Forgot your password?
typodupeerror
Security The Internet IT

Lone Iranian Claims Credit For Comodo Hack 72

Posted by Soulskill
from the army-of-one dept.
nk497 writes "A boastful Iranian hacker has claimed sole responsibility for the Comodo security certificate attack, saying it had nothing to do with his government. The 21-year-old claimed via a note on PasteBin, 'I'm not a group of hacker, I'm single hacker with experience of 1,000 hackers.' While some researchers believed his claims, saying the media had accepted Comodo's claims that the attack was from the Iranian government too easily, others said it was impossible to tell if the hacker was real, or a PR move by Iran."
This discussion has been archived. No new comments can be posted.

Lone Iranian Claims Credit For Comodo Hack

Comments Filter:
  • by nog_lorp (896553) on Monday March 28, 2011 @06:58PM (#35646002)
    This message is sort of retarded. First he tried to solve prime factorization, and then he was like "maybe I should hack a CA instead"? And later he will do us the favor of "proving it is not possible" to come up with a prime factorization algorithm?
  • I'm glad there's no rule #34 of this Iranian hacker.
  • by Anonymous Coward
    This is the first I saw a straightforward description of the hack... "SQL injection, then privilage escalation, got SYSTEM shell, remote desktop, investigation and I discovered trustdll.dll :)" Where trustdll.dll was a c# lib he decompiled and saw hard-coded credentials. This was it? Really?
  • by Weaselmancer (533834) on Monday March 28, 2011 @07:06PM (#35646082)

    I mean come on, really?

    'I'm not a group of hacker, I'm single hacker with experience of 1,000 hackers.'

    Sounds just like the Iraqi Information Minister or Kim Jong Il. "Oh no no no! I not a group or government no! I am super skilled hacker with skill of 1000 men. I can play 18 rounds of golf in 18 shots by getting 18 hole in one. Yes! I just that good!"

    • by bongey (974911)

      18 rounds of golf in 18 shots

      Just 18 I could do it 1

      • 18 rounds of golf in 18 shots

        Just 18 I could do it 1

        Chuck? Chuck Norris? Is that you?

        -AI

        • by MrSenile (759314)
          No, if it was Chuck Norris, he'd get all 18 holes in one without swinging, without the need for a ball, and without having to get out of bed to actually show up.
    • by Anonymous Coward

      'I'm not a group of hacker, I'm single hacker with experience of 1,000 hackers.'

      Something tells me this guy will soon become a single dead hacker with experience of 1,000 virgins.

      Tip your server. I'll be here all the week.

    • by Anonymous Coward

      First, the Dear Leader did not claim to make 18 hole-in-ones. Just a hole-in-one one the first par 4, his first hole ever (although they didn't mention if he took a practice swing), and all the subsequent par 3s. I believe his final score was somewhere in the 40s.

      Second, I did the exact same thing once on Tiger Woods PGA Tour 2009 on Xbox, so I wasn't impressed.

    • I think you are heading down the right direction here in finding this network based SCWMD assault (Security Certificates for the Web of Massively Disorganized). Unfortunately the hacker will be very difficult to identify. As you allude, a skilled hacker that can write press releases like the Iraqi Information Minister, instill fear like only Kim Jong Ill can do and yet still have the time to practice and play a perfect round of 18 rounds of golf. I think while the clues you offer are an attempt to be helpfu

    • by syousef (465911)

      'I'm not a group of hacker, I'm single hacker with experience of 1,000 hackers.'

      Sounds just like the Iraqi Information Minister or Kim Jong Il. "Oh no no no! I not a group or government no! I am super skilled hacker with skill of 1000 men. I can play 18 rounds of golf in 18 shots by getting 18 hole in one. Yes! I just that good!"

      Actually my first thought was Charlie Sheen...winning with the power of his mind once again....I know, I know, that was last week's meme.

    • He meant to say he had the skill of a 1000 hacks.
    • by antdude (79039)

      That is why I like to say "prove it!". :)

  • by wrencherd (865833) on Monday March 28, 2011 @07:10PM (#35646114)
    From TFA:

    The individual, who calls himself ComodoHacker

    Well, there you are.

  • I've grown 2,415 times smarter since then.

  • deserves 1000 virgins in the afterlife, right?
  • by damoncz (648166) on Monday March 28, 2011 @09:56PM (#35647472)
    I am an Iranian dissident living outside Iran and this guy is VERY pro-government, which is a rarity in Iran if you are following the news.. Line 41: "A message in Persian: Janam Fadaye Rahbar" Means "my life sacrificed for the Leader". Only Khamenei goons otter that. I smell something fishy. Can't be a lone hacker...
    • by iamhassi (659463)

      Means "my life sacrificed for the Leader". Only Khamenei goons otter that. I smell something fishy. Can't be a lone hacker...

      Maybe he took the blue pill...

    • by AB3A (192265)

      Mod parent up for informative post.

      This boastful diatribe is not the mark of a really smart person. It seems more like a cult member taunting the public.

      I do not doubt that he could be crazy and smart at the same time. I think Iran's leadership has noticed the power of the stuxnet virus/worm. They're rightfully embarrassed. However, instead of fixing their problems and moving on, they're lashing out with dweebs like this deluded idiot.

      The fact is that our CA platforms of trust are quite vulnerable. We sho

    • Who says he isn't the Iranian equivalent of The Jester?

  • Jacob Appelbaum tweeted this earlier. Comodohacker may be for real.

    It appears that the #comodogate hacker has posted the secret key for Mozilla's cert: http://pastebin.com/X8znzPWH [pastebin.com]

    • by netsharc (195805)

      BTW it's not "Mozilla's cert", it's the cert faking to be addons.mozilla.org that he created and signed through the compromised CA...

    • by Xest (935314)

      Why would that make him legit? Just means if he's an Iranian propaganda agent that the actual group of Iranians, from perhaps Iranian military establishments that did the hack gave it to this PR guy to paste.

      We know the hack was real, we know it came from Iran, nothing there changes that. That doesn't in any way prove he was a lone individual. only that he is at least connected to the person or people that really did the attacks.

  • An interview with ComodoHacker: http://erratasec.blogspot.com/2011/03/interview-with-comodohacker.html [blogspot.com] His twitter account is @ichsunx
  • by 0dugo0 (735093)

    He had me till HAARP.

The first version always gets thrown away.

Working...