Skip to navigation
Latest News

Lone Iranian claims credit for Comodo certificate hack

blue web thing

By Nicole Kobie

Posted on 28 Mar 2011 at 08:34

An Iranian hacker has claimed the security certificate attack against Comodo, claiming it wasn't backed by the Government.

Last week, the security certificate issuing authority admitted it had been hacked, with the attackers creating fake security certificates for sites such as Gmail, Skype, Hotmail and more.

Comodo said the nature of the hack and the targets lead it to believe the attack was instigated by the Iranian Government.

A hacker is somebody who doesn't realize that what he’s attempting is impossible

That belief has been thrown into doubt by posts on website PasteBin from a hacker who claims to have managed the attack by himself. The individual, who calls himself ComodoHacker, claims to be a 21-year-old Iranian.

He shared details of the attack in a post online, promising more attacks to come, and bragging: "I'm not a group of hacker, I'm single hacker with experience of 1,000 hackers".

Robert Graham, of security consultancy Errata, said the results of his firm's examination of the attack fit with the hacker's general claims.

Despite the complexity and size of the attack, Graham said it was possible the hack came from one person, and didn't need state backing. "A hacker is somebody who doesn't realise that what he’s attempting is impossible," he said in a blog post, explaining that the attack would have been accomplished "one clue at a time."

"This is why hacking gets addictive - solving puzzles like this is enormously satisfying. It's also why people are quick to assume the difficulty of a hack means a 'nation state' is involved rather than a '21-year-old college student'."

Graham agreed with the alleged hacker that many were to quick to jump to the conclusion that the attack was backed by the Iranian state. "More to the point, what evidence points to the Iranian Government in the first place? The answer is 'zero'," he said.

Lone hacker or good PR?

Others weren't so sure the claims should be believed. "Do we really believe that a lone hacker gets into a CA [certificate authority], can generate any certificate he wants... and goes after login.live.com instead of paypal.com?" F-Secure's Mikko Hypponen said via Twitter.

"The PasteBins look convincing," he added. "Whether they were posted by a 21-year-old lone gunman or Iran Government PR department, I don't know."

Chester Wisniewski, a security advisor from Sophos, added it was "impossible" to tell if the hacker was telling the truth, but whatever the case, it was clear that Comodo's security wasn't up to scratch.

"Once again we come back to insecure passwords and password handling techniques," he said in a post on the Sophos blog, adding that "the practice of directly signing certificates with the root certificate, as Comodo had been doing, is really bad practice."

US-based Comodo wasn't available for comment at the time of publishing.

Is your business a social business? For helpful info and tips visit our hub.

Subscribe to PC Pro magazine. We'll give you 3 issues for £1 plus a free gift - click here
Be the first to comment this article

You need to Login or Register to comment.

(optional)

advertisement

Latest Blog Posts Subscribe to our RSS Feeds
Latest ReviewsSubscribe to our RSS Feeds
Latest Real World Computing

advertisement

Sponsored Links
 
SEARCH
Loading
WEB ID
SIGN UP

Your email:

Your password:

remember me

advertisement


Hitwise Top 10 Website 2010
 
 

PCPro-Computing in the Real World Printed from www.pcpro.co.uk

Register to receive our regular email newsletter at http://www.pcpro.co.uk/registration.

The newsletter contains links to our latest PC news, product reviews, features and how-to guides, plus special offers and competitions.