On Sunday, a single hacker took responsibility for the Comodo attack, backing up his claim with decompiled code.
"I'm not a group of hacker [sic], I'm single hacker with experience of 1,000 hackers," wrote the attacker in a post on Pastebin.com late Saturday. He called himself "ComodoHacker" and said he's 21 years old.
ComodoHacker alleged that he had gained full access to InstantSSL.it, the Italian arm of Comodo's InstantSLL certificate selling service, then decompiled a DLL file he found on its server to uncover the reseller account's username and password.
With the username and password in hand, said ComodoHacker, he was able to generate the nine certificates, "all in about 10-15 minutes." His message was signed "Janam Fadaye Rahbar," which reportedly means "I will sacrifice my soul for my leader."
The InstantSLL.it Web site is currently offline.
Robert Graham, the CEO of Errata Security, believes ComodoHacker is telling a straight story.
"As a pentester who does attacks similar to what the ComodoHacker did, I find it credible," Graham said Sunday on the Errata blog . "I find it probable that (1) this is the guy, (2) he acted alone, (3) he is Iranian, (4) he's patriotic but not political."
But Mikko Hypponen, the chief research officer of Helsinki-based F-Secure, sounded skeptical.
"Do we really believe that a lone hacker gets into a [certificate authority], can generate any cert he wants...and goes after login.live.com instead of paypal.com?" asked Hypponen on Twitter .
Graham had an answer for Hypponen's question.
"[Comodo Hacker] started with one goal, that of factoring RSA keys, and ended up reaching a related goal, forging certificates," said Graham. "He didn't think of PayPal because he wasn't trying to do anything at all with the forged certificates."
ComodoHacker also lit into the West -- Western media in particular -- for quickly concluding that the Iranian government was involved when it had downplayed possible U.S. and Israeli connections to Stuxnet, the worm that most experts believe was aimed at Iran's nuclear program .
He also threatened to unleash his skills against those he said were enemies of Iran.
"Anyone inside Iran with problems, from fake Green Movement to all MKO members and two-faced terrorists, should [be] afraid of me personally," said ComodoHacker. "I won't let anyone inside Iran, harm people of Iran, harm my country's Nuclear Scientists, harm my Leader (which nobody can), harm my President."
When USA and Israel write Stuxnet, nobody talks about it, nobody gots blamed, nothing happened at all,
so when I sign certificates nothing happens, I say that, when I sign certificates nothing should
When USA and Isarel could read my emails in Yahoo, Hotmail, Skype, Gmail, etc. without any simple
little problem, when they can spy using Echelon, I can do anything I can. It's a simple rule. You do,
happen. It's a simple deal.
"As I live, you don't have privacy in internet, you don't have security in digital world, just wait and see," ComodoHacker said.
This post has been edited by est931: Apr 3 2011, 03:39 AM