Digital certificates were used to make up identity documents that were fake and fraudulent, the first public disclosure of a type of identity theft that was widespread.
The NSA and other government agencies also used the certificates, according to the new report from the cybersecurity firm Symantec.
The company also found that at least some of the certificates were generated by third parties and used by maliciously crafted phishing emails.
Symantech has been tracking the rise in identity theft for more than a year.
The researchers also found some evidence that people were able to steal credit card numbers and other sensitive data using stolen digital certificates.
Symantsec published the findings this week.
The revelations come at a time when a number of companies are trying to make the transition from paper-based identities to more secure digital forms.
The trend is gaining momentum and Symantek reported that nearly half of all companies use some form of biometric data for identification.
“It’s the perfect time to take a look at this,” said Symanteep Kaur, SymantEC’s chief technology officer.
“I believe this is the first time anyone has publicly reported the widespread use of these fraudulent certificates in the United States.”
The new report comes after the National Security Agency (NSA) used a program known as XKeyscore to siphon credit card information from tens of millions of accounts.
The program, which has been around since 2005, allows the NSA to access information about people’s online activities.
According to the report, a number, including credit card number and card expiration date, were also collected.
The documents are used to generate fake identity documents, which are used by attackers to impersonate users and steal credit cards.
The Symanteleec report also says that the NSA has been able to generate new types of identity fraud that require users to provide other information like their email addresses.
A person could also be charged with impersonating a business, or with filing false tax returns.
But the Symanteves report suggests the program is more widespread than previously reported.
“We are confident that we have found a large number of fake and unauthorized digital certificates used by the NSA,” Symantes chief technology analyst, Matt Kallinen, said in a statement.
“Our researchers have determined that a large portion of these certificates are used for identity theft.
We expect these certificates to be used in other criminal operations as well, and we hope to have more information to provide in the coming weeks.”
Symanteks researchers found that, for example, in some cases, attackers would obtain a fake digital certificate that would be sent to a fake credit card company that would then send the stolen card to an address that would have been created using the stolen certificate.
The attackers would also use the fake certificate to create an identity that matched the stolen one.
The fake card would then be sent back to the original card company, where it would be used again.
The new Symantep reports also revealed that the agency is working on a new way to break into the computer network of companies that rely on a common digital certificate, known as an OpenPGP digital certificate.
It is hoped that this technology will make it harder for attackers to break through the encryption on the certificates.
The OpenPGPS digital certificate has been widely used in many computer networks for more years, but Symantexts report says that it was not until now that the US government has publicly revealed the existence of this technology.
The group also said that there was evidence that the Snowden documents showed that the government was also using digital certificates to generate a number and expiration date for cards.
“This is yet another sign that the Obama administration is actively deploying the digital certificates of the United Kingdom and Canada,” said Kallen.
The US government also reported that it has a program called OpenSSL that allows the government to generate digital certificates that are much more difficult to break.
“OpenSSL is a highly complex and insecure cryptographic algorithm, but its weaknesses are widely known and exploited by criminals and hackers,” said a Symantel spokesperson.
“The NSA and FBI are using the OpenSSL software to generate certificates that have very high-risk security attributes.”