Alleged covert wiretap on Russian messaging service blown by expired TLS certificate


Security researchers have discovered what they believe may be a government attempt to covertly wiretap an instant messaging service in Germany — an attempt that was blown because the potential intercepting authorities failed to reissue a TLS certificate.

The suspected man-in-the-middle attack was identified when the administrator of, the largest Russian XMPP service, received a notification that one of the servers’ certificates had expired.

However, found no expired certificates on the server — as explained in a blog post by ValdikSS, a pseudonymous anti-censorship researcher based in Russia who collaborated on the investigation.

Read more…