EDGE 2015 is starting in

Find out more EDGE 2015
Menu
Comodo hacker claims credit for DigiNotar attack

Comodo hacker claims credit for DigiNotar attack

The hacker appears to have a political motivation for striking the Dutch certificate authority

The hacker responsible for a stunning attack on a Dutch company that issues security certificates for websites warned on Monday that he would "strike back again," after previously breaching another company earlier this year.

The hacker posted the warning on Pastebin under the handle "Comodohacker." The same account was used earlier this year to describe the attack on Comodo, which sells SSL (Secure Socket Layer) certificates, a crucial Internet security component used to secure encrypted communication between a computer and a website.

"Comodohacker," who has given press interviews, has described himself as a 21-year-old Iranian student, although that information is not confirmed. It is also suspected he could be Turkish, working alongside others.

Comodohacker said on Monday on Pastebin that he breached DigiNotar, an issuer of SSL certificates, in order to punish the Dutch government for the actions of its soldiers in Srebrenica, where 8,000 Muslims were killed by Serbian forces in 1995 during the Bosnian War.

More than 500 fraudulent SSL certificates were issued by DigiNotar after its systems were breached. A report released on Monday by DigiNotar's auditor, Fox-IT, found that more than 300,000 unique IP addresses may have accessed Google account information under the fraudulent certificate, potentially meaning the data exchanged with Google could have been intercepted.

Most of those IP addresses were located in Iran, which has raised questions about the connection between Comodohacker and perhaps the Iranian government, which closely monitors the Internet for anti-government dissent.

"That's the mystery" said Mikko Hypponen, chief research officer for the security vendor F-Secure. "How do we go from these rogue certificates to widescale interception of Iranian citizens?"

Hypponen said it is likely that the person claiming to be Comodohacker accomplished both the DigiNotar and Comodo hacks as claimed on Pastebin. The style of broken English is the same, and Comodohacker also apparently created certificates using Persian phrases he used during the Comodo hack, Hypponen said.

Comodohacker also wrote in his Pastebin note that he has gained access to four more "certificate authorities," which are entities or companies like DigiNotar and Comodo that issue SSL certificates. He claimed to have access to GlobalSign, a widely used certificate authority.

Steve Roylance, GlobalSign's business development director, said the company has started an investigation.

"There's no concrete evidence of anything that has happened so far," Roylance said. "We are taking this very seriously at the moment."

Comodohacker also wrote on Monday that he had in the past hacked StartCom, another certificate authority, but indicated that the attack didn't work.

StartCom's chief operating officer and CTO, Eddy Nigg, said on Tuesday that his company detected the attack in June but was able to block it before Comodohacker could issue any fraudulent certificates.

Send news tips and comments to jeremy_kirk@idg.com

EDGE 2015:: For all the latest on EDGE 2015 including the keynote speakers visit the EDGE mini-site now

2015 ARN ICT Industry Awards: Nominations for the 2015 ARN ICT Industry Awards close on June 26. NOMINATE NOW!!!

Follow Us

Join the ARN newsletter!

Error: Please check your email address.

Tags intrusionStartComsecuritydata breachf-secureExploits / vulnerabilitiesGlobalSigndata protectionDigiNotar

Upcoming

Slideshows

IN PICTURES: OKI Data Australia partner event (+10 photos)
Business Products

IN PICTURES: OKI Data Australia partner event (+10 photos)

OKI recently hosted its ChannelOne dealer forum for its executive series channel partners to get together and learn about the company's new high-performance ES8400 A3 multifunction series printers. After a welcome and business overview from OKI Data Australia managing director, Dennie Kawahara, delegates were given a comprehensive overview of the new product, as well as an update on the latest marketing initiatives and software solutions, before being treated to live demos and a product showcase. Partners were also given a preview of OKI’s upcoming A3 digital LED white toner printer. With more than 60 delegates attending from all over the country, the day concluded with dinner at Casa Ristorante Italiano in Sydney and several delegates also participated in a friendly game of golf the following morning.

IN PICTURES: OKI Data Australia partner event (+10 photos)
Email 101: 11 tips to manage your email

Email 101: 11 tips to manage your email

If you’re a college graduate entering the workforce, you may quickly find you aren’t prepared for the volume of email that awaits you in the corporate world. These 11 tips will help you master forwards, filtering and more.

Email 101: 11 tips to manage your email

iasset.com is a channel management ecosystem that automates all major aspects of the entire sales, marketing and service process, including data tracking, integrated learning, knowledge management and product lifecycle management.

Show Comments