DigiNotar hacker threatens to expand spy attacks using stolen certificates

Continues to claim he's acting alone, but some aren't buying that

By , Computerworld |  Security, ssl certificates

The hacker with links to several breaches of SSL certificate-issuing networks this year admitted sharing stolen certificates with others in Iran, and threatened to extend future spy-style attacks to computer users in the U.S., Europe and Israel.

"I'll own as more as gateways in Israel, USA, Europe, as more as ISPs and attack will run there," the hacker said in a long, rambling statement today written in sometimes-fractured English.

Comodohacker, as he calls himself, also made new claims, saying that he stole sensitive data, including customer information, from two other certificate authorities, or CAs, the term for organizations of companies allowed to issue SSL (secure socket layer) certificates.

On Thursday, Comodohacker said he had penetrated the networks of StartCom, an Israeli CA, and U.S.-based GlobalSign.

"I have ALL emails, database backups, customer data which I'll publish all via cryptome in near future," Comodohacker said of StartCom, then about GlobalSign added, "I have access to their entire server, got [database] backups ... I even have private key of their OWN globalsign.com domain."

Comodohacker has previously taken credit for both the Comodo hack in March and the more recent intrusion of DigiNotar. In both cases, he was able to generate unauthorized SSL (secure socket layer) certificates.

DigiNotar, one of hundreds of firms authorized to issue digital certificates that authenticate a website's identity, admitted on Aug. 30 that its servers were compromised weeks earlier. A report made public Monday said hackers had acquired 531 certificates, including many used by the Dutch government.

Comodohacker also provided details on the DigiNotar hack, saying that he had penetrated the Dutch company's network even though it was protected by a hardware security module, or HSM, and supposedly safeguarded by token-management systems provided by RSA and Thale.

RSA made the news last March when it acknowledged a hack that let attackers steal information related to its SecurID token system. A later hack of Lockheed Martin, one of the U.S.'s largest military contractors, was blamed on the SecurID fiasco .

Originally published on Computerworld |  Click here to read the original story.
Join us:






Answers - Powered by ITworld

ITworld Answers helps you solve problems and share expertise. Ask a question or take a crack at answering the new questions below.

Ask a Question