"5 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.threatshub.org\/blog\/web-trust-dies-in-darkness-hidden-certificate-authorities-undermine-public-crypto-infrastructure\/#article","isPartOf":{"@id":"https:\/\/www.threatshub.org\/blog\/web-trust-dies-in-darkness-hidden-certificate-authorities-undermine-public-crypto-infrastructure\/"},"author":{"name":"TH Author","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/12e0a8671ff89a863584f193e7062476"},"headline":"Web trust dies in darkness: Hidden Certificate Authorities undermine public crypto infrastructure","datePublished":"2021-11-19T04:00:09+00:00","mainEntityOfPage":{"@id":"https:\/\/www.threatshub.org\/blog\/web-trust-dies-in-darkness-hidden-certificate-authorities-undermine-public-crypto-infrastructure\/"},"wordCount":1094,"publisher":{"@id":"https:\/\/www.threatshub.org\/blog\/#organization"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/web-trust-dies-in-darkness-hidden-certificate-authorities-undermine-public-crypto-infrastructure\/#primaryimage"},"thumbnailUrl":"https:\/\/pubads.g.doubleclick.net\/gampad\/ad?co=1&amp;iu=\/6978\/reg_security\/front&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=2&amp;c=2YZgQrobhCQh@knTk-KttygAAAAM&amp;t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0","articleSection":["The Register"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/www.threatshub.org\/blog\/web-trust-dies-in-darkness-hidden-certificate-authorities-undermine-public-crypto-infrastructure\/","url":"https:\/\/www.threatshub.org\/blog\/web-trust-dies-in-darkness-hidden-certificate-authorities-undermine-public-crypto-infrastructure\/","name":"Web trust dies in darkness: Hidden Certificate Authorities undermine public crypto infrastructure 2026 | ThreatsHub Cybersecurity News","isPartOf":{"@id":"https:\/\/www.threatshub.org\/blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.threatshub.org\/blog\/web-trust-dies-in-darkness-hidden-certificate-authorities-undermine-public-crypto-infrastructure\/#primaryimage"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/web-trust-dies-in-darkness-hidden-certificate-authorities-undermine-public-crypto-infrastructure\/#primaryimage"},"thumbnailUrl":"https:\/\/pubads.g.doubleclick.net\/gampad\/ad?co=1&amp;iu=\/6978\/reg_security\/front&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=2&amp;c=2YZgQrobhCQh@knTk-KttygAAAAM&amp;t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0","datePublished":"2021-11-19T04:00:09+00:00","description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","breadcrumb":{"@id":"https:\/\/www.threatshub.org\/blog\/web-trust-dies-in-darkness-hidden-certificate-authorities-undermine-public-crypto-infrastructure\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.threatshub.org\/blog\/web-trust-dies-in-darkness-hidden-certificate-authorities-undermine-public-crypto-infrastructure\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.threatshub.org\/blog\/web-trust-dies-in-darkness-hidden-certificate-authorities-undermine-public-crypto-infrastructure\/#primaryimage","url":"https:\/\/pubads.g.doubleclick.net\/gampad\/ad?co=1&amp;iu=\/6978\/reg_security\/front&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=2&amp;c=2YZgQrobhCQh@knTk-KttygAAAAM&amp;t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0","contentUrl":"https:\/\/pubads.g.doubleclick.net\/gampad\/ad?co=1&amp;iu=\/6978\/reg_security\/front&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=2&amp;c=2YZgQrobhCQh@knTk-KttygAAAAM&amp;t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0"},{"@type":"BreadcrumbList","@id":"https:\/\/www.threatshub.org\/blog\/web-trust-dies-in-darkness-hidden-certificate-authorities-undermine-public-crypto-infrastructure\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.threatshub.org\/blog\/"},{"@type":"ListItem","position":2,"name":"Web trust dies in darkness: Hidden Certificate Authorities undermine public crypto infrastructure"}]},{"@type":"WebSite","@id":"https:\/\/www.threatshub.org\/blog\/#website","url":"https:\/\/www.threatshub.org\/blog\/","name":"ThreatsHub Cybersecurity News","description":"%%focuskw%% Threat Intel \u2013 Threat Intel Services \u2013 CyberIntelligence \u2013 Cyber Threat Intelligence - Threat Intelligence Feeds - Threat Intelligence Reports - CyberSecurity Report \u2013 Cyber Security PDF \u2013 Cybersecurity Trends - Cloud Sandbox \u2013- Threat IntelligencePortal \u2013 Incident Response \u2013 Threat Hunting \u2013 IOC - Yara - Security Operations Center \u2013 SecurityOperation Center \u2013 Security SOC \u2013 SOC Services - Advanced Threat - Threat Detection - TargetedAttack \u2013 APT \u2013 Anti-APT \u2013 Advanced Protection \u2013 Cyber Security Services \u2013 Cybersecurity Services -Threat Intelligence Platform","publisher":{"@id":"https:\/\/www.threatshub.org\/blog\/#organization"},"alternateName":"Threatshub.org","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.threatshub.org\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.threatshub.org\/blog\/#organization","name":"ThreatsHub.org","alternateName":"Threatshub.org","url":"https:\/\/www.threatshub.org\/blog\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/logo\/image\/","url":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2025\/05\/Threatshub_Favicon1.jpg","contentUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2025\/05\/Threatshub_Favicon1.jpg","width":432,"height":435,"caption":"ThreatsHub.org"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/x.com\/threatshub"]},{"@type":"Person","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/12e0a8671ff89a863584f193e7062476","name":"TH Author","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","caption":"TH Author"}}]}},"_links":{"self":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts\/44019","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/comments?post=44019"}],"version-history":[{"count":0,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts\/44019\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/media?parent=44019"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/categories?post=44019"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/tags?post=44019"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}