The backers of the Let’s Encrypt project wanted to make it easier for website owners to obtain and deploy certificates to encrypt HTTP traffic. The project started issuing free certificates as part of a public beta program in December. It hasn’t even been two months and cyber criminals have already taken advantage of the project’s free certificates and used them in illegitimate ways.
“Any technology that is meant for good can be used by cyber criminals, and Let’s Encrypt is no exception,” Trend Micro fraud researcher Joseph Chen wrote on the TrendLabs Security Intelligence blog.
