Lone hacker owns the Comodo certificate compromise
Posted on 28 March 2011.
Bookmark and Share
Last week's revelation that a Comodo affiliate Registration Authority has been compromised and that nine rogue SSL certificates have been issued for popular domains such as Gmail, Google Search, Yahoo, Skype and Mozilla Add-ons, has reverberated across the Internet.

Questions have been raised on whether the entire online certificate system is deeply flawed and speculations about the source of the attack have been voiced. According to Comodo, details of the attack seem to point to a state-sponsored effort.

"The attack came from several IP addresses, but mainly from Iran. The attacker was well prepared and knew in advance what he was to try to achieve," Comodo explained. "It does not escape notice that the domains targeted would be of greatest use to a government attempting surveillance of Internet use by dissident groups."

Also, the fact that the perpetrator has focused on the communication infrastructure and can only make use of the certificates if it has control of the DNS infrastructure makes Comodo's researchers believe it was likely a state-driven attack.

But on Saturday, a message posted by the alleged "Comodo Hacker" on Pastebin.com has added more fuel to the speculations. By his own admission, the hacker is Iranian, but claims not to be a member of the Iranian Cyber Army.

He says he is "a single hacker with experience of 1000 hackers", saying that Comodo's researchers are wrong in their assumption that a team of hackers was behind the incident.

He says that he first tried to bring down the SSL root certificate system by attacking the RSA algorithm, but after that approached proved too difficult, he decided to use the vulnerabilities in InstantSSL.it - Comodo's parner's website - to access the RA's servers and generate the Certificate Signing Requests submitted to the CA.

Some security researchers believe his claims, and some do not. To prove his claims, the hacker also published part of the decompiled TrustDLL of Comodo's partner that stored the unencrypted password that gave him access.

Still, as Sophos' Chester Wisniewski notes, "If it was a lone hacker making a point, why issue certificates for these specific websites, all related to secure communication methods often used by dissidents to organize protests and share news with the world?"






Spotlight

Identifying security innovation strategies

Posted on 14 April 2014.  |  Tom Quillin is the Director of Cyber Security Technology and Initiatives at Intel Corporation. In this interview he talks about security innovation, current and future threats.


Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.
  



Daily digest

Receive a daily digest of the latest security news.
  

DON'T
MISS

Thu, Apr 17th
    COPYRIGHT 1998-2014 BY HELP NET SECURITY.   // READ OUR PRIVACY POLICY // ABOUT US // ADVERTISE //