ComodoHacker, the DigiNotar hacker, has revealed himself to be a 21-year-old Iranian patriot fighting a personal cyber-war on the West to expose anti-government activists in his country.
In an email interview with the New York Times, the hacker said he was a software engineering student in Tehran. He reveres Ayatollah Ali Khamenei and wants to expose national dissidents. The hacker is quite vociferous and has posted many of his views on the Pastebin postings site.
“My country should have control over Google, Skype, Yahoo, etc.,” he told the newspaper in an email. “I’m breaking all encryption algorithms and giving power to my country to control all of them.”
ComodoHacker, who also uses the name Ich Sun on Twitter, has concentrated on stealing secure sockets layer (SSL) certificates which would allow Iranian secret services to stage “man-in-the-middle” exploits to monitor and reveal anti-government communications in Iran.
“I’m totally independent,” Ich Sun emailed. “I just share my findings with some people in Iran. They are free to do anything they want with my findings and things I share with them, but I’m not responsible.”
The certificates stolen from DigiNotar are believed to have made it possible to intercept communications of up to 300,000 Iranian Gmail users. According to a report by Fox-IT, commissioned by the Dutch authorities to investigate the breach, all of DigiNotar’s servers were protected by a weak password. Investigators discovered malicious software on the servers that could easily have been located by antivirus software.
Ich Sun disputed this on Pastebin: “If I gave all hackers of the world, ALL hackers by it’s real meaning, they wouldn’t be able to reach that network behind all those firewalls, routers and final networks without any access to Internet which even doesn’t have Internet connection.”
He said that he chose DigiNotar because Dutch peacekeepers failed to prevent the massacre of muslims in Srebenica in 1995 and because of the frequent outbursts of anti-muslim criticism by Dutch legislator Geert Wilders.
Mikko Hyppönen, chief research officer with F-Secure, said that Ich Sun claims he has access to four other “high-profile” CAs and is still able to issue new rogue certificates (including code signing certificates). “He also has the old-school hacker mentality where he likes to boast,” Hyppönen added.
Thoma Bravo agrees to acquire Darktrace for $5.32 billion in cash, delivering some welcome news…
Customer adoption of AI services embedded in cloud services continues to deliver results for Microsoft,…
TikTok's 'secret source' algorithm is so core to ByteDance, it would rather shut down US…
After relocating from California to Texas in 2020, Oracle's Larry Ellison now reveals plan to…
Share price hit after Meta admits heavy AI spending plans, after posting strong first quarter…
For third time Google delays phase-out of third-party Chrome cookies after pushback from industry and…