Iranian hacker claims responsibility for rogue Google certs

A hacker claimed responsibility for the rogue security certificates from Dutch security firm DigiNotar, which were believed used to spy on Iranian users. The hacker, who uses the handle “ComodoHacker," also claimed to have access to at least four other high-profile certificate authorities, including US-based GlobalSign. “You know, I have access to 4 more so HIGH profile CAs, which I can issue certs from them too which I will, I won’t name them, I also had access to StartCom CA, I hacked their server too with so sophisticated methods, he was lucky by being sitted (sic) in front of HSM for signing, I will name just one more which I still have access: GlobalSign, let me use these accesses and CAs, later I’ll talk about them too..," the hacker said in a Pastebin page. A report on The Hacker News said the hacker even shared the domain administrator password of DigiNotar. On the other hand, computer security firm Sophos said one of the four firms, GlobalSign, will not issue certificates while it investigates the matter. "GlobalSign, the fifth largest certificate issuer according to NetCraft, responded to this news by immediately ceasing any further signing of certificates while they investigate," Sophos' Chester Wisniewski said in a blog post. 'Religious cause' The hacker also hinted part of his motivation was the Dutch government’s killing of 8,000 Muslims 16 years ago. “For now keep thinking about what Dutch government did in 16 years ago in same day of my hack, I’ll talk later and I’ll introduce to you MOST sophisticated hack of the year which will come more, you have to also wait for other CA’s certificates to be used by me, then I’ll talk about them too," he added. Earlier this week, computer security firm Trend Micro noted data showing Iranians were the targets of the recent compromise of Dutch certification authority DigiNotar. It said the rogue SSL certificates, which can allow the interception of supposedly secure communications like email, were used for spying on Iranian Internet users on a large scale. “We found that Internet users in more than 40 different networks of ISPs and universities in Iran were confronted with rogue SSL certificates issued by DigiNotar. Even worse: we found evidence that some Iranians who used software designed to circumvent censorship and snooping on traffic were not protected against the massive man-in-the-middle attack," it said in a blog post. Last July, hackers managed to create rogue SSL certificates for hundreds of domain names, including google.com and even the entire .com top level domain by breaking into systems of Certification Authority DigiNotar in the Netherlands. Such rogue SSL certificates can be used in man-in-the-middle attacks where encrypted secure web traffic can be read by a third party. The rogue certificates were discovered Aug. 29. — TJD, GMA News