Ryan Gallagher over at The Slate was the first to report on the revelation for the English speaking public by digging into the reporting of Brazilian TV show Fantastico, whose reporters had a chance to go through a set of documents leaked by NSA whistleblower Edward Snowden to Guardian journalist Glenn Greenwald:
However, in some cases GCHQ and the NSA appear to have taken a more aggressive and controversial route—on at least one occasion bypassing the need to approach Google directly by performing a man-in-the-middle attack to impersonate Google security certificates. One document published by Fantastico, apparently taken from an NSA presentation that also contains some GCHQ slides, describes “how the attack was done” to apparently snoop on SSL traffic. The document illustrates with a diagram how one of the agencies appears to have hacked into a target’s Internet router and covertly redirected targeted Google traffic using a fake security certificate so it could intercept the information in unencrypted format.
Documents from GCHQ’s “network exploitation” unit show that it operates a program called “FLYING PIG” that was started up in response to an increasing use of SSL encryption by email providers like Yahoo, Google, and Hotmail. The FLYING PIG system appears to allow it to identify information related to use of the anonymity browser Tor (it has the option to query “Tor events”) and also allows spies to collect information about specific SSL encryption certificates. GCHQ’s network exploitation unit boasts in one document that it is able to collect traffic not only from foreign government networks—but from airlines, energy companies, and financial organizations, too.
But how did the NSA get their hands of these fake certificates?
Noted cryptography expert Matthew Green pointed out that NSA could have easily gotten their own signing key from a less trustworthy certificate authority in order to create and sign fake certificates that would be used in MitM attacks.
According to cryptographer Bruce Schneier, one of the slides in the leaked presentations seems to imply that the NSA has either executed or has taken advantage of the infamous 2011 DigiNotar breach, which resulted in the issuing of rogue SSL certificates for a great number of high-profile domains such as Facebook, Yahoo!, Microsoft, Skype, Twitter, the Tor Project site, Wordpress, Mozilla's add-ons site, and also those of a number of intelligence agencies from around the world, including the CIA, MI6 and Mossad.