Case Study I: Fraudulent Digital Certificates On Thursday January 3, 2013, Microsoft issued the following Security Advisory (2798897): “Fraudulent Digital Certificates Could Allow Spoofing” “Microsoft is aware of active attacks using one fraudulent digital certificate issued by TURKTRUST Inc., which is a CA present in the Trusted Root Certification Authorities Store. This fraudulent certificate could be used to spoof content, perform phishing attacks, or perform man-in-the-middle attacks. This issue affects all supported releases of Microsoft Windows. “TURKTRUST Inc. incorrectly created two subsidiary CAs (*.EGO.GOV.TR and eislem.kktcmerkezbankasi.org). The *.EGO.GOV.TR subsidiary CA was then used to issue a fraudulent digital certificate to *.google.com. This fraudulent certificate could be used to spoof content, perform phishing attacks, or perform man-in-the-middle attacks against several Google web properties.