An Iranian hacker has claimed responsibility for last week’s attempt to hack the internet’s Secure Socket layer (SSL).
The attack involved accessing the computer systems of Comodo, which issues the certificates that guarantee security. If successful, it would have allowed the hackers to impersonate Google, Yahoo, Skype, Mozilla and Microsoft, enabling them to grab passwords, read email messages and monitor any other user activities.
Comoro traced the atack to Iran, and theorized that it had been state-sponsored.
But now an individual hacker, who says he’s just 21. is claiming that he acted alone. In a posting on Pastebin, he gives details designed to prove his authorship of the attack, including the email address of Comodo’s CEO and the relevant user name and password.
He’s a modest chap.
“I’m not a group of hacker, I’m single hacker with experience of 1,000 hackers, I’m single programmer with experience of 1,000 programmers, I’m single planner/project manager with experience of 1,000 project managers,” he says.
He says that after examining the SSL protocol, he found and exploited a weakness in InstantSSL.
The man says he carried out the attack in retaliation for the Stuxnet worm, which he says was created by the US and Israel to target Iran’s nuclear reprocessing facilities.
“When USA and Israel creates Stuxnet, nobody talks about it, nobody blamed, nothing happened at all,” he says. “Where were you when Stuxnet created by Israel and USA with millions of dollar budget, with access to SCADA systems and Nuclear softwares? Why no one asked a question from Israel and USA ambassador to UN?”
Chester Wisniewski of security firm Sophos says its still unclear whether the hacker had backing from the Iranian government.
“If it was a lone hacker making a point, why issue certificates for these specific websites, all related to secure communication methods often used by dissidents to organize protests and share news with the world?” he says.
“His ramblings certainly show his support for Mahmoud Ahmadinejad and the current Iranian regime, but there are no conclusive ties to his government.”