DigiNotar hacker threatens to expand spy attacks using stolen certificates
Continues to claim he's acting alone, but some aren't buying that
Computerworld - The hacker with links to several breaches of SSL certificate-issuing networks this year admitted sharing stolen certificates with others in Iran, and threatened to extend future spy-style attacks to computer users in the U.S., Europe and Israel.
"I'll own as more as gateways in Israel, USA, Europe, as more as ISPs and attack will run there," the hacker said in a long, rambling statement today written in sometimes-fractured English.
Comodohacker, as he calls himself, also made new claims, saying that he stole sensitive data, including customer information, from two other certificate authorities, or CAs, the term for organizations of companies allowed to issue SSL (secure socket layer) certificates.
On Thursday, Comodohacker said he had penetrated the networks of StartCom, an Israeli CA, and U.S.-based GlobalSign.
"I have ALL emails, database backups, customer data which I'll publish all via cryptome in near future," Comodohacker said of StartCom, then about GlobalSign added, "I have access to their entire server, got [database] backups ... I even have private key of their OWN globalsign.com domain."
Comodohacker has previously taken credit for both the Comodo hack in March and the more recent intrusion of DigiNotar. In both cases, he was able to generate unauthorized SSL (secure socket layer) certificates.
DigiNotar, one of hundreds of firms authorized to issue digital certificates that authenticate a website's identity, admitted on Aug. 30 that its servers were compromised weeks earlier. A report made public Monday said hackers had acquired 531 certificates, including many used by the Dutch government.
Comodohacker also provided details on the DigiNotar hack, saying that he had penetrated the Dutch company's network even though it was protected by a hardware security module, or HSM, and supposedly safeguarded by token-management systems provided by RSA and Thale.
RSA made the news last March when it acknowledged a hack that let attackers steal information related to its SecurID token system. A later hack of Lockheed Martin, one of the U.S.'s largest military contractors, was blamed on the SecurID fiasco.
Because almost all the people affected by the DigiNotar attack were from Iran, many experts suspect that the hack was sponsored or encouraged by the Iranian government, which wanted them to spy on its citizens.
Comodohacker denied that today, but admitted he had shared the stolen Google certificate with others. "I'm the only hacker, just I have shared some certs with some people in Iran, that's all," he asserted.
Eddy Nigg, the chief technology officer of StartCom, one of the two companies Comodohacker singled out today, wasn't buying it.
"I believe the hacker(s) are not directly related to Iran in any way, but simply criminals getting paid for every targeted certificate," said Nigg in an email reply to questions. "But the attacker or attackers is most likely not Iranian nor a student nor 21 years old. Evidence we have highly suggests that."
- Everything You Know About Enterprise Security Is Wrong
- UK man charged with hacking Federal Reserve
- McAfee Offers Global Response to Nationalized Malware
- Tech Industry Praises Cybersecurity Framework From White House
- Ransomware like Cryptolocker uses Bitcoin, other virtual currencies for payment
- Trial for alleged Silk Road creator Ross Ulbricht set for November
- Target attack shows danger of remotely accessible HVAC systems
- U.S. is investigating Target data breach, AG Holder says
- Russian man pleads guilty in SpyEye malware case
- Suspected email hackers for hire charged in four countries
- 15 Non-Certified IT Skills Growing in Demand
- How 19 Tech Titans Target Healthcare
- Twitter Suffering From Growing Pains (and Facebook Comparisons)
- Agile Comes to Data Integration
- Slideshow: 7 security mistakes people make with their mobile device
- iOS vs. Android: Which is more secure?
- 11 sure signs you've been hacked
- Who's Spying on You? You're aware of the threats of malware to your business but what about the ever-changing ground rules? Cybercriminals today are launching attacks against...
- Pay-as-you-Grow Data Protection: IBM Tivoli's Full-featured Data Protection Suite for Small to Medium Businesses IBM Tivoli Storage Manager Suite for Unified Recovery gives small and medium businesses the opportunity to start out with only the individual solutions...
- Streamline Data Protection with IBM Tivoli Storage Manager Operations Center IBM Tivoli Storage Manager (TSM) has been an industry-standard data protection solution for two decades. But, where most competitors focus exclusively on Backup...
- Simplify and Consolidate Data Protection for Better Business Results Learn about IBM® Tivoli® Storage Manager Operations Center, which provides advanced visualization, built-in analytics and integrated workflow automation features that leapfrog traditional backup...
- Meg Whitman presents Unlocking IT with Big Data During this Web Event you will hear Meg Whitman, President and CEO, HP discuss HAVEn - the #1 Big Data platform, as well...
- The New Way to Work Knowledge Vault This Knowledge Vault focuses on how, in today's increasingly virtual world, it's more important than ever to engage deeply with employees, suppliers, partners,... All Cybercrime and Hacking White Papers | Webcasts