Home / Definitions / Certificate Bandit

Certificate Bandit

Vangie Beal
Last Updated May 24, 2021 7:37 am

A hacker that breaks into a Certificate Authority (CA) company in order to issue fake certificates that help bogus websites masquerade as authentic sites such as Google, Skype and Microsoft.

Certificate bandits were responsible for two major certificate breaches in 2011, when the Comodo and DigiNotar CAs were both duped into issuing fake certificates. The potential damage from the work of certificate bandits is often mitigated by the major Web browser vendors like Microsoft, Mozilla and Apple issuing updates to their browsers that block the fake certificates issued by the hacked CAs. In order to prevent damage from certificate bandits, though, this does require that users keep their browsers updated with the latest releases and patches.