How much for a DoD X.509 certificate?
Peter Gutmann
pgut001 at cs.auckland.ac.nz
Thu Aug 11 07:42:02 EDT 2005
$25 and a bit of marijuana, apparently. See:
http://www.wjla.com/news/stories/0305/210558.html
http://www.wjla.com/news/stories/0105/200474.html
Although the story doesn't mention this, the "ID" in question was the DoD
Common Access Card, a smart card containing a DoD-issued certificate. To get
a CAC, you normally have to provide two forms of verification... in this case
I guess the two were photo ID of dead presidents and empirical proof that you
know how to buy weed.
The cards were issued by Yusuf Khalil Jackson, a man with a long criminal
history (including, ironically, identity fraud):
John Pike, Global Security.org: "The notion that we're going to let
somebody with this type of criminal record, with no background check on him
and give him the ID card machine defies understanding."
Jackson admitted to making about 30 of the ID cards:
John Pike: "The good news is that it looks like some of these people were
just doing it so they could go to a bar and claim to be over 21. The bad
news is that you don't know what else some of these other people might have
done."
One of the cards was later "seized from a Pakistani national" by the police.
Bowens: "That's the nightmare of it. The cards themselves are not
counterfeit. They're authentically made but they've been issued in an
unauthorized manner for profit or ideology or a little of both."
This sort of thing doesn't bode well for Real ID either. These cards were
real ID too.
Peter.
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
More information about the cryptography
mailing list