A hacker claimed responsibility for the rogue security certificates from Dutch security firm DigiNotar, which were believed used to spy on Iranian users.
The hacker, who uses the handle “ComodoHacker,” also claimed to have access to at least four other high-profile certificate authorities, including US-based GlobalSign.
“You know, I have access to 4 more so HIGH profile CAs, which I can issue certs from them too which I will, I won’t name them, I also had access to StartCom CA, I hacked their server too with so sophisticated methods, he was lucky by being sitted (sic) in front of HSM for signing, I will name just one more which I still have access: GlobalSign, let me use these accesses and CAs, later I’ll talk about them too..,” the hacker said in a Pastebin message.
A report on The Hacker News said the hacker even shared the domain administrator password of DigiNotar.
The hacker also hinted part of his motivation was the Dutch government’s killing of 8,000 Muslims 16 years ago.
“For now keep thinking about what Dutch government did in 16 years ago in same day of my hack, I’ll talk later and I’ll introduce to you MOST sophisticated hack of the year which will come more, you have to also wait for other CA’s certificates to be used by me, then I’ll talk about them too,” he added.
Earlier this week, computer security firm Trend Micro noted data showing Iranians were the targets of the recent compromise of Dutch certification authority DigiNotar.
It said the rogue SSL certificates, which can allow the interception of supposedly secure communications like email, were used for spying on Iranian Internet users on a large scale.
“We found that Internet users in more than 40 different networks of ISPs and universities in Iran were confronted with rogue SSL certificates issued by DigiNotar. Even worse: we found evidence that some Iranians who used software designed to circumvent censorship and snooping on traffic were not protected against the massive man-in-the-middle attack,” it said in a blog post.
Last July, hackers managed to create rogue SSL certificates for hundreds of domain names, including google.com and even the entire .com top level domain by breaking into systems of Certification Authority DigiNotar in the Netherlands.
Such rogue SSL certificates can be used in man-in-the-middle attacks where encrypted secure web traffic can be read by a third party. The rogue certificates were discovered Aug. 29. — TJD, GMA News
Article source: http://ph.news.yahoo.com/iranian-hacker-claims-responsibility-rogue-google-certs-120410949.html
View full post on National Cyber Security » Computer Hacking