Comodo hacker claims another certificate authority
IDG News Service - The hacker who claimed credit for breaking into systems belonging to digital certificate vendor Comodo said he has compromised another certificate authority, along with two more Comodo partners, a move that could further undermine trust in the system used to secure websites on the Internet.
In an e-mail interview Tuesday the hacker, who calls himself "Ich Sun," said he'd breached security at another certificate authority, but declined to provide details on the incident or any proof that he'd managed to pull off another attack. "Talking about second CA have no use for me, except giving away my work and corrupting it, sorry," he said in the broken English he's used in all public communications.
He may have succeeded by breaking into a Comodo partner who was also able to create digital certificates through another certificate authority (CA). Over the past weekend, Ich Sun tried to compromise two other Comodo partners, one of whom also partnered with a different certificate authority according to Comodo CEO Melih Abdulhayoglu. Neither of the attacks was successful against the Comodo system, thanks to newly introduced security measures, but Abdulhayoglu does not know whether the second CA was compromised, he said.
Certificate authorities like Comodo issue the trusted digital certificates used by SSL (Secure Sockets Layer) encryption to prove that a particular computer on the Internet is what it claims to be: that the computer you visit when you type Google.com actually belongs to Google, for example. Browsers use these digital certificates when they're connecting to secure Web pages, but they're also used to secure Internet mail and virtual private networks. CAs often work with partners, called registration authorities, who charge to confirm the identity of the company and then use the CA's system to generate a cryptographic signature for the company in question.
Ich Sun broke into Comodo's Italian registration authority, called Comodo Italy, and on March 15 used Comodo's systems to fraudulently issue nine digital certificates.
Comodo went public with details of the attack on Thursday and is cooperating with Italian police and the U.S. Federal Bureau of Investigation on the case, but that has not deterred Ich Sun.
These attacks highlight weaknesses in a widely used part of the Internet's security infrastructure, but they also provide a glimpse into the shadowy nature of Internet crime. Nobody knows exactly who Ich Sun is, or what his (or her, or their) true motives might be.
Ich Sun said he broke into Comodo Italy using a very common database attack known as SQL injection. He entered data into Web-based forms that tricked the back-end database into running commands that should have been prohibited. He then took advantage of another flaw to get remote access to this system and was eventually in control of the servers used by two Comodo Italy websites: GlobalTrust.it and InstantSSL.it. He said he found a password hard-coded into a file on one of the systems that ultimately allowed him to issue the digital certificates.
- The Truth About Cloud Security "Security" is the number one issue holding business leaders back from the cloud. But does the reality match the perception?
- Enable secure remote access to 3D data without sacrificing visual perfomance Design and manufacturing companies must adapt quickly to the demands of an increasingly global and competitive economy. To speed time to market for...
- Virtually Delivered High Performance 3D Graphics "A picture is worth a thousand words." That old phrase is as true today as it ever was. Pictures (i.e., those with heavy...
- Best Practices for Securing Hadoop Historically, Apache Hadoop has provided limited security capabilities. To protect sensitive data being stored and analyzed in Hadoop, security architects should use a...
- What should I look for in a Next Generation Firewall? SANS Provides Guidance With so many vendors claiming to have a Next Generation Firewall (NGFW), it can be difficult to tell what makes each one different....
- Responding to New SSL Cybersecurity Threat The featured Gartner research examines current strategies to address new SSL cybersecurity threats and vulnerabilities. All Security White Papers | Webcasts
Our new bimonthly Internet of Things newsletter helps you keep pace with the rapidly evolving technologies, trends and developments related to the IoT. Subscribe now and stay up to date!