ComodoHacker Declares Private Cyber-War

The DigiNotar and Comodo SSL certificate hacker has declared his manifesto to rid Iran of dissidents

ComodoHacker, the DigiNotar hacker, has revealed himself to be a 21-year-old Iranian patriot fighting a personal cyber-war on the West to expose anti-government activists in his country.

In an email interview with the New York Times, the hacker said he was a software engineering student in Tehran. He reveres Ayatollah Ali Khamenei and wants to expose national dissidents. The hacker is quite vociferous and has posted many of his views on the Pastebin postings site.

“My country should have control over Google, Skype, Yahoo, etc.,” he told the newspaper in an email. “I’m breaking all encryption algorithms and giving power to my country to control all of them.”

Socket Layer Certificate Specialist

ComodoHacker, who also uses the name Ich Sun on Twitter, has concentrated on stealing secure sockets layer (SSL) certificates which would allow Iranian secret services to stage “man-in-the-middle” exploits to monitor and reveal anti-government communications in Iran.

He compromised certification authority (CA) Comodo, in Italy last March and in August he successfully targeted the Netherlands company DigiNotar. The resultant cancellation of DigiNotar certificates threatens the future of the flagship Dutch certification authority.

“I’m totally independent,” Ich Sun emailed. “I just share my findings with some people in Iran. They are free to do anything they want with my findings and things I share with them, but I’m not responsible.”

The certificates stolen from DigiNotar are believed to have made it possible to intercept communications of up to 300,000 Iranian Gmail users. According to a report by Fox-IT, commissioned by the Dutch authorities to investigate the breach, all of DigiNotar’s servers were protected by a weak password. Investigators discovered malicious software on the servers that could easily have been located by antivirus software.

Ich Sun disputed this on Pastebin: “If I gave all hackers of the world, ALL hackers by it’s real meaning, they wouldn’t be able to reach that network behind all those firewalls, routers and final networks without any access to Internet which even doesn’t have Internet connection.”

He said that he chose DigiNotar because Dutch peacekeepers failed to prevent the massacre of muslims in Srebenica in 1995 and because of the frequent outbursts of anti-muslim criticism by Dutch legislator Geert Wilders.

Mikko Hyppönen, chief research officer with F-Secure, said that Ich Sun claims he has access to four other “high-profile” CAs and is still able to issue new rogue certificates (including code signing certificates). “He also has the old-school hacker mentality where he likes to boast,” Hyppönen added.