Iranian hacker claims credit for Comodo, RSA penetrations

Solo hackers may have more anti-US success than 'Cyber Army'

On Thursday I mentioned, in conjunction with successful attacks on the highly secure Comodo and RSA security sites, the brag of an Iranian general that his "Cyber Army" was attacking "web sites of the enemy."

Since the general announced his success a day before the actual attack, it would have been easy to assume the two successful attacks and his premature announcement were an unusually cunning bit of psy-ops misdirection or tradecraft.

Hanlon's Razor (Never attribute to malice that which is adequately explained by stupidity.) requires we assume they weren't connected, or that both bragger and attacker were idiots.

The jury's still out on the general, but the attacks seem to have come not from the state-sponsored Basij militia group that is made up of teenage boys, college students, professors and other "brave" defenders of the Islamic revolution, the general said.

The actual attacks he bragged about appear to be the Feb. 21 attack on the U.S. government's Voice of America site, whose DNS entries were altered so links to it send viewers to a site showing this image and message calling on the U.S. to stop "interfering in Islamic countries."

This week someone claiming to be the actual attacker who got nine fake security certificates from Comodo and to have cracked RSA, surfaced this week claiming both to be a 21-year-old cracker who is not part of the Basij Cyber Army and implies he's part of a group with the programming, project management and hacking experience of 1,000 hackers.

While part of that is "an almost unbelievable amount of BS in its purest form" as arstechnica put it, it also sounds like the kind of overblown-metaphorical defiance we've heard from Saddam Hussein, Moammar Quaddaffi.

That doesn't mean this guy is necessarily dangerous, rather than a BS artist, just that too-literal translations from Persian or Arabic tend to sound flowery, circumlocutory or dependent on turns of phrase that make them sound silly rather than dangerous, at least to Western ears.

Claiming to be a lone operator, rather than a member of a hacker group strictly controlled by the state makes him sound more credible as a hacker, as do the details he provides on how the cracks were accomplished and what his goals were.

What it does mean is that the Iranian government and Iranian military don't have full control over all the people in the country with the skills or desire to hack major governmental security systems.

Much worse, for the that Iran has a skilled and probably sizable population of people who are IT savvy, curious, a little obsessive, wanting badly to prove their own skills, intelligence or worth, and secretive about their activities.

We have them, too, of course. They play Spot the Fed at Black Hat and rake in lulz at 4Chan.

The Iranian contingent probably doesn't like being monitored or controlled by their government any more than our hackers like the same treatment from ours.

The difference is that Iranian hackers apparently don't like our government, either, and are willing to turn the same effort against it and against the Western-dominated portions of the Internet, that U.S. hackers turn against Visa,Bank of America, the Church of Scientology and Rebecca Black.

I hope theirs aren't as skilled as ours have gotten to be.

Kevin Fogarty writes about enterprise IT for ITworld. Follow him on Twitter @KevinFogarty.

ITWorld DealPost: The best in tech deals and discounts.
Shop Tech Products at Amazon