All the latest UK technology news, reviews and analysis
|
|
|
06 Sep 2011
The hacker behind the DigiNotar certificate authentication theft in August has been revealed as the Iranian Comodo Hacker after he admitted to the theft in a blog post.
Comodo Hacker hit the headlines in March when he hacked the Comodo system and stole nine SSL certificates. The company believed initially that the attack originated from the Iranian government, but it now seems to have been the action of one individual.
In the latest post, entitled Striking Back, the hacker declined to disclose how he perpetrated the attack on DigiNotar, but listed a series of systems he had managed to infiltrate to brag of his prowess.
"I'll talk technical details of hack later. How I got access to six layer network behind internet servers of DigiNotar, how I found passwords, how I got system privilege in fully patched and up-to-date system," he said.
"How I bypassed their nCipher NetHSM, their hardware keys, their RSA certificate manager, how I got full remote desktop connection when there was firewalls that blocked all ports except 80 and 443."
Comodo Hacker also claimed that he has certificate authority (CA) codes from other companies, again boasting of his skills in gaining this information.
"You know, I have access to four more HIGH profile CAs, which I can issue certs from them too which I will. I won't name them," he wrote.
"I also had access to StartCom CA, I hacked their server too with sophisticated methods. He was lucky by being sitted in front of HSM [hardware security module] for signing, I will name just one more which I still have access: GlobalSign."
F-Secure chief research officer Mikko Hyppönen said in a blog post that the revelation was not a huge surprise.
"Almost from the beginning of the DigiNotar CA disaster we had a reason to believe the case was connected to ComodoGate, the hacking of another CA earlier this year by an Iranian attacker," he said.
The DigiNotar attack affected major companies including Google and Mozilla, which had to revoke access for the rogue certificates.
Latest stories from Security
Related articles
Related jobs
Poll
Are you confident that the UK's IT infrastructure is secure from attack in the wake of the Flame malware revelations?
Orange and Intel talk us through the ins and outs of their San Diego smartphone
Connect with V3.co.uk
Social networking is almost ubiquitous. This white paper examines the benefits and risks and it looks at the different ways companies can reconcile them
The importance of understanding your infrastructure
Project Manager - Credit Risk - Finance IT - Investment...
Infrastructure Configuration Manager/Analyst/Data Modeler...
Lead Perl Developer, Apache, SQL, Unix/Linux, Shell Scripting...
**Perl /Java Developer, Web/ JEE application servers...
Keep up to date with the latest products, services and technologies from the world's leading IT companies. IThound.com brings you over 2,000 white papers, case studies and analyst reports.
Do you agree?