After a hacker obtained trickish digital certificates that could be used to personate Google, Yahoo, Skype, and other greater Web sites, the security company that issued them blamed the Iranian restraint.
There is only “one conclusion,” Comodo, the Jersey City, N.J.-based issuer of digital certificates declared in a report tracing the obtrusion to Iran. “This was likely to have ~ing a state-driven attack.”
Well, not entirely. The perpetrator claims to be a 21-year-old Iranian patriot–a “single programmer by the experience of 1,000 programmers”–who told CNET he carried lacking the intrusion in large part to affirm the policies of the U.S. government.
As proof, “ComodoHacker” has posted the private half of a digital certificate obtained for the time of the intrusion into the network of GlobalTrust, a Comodo reseller in Italy. (ComodoHacker in addition uses the aliases “Sun Ich” and “Ichsun,” that he says are random.)
That was enough to convince the skeptics. Robert Graham of Errata Security described to what degree he verified the digital certificate, intent that ComodoHacker did have information that solitary Comodo, or the perpetrator of the obtrusion, would be able to obtain. Even Melih Abdulhayoglu, Comodo’s originator and chief executive, now says he’s convinced of ComodoHacker’s identity: “They’ve proven themselves,” he before-mentioned.
Of course, that doesn’t intend that anything ComodoHacker says about his time, motivation, nationality, and so on is conformable to fact. And it’s also possible that the creative perpetrator shared the private half of the digital testimonial with third parties, or that it was a clump effort in the first place. On the other style of penmanship, ComodoHacker has published still more particulars, including a decompiled file called TrustDLL, about GlobalTrust’s systems.
In a series of e-mail messages over the the ~ time week, ComodoHacker said that he took through the whole extent of two more Comodo resellers (which the collection partially verified).
He said that he compromised “unit more” certificate authority besides Comodo, and “grant that I need I could do in greater numbers,” but declined to identify which any. When asked whether he obtained trickish certificates from it, he replied: “Sure.”
ComodoHacker says he’s not ever left Iran: “No, I never traveled, I be stirred so good and safe in my have country.” He enjoys visiting, he says, the cities of Mashhad, Shiraz, and Yazd.
Part of the thinking principle he pulled off the hack was, he uttered, revenge for Stuxnet, which was malware that targeted the Natanz nuclear enriching. see the verb plant in Iran and has been linked to the U.S. rule or its contractors.
Here’s greater degree of from ComodoHacker:
On Stuxnet: “USA persons in office should understand, they can’t bestow anything they want, they can’t have an air in the world and in internet to detect me, but they have no at all problem with HBGary CEO which produces malwares to taint with disease people in middle east, they should mean if they sniff emails, I (in the manner that 21 years old person) personally can do, we should be equal, I stingy CIA and myself. That’s the communication.”
On U.S. foreign policy in the Middle East: “They dress in’t have any policy, their acumen is just killing innocent people in Afghanistan and they killed millions in Iraq, good for one this: OIL. The universe isn’t safe with USA policies, they straightforward attack, they just start wars, they employment nuclear weapons (Hiroshima), they don’t know anything about talking, see recent USA soldiers odium in Afghanistan, they kill afghan populace for fun. They should learn more basics, first basic thing they should learn is killing and destroying would not expound any of their problem. Killing the community with nuclear weapon never solved anything, killing my population’s nuclear scientist never solve their question . I really care about earth coming events, when a country like USA and Israel by such administration try to rule it. Simply they failed.”
On whether he agrees by Mahmoud Ahmadinejad on Israel: “Totally. Israel is 63 years rich regime who occupied Palestinian people’s put on shore, they should let Palestinian people decide hither and thither thier own land, simply they occupied Palestine by help of ENTIRE world, including UK, USA and uniform Germany and others.”
Comodo’s CEO hasn’t relinquished his assurance that ComodoHacker is tied to the Iranian body of executive officers. He “claims to be pro-polity,” Abdulhayoglu says. “He’s using the media to impend all the democracy-movement people it being so that.”
It’s possible that the Iranian command is behind ComodoHacker, who has speedily established a combative online persona that uses Twitter to complain the “stupids” who doubt his exploits and employs hash tags like “#usagovfail” to condemn the West’s perception of Islam and Iran. But that efficiency be attributing too much to a once-brutal regime that the advocacy assemblage Reporters Without Borders says actively censors inconsistency Web sites, jams satellite broadcasts, and limits Internet relative speeds when criticism of its policies mounts.
Peter Gutmann, a computer scientist at the University of Auckland in New Zealand, offered this shooting up observation on a Mozilla forum: Comodo “wasn’t owned ~ dint of. a nation-state cyberwar agency however by a random script kiddie having more fun.”