Google security engineer Adam Langley said the company traced the fraudulent certificates to Agence nationale de la sécurité des systèmes d’information (ANSSI), a French certificate authority that falls under the government's cyber-security agency. "ANSSI has found that the intermediate CA certificate was used in a commercial device, on a private network, to inspect encrypted traffic with the knowledge of the users on that network," Langley noted in a blog post.
In a separate statement, ANSSI blamed "human error" for the incident.
Google's Langley described the incident as a "serious breach" and warned that the company is considering additional actions."
Link to Original Source