Comodo hacker claims another certificate authority
IDG News Service - The hacker who claimed credit for breaking into systems belonging to digital certificate vendor Comodo said he has compromised another certificate authority, along with two more Comodo partners, a move that could further undermine trust in the system used to secure websites on the Internet.
In an e-mail interview Tuesday the hacker, who calls himself "Ich Sun," said he'd breached security at another certificate authority, but declined to provide details on the incident or any proof that he'd managed to pull off another attack. "Talking about second CA have no use for me, except giving away my work and corrupting it, sorry," he said in the broken English he's used in all public communications.
He may have succeeded by breaking into a Comodo partner who was also able to create digital certificates through another certificate authority (CA). Over the past weekend, Ich Sun tried to compromise two other Comodo partners, one of whom also partnered with a different certificate authority according to Comodo CEO Melih Abdulhayoglu. Neither of the attacks was successful against the Comodo system, thanks to newly introduced security measures, but Abdulhayoglu does not know whether the second CA was compromised, he said.
Certificate authorities like Comodo issue the trusted digital certificates used by SSL (Secure Sockets Layer) encryption to prove that a particular computer on the Internet is what it claims to be: that the computer you visit when you type Google.com actually belongs to Google, for example. Browsers use these digital certificates when they're connecting to secure Web pages, but they're also used to secure Internet mail and virtual private networks. CAs often work with partners, called registration authorities, who charge to confirm the identity of the company and then use the CA's system to generate a cryptographic signature for the company in question.
Ich Sun broke into Comodo's Italian registration authority, called Comodo Italy, and on March 15 used Comodo's systems to fraudulently issue nine digital certificates.
Comodo went public with details of the attack on Thursday and is cooperating with Italian police and the U.S. Federal Bureau of Investigation on the case, but that has not deterred Ich Sun.
These attacks highlight weaknesses in a widely used part of the Internet's security infrastructure, but they also provide a glimpse into the shadowy nature of Internet crime. Nobody knows exactly who Ich Sun is, or what his (or her, or their) true motives might be.
Ich Sun said he broke into Comodo Italy using a very common database attack known as SQL injection. He entered data into Web-based forms that tricked the back-end database into running commands that should have been prohibited. He then took advantage of another flaw to get remote access to this system and was eventually in control of the servers used by two Comodo Italy websites: GlobalTrust.it and InstantSSL.it. He said he found a password hard-coded into a file on one of the systems that ultimately allowed him to issue the digital certificates.
- PCI 3.0 Compliance In this white paper, learn how PCI-DSS 3.0 effects how you deploy and maintain PCI compliant networks using CradlePoint devices.
- Mitigating Security Risks at the Networks Edge This white paper provides strategies and best practices for distributed enterprises to protect their networks against vulnerabilities, threats, and malicious attacks.
- 5 Strategies for Modern Data Protection Read the five strategies for modern data protection that will not only help solve your current data management challenges but also ensure that...
- Single-Vendor Security Ecosystems Offer Concrete Benefits Over Point Solutions IT security decision-makers from companies with 100 to 5,000 employees evaluates the current endpoint security solution market based on Forrester's own market data,...
- Business-driven data protection Setting up data protection infrastructures with your organizations' core mission or business in mind is key. In this webinar, the ARCserve team will...
- On-Demand Webinar: Mind the Gap! Watch the webinar featuring Bob Janssen, CTO and Co-Founder of RES Software, to start building a solid foundation for business and IT to... All Security White Papers | Webcasts
Our new bimonthly Internet of Things newsletter helps you keep pace with the rapidly evolving technologies, trends and developments related to the IoT. Subscribe now and stay up to date!