[LINK] other CAs breached ..

stephen at melbpc.org.au stephen at melbpc.org.au
Mon Sep 12 22:22:33 AEST 2011

Kim notes,

> Comodo hacker: I hacked DigiNotar too; other CAs breached
> .. Calling himself ComodoHacker, the hacker claims that DigiNotar is
> not the only certificate authority he has broken into. He says that he
> has broken into GlobalSign, and a further four more CAs he won't name ..

And, in the words of 'ComodoHacker' ..


He claims to be 21 years old, a student of software engineering in Tehran 
who reveres Ayatollah Ali Khamenei and despises dissidents in his 

Comodohacker said he began his explorations by scrolling through a list 
of certificate authority companies. DigiNotar caught his interest because 
it was Dutch. 

He said he was motivated by the failure of Dutch peacekeepers to prevent 
the massacres of Muslims in Srebenica in 1995. He also said he chose the 
Dutch company because of a Dutch legislator, Geert Wilders, who has built 
a political career out of criticizing Muslims in his country. 

DigiNotar, which is owned by an Illinois company called Vasco Data 
Security International, did not make the attack particularly difficult, 
according to a report by Fox-IT, a security company that was commissioned 
by the Dutch government to investigate. 

The company’s critical servers contained malicious software that should 
have been spotted by antivirus tools, the report said, and the servers 
related to certificates were all protected by just one weak password. 

DigiNotar did not respond to requests for comment last week. 

Comodohacker, as he calls himself, insists he acted on his own and is 
unperturbed by the notion that his work may have been used to spy on 
antigovernment compatriots. 

"I’m totally independent, I just share my findings with some people in 
Iran. They are free to do anything they want with my findings and things 
I share with them.” 

In the annals of Internet attacks, this is likely to go down as a moment 
of reckoning ..     <http://www.nytimes.com/2011/09/12/technology>

(Microsoft patched this machine anyway last Friday ..)

More information about the Link mailing list