On Sunday, a single hacker took responsibility for the Comodo attack, backing up his claim with decompiled code.
"I'm not a group of hacker [sic], I'm single hacker with experience of 1,000 hackers," wrote the attacker in a post on Pastebin.com late Saturday. He called himself "ComodoHacker" and said he's 21 years old.
ComodoHacker alleged that he had gained full access to InstantSSL.it, the Italian arm of Comodo's InstantSLL certificate selling service, then decompiled a DLL file he found on its server to uncover the reseller account's username and password.
With the username and password in hand, said ComodoHacker, he was able to generate the nine certificates, "all in about 10-15 minutes." His message was signed "Janam Fadaye Rahbar," which reportedly means "I will sacrifice my soul for my leader."
The InstantSLL.it Web site is currently offline.
Robert Graham, the CEO of Errata Security, believes ComodoHacker is telling a straight story.
"As a pentester who does attacks similar to what the ComodoHacker did, I find it credible," Graham said Sunday on the Errata blog . "I find it probable that (1) this is the guy, (2) he acted alone, (3) he is Iranian, (4) he's patriotic but not political."
But Mikko Hypponen, the chief research officer of Helsinki-based F-Secure, sounded skeptical.
"Do we really believe that a lone hacker gets into a [certificate authority], can generate any cert he wants...and goes after login.live.com instead of paypal.com?" asked Hypponen on Twitter .
Graham had an answer for Hypponen's question.
"[Comodo Hacker] started with one goal, that of factoring RSA keys, and ended up reaching a related goal, forging certificates," said Graham. "He didn't think of PayPal because he wasn't trying to do anything at all with the forged certificates."
ComodoHacker also lit into the West -- Western media in particular -- for quickly concluding that the Iranian government was involved when it had downplayed possible U.S. and Israeli connections to Stuxnet, the worm that most experts believe was aimed at Iran's nuclear program .
He also threatened to unleash his skills against those he said were enemies of Iran.
"Anyone inside Iran with problems, from fake Green Movement to all MKO members and two-faced terrorists, should [be] afraid of me personally," said ComodoHacker. "I won't let anyone inside Iran, harm people of Iran, harm my country's Nuclear Scientists, harm my Leader (which nobody can), harm my President."
When USA and Israel write Stuxnet, nobody talks about it, nobody gots blamed, nothing happened at all,
so when I sign certificates nothing happens, I say that, when I sign certificates nothing should
When USA and Isarel could read my emails in Yahoo, Hotmail, Skype, Gmail, etc. without any simple
little problem, when they can spy using Echelon, I can do anything I can. It's a simple rule. You do,
happen. It's a simple deal.
"As I live, you don't have privacy in internet, you don't have security in digital world, just wait and see," ComodoHacker said.
Full Version: It's A Simple Deal.
No soul has authority over another. Guidance and straying is a matter between God and you.
aakwrAllahwbHu
Reminds me of my online liaison with a girl whose attention I attracted. And I could discover only a few days later that she happens to be a hacker!!
Thus spake that heart hacker, too!!
la ilaaha illaa Allaahu Al-‘Atheemu Al-Haleemu, la ilaaha illaa Allaahu Rabbul ‘arshil-‘atheemi,
la ilaaha illaa Allaahu Rabbus-samaawaati wa Rabbul-ardhi wa Rabbul-‘arshil-kareemi
there is no god except Allah, the All-Mighty, the Forbearing; there is no god except Allah, the Lord of the Mighty Throne;
there is no god except Allah, Lord of the heavens, Lord of the earth and Lord of the noble Throne.
aakwrAllahwbHu
Reminds me of my online liaison with a girl whose attention I attracted. And I could discover only a few days later that she happens to be a hacker!!
QUOTE
"As I live, you don't have privacy in internet, you don't have security in digital world, just wait and see"
Thus spake that heart hacker, too!!
la ilaaha illaa Allaahu Al-‘Atheemu Al-Haleemu, la ilaaha illaa Allaahu Rabbul ‘arshil-‘atheemi,
la ilaaha illaa Allaahu Rabbus-samaawaati wa Rabbul-ardhi wa Rabbul-‘arshil-kareemi
there is no god except Allah, the All-Mighty, the Forbearing; there is no god except Allah, the Lord of the Mighty Throne;
there is no god except Allah, Lord of the heavens, Lord of the earth and Lord of the noble Throne.
QUOTE
Thus spake that heart hacker, too!!
We understand him well
This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.