FBI probes breach into Internet security firm

A security breach that affected digital certificates issued by Internet security company Comodo has prompted an investigation by the Federal Bureau of Investigation (FBI). The FBI is focusing on how a hacker got a New Jersey, US-based company to issue the fraudulent certificates, tech site CNET reported. Italian law enforcement is also involved in the investigation, CNET quoted Comodo CEO Melih Abdulhayoglu as saying. "It is an ongoing investigation," Abdulhayoglu was quoted as saying. Last week, Comodo said it suspects an Iran state-driven attack behind the issuance of fake online certificates that targeted major email and online sites including those of Google, Yahoo, Skype, Mozilla, and Microsoft last week. It said that the incident, involving the issuance of nine fraudulent Secure Sockets Layer (SSL) certificates, took placelast March 15. "The circumstantial evidence suggests that the attack originated in Iran. The perpetrator has focused simply on the communication infrastructure (not the financial infrastructure as a typical cyber-criminal might). The perpetrator can only make use of these certificates if it had control of the DNS infrastructure. The perpetrator has executed its attacks with clinical accuracy. The Iranian government has recently attacked other encrypted methods of communication. All of the above leads us to one conclusion only:- that this was likely to be a state-driven attack," it said. Such certificates would have allowed an attacker to intercept encrypted data, including communications, through the targeted sites. It traced the incident to a breach in one of its affiliates, where an attacker used a hacked account to issue nine SSL certificates across seven domains. Comodo said it revoked all of these certificates immediately upon discovery. "The attacker was well prepared and knew in advance what he was to try to achieve. He seemed to have a list of targets that he knew he wanted to obtain certificates for, was able quickly to generate the CSRs for these certificates and submit the orders to our system so that the certificates would be produced and made available to him," Comodo noted. CNET said Abdulhayoglu confirmed that a reseller in Italy called GlobalTrust had its network compromised by a hacker traced to Iran. That person, or multiple people, obtained fake digital certificates for nine Web sites that also included Skype and Mozilla. "We're letting the government agencies handle the issue and figure out what exactly has happened here," Abdulhayoglu said. Meanwhile, CNET said an unknown person using the alias "ComodoHacker" and "ichsunx" has posted proof, in the form of an encryption key, that he (or she, or they) were responsible for the intrusions or in contact with whoever was. ComodoHacker claims to be a pro-regime cryptanalyst in Iran, arguing that the country should be free to pursue its "nuclear program, as it's simple right [sic] of each nation." — TJD, GMA News