DigiNotar saga is here to continue and it seems like the end is yet too far. There is a responsibility claimer for the mischief which has been done in the name of DigiNotar. The digital miscreant known as ComodoHacker has been a bit more open about his hacking into the company and stated that he still has access to four more Certificate Authorities (CA).
The Comodo forgery of certificate hacking had died down a bit since March, even though the Comodohacker had claimed responsibility to hack certificates which he had disclosed via a Pastebin account wherein he displayed proofs of carrying out the attacks. The issue came back to life on Tuesday when net security firm F-Secure reported that the same individual or individuals were involved in hacking of DigiNotar certificates.
To add to the problems, the hacker even said that he has access to four more ‘high-profile’ CAs, which remained unnamed from his side. The threat was still very much active as he retained his ability to issue new rogue certificates, which included code signing certificates. Surprisingly, the claimed hacker has a Twitter account active which is by the username ichsunx2. He even plans to give interviews via ichsun@ymail.com.
To just prove his sophistication, he posted the password of the domain administrator which was Pr0d@dm1n and a few questions for the readers to think about. The questions were:
– you can’t have remote desktop connection in a really closed and protected network by firewalls which doesn’t allow Reverse VNC, VNC, remote desktop, etc. by packet detection.
– you can’t even dump hashes of domain if you don’t have admin privilege to crack them
– you can’t access 6th layer network which have no ANY connection to internet from internet
The common link between the two victims was that the hackers got access to generate bogus SSL certificates. It proves a point that the certificates were used as a medium to mount convincing phishing or man-in-the-middle attacks.
Briefing about the message which was posted by the hacker via his Pastebin account, wherein he had detailed the March mischief too relating to Comodo compromise, the hacker gave his reason for the hacking. He wrote that the recent hack of DigiNotar was because of the Duch military who had failed to protect Srebrenica during the Bosnian War. He detailed about the monetary loss, the hacker said that the investment of 13 million dollars by the Dutch government’s to DigiNotar would be wasted and he claimed yet again that he caused the havoc from KMs away.
Another instance which has a claimer in the form of the same hacker was of Startcom CA. The result was that the company’s certificate signing was suspended temporary.
For a bit of the background, the DigiNotar saga has been on for quite some time now and to summarize the event as per the multiple blog posts, Google and Microsoft, along with Mozilla have banned DigiNotar Certificate Authority already in their browsers. The move was with concern to the problem created by DigiNotar as it had issued more than 200 rogue certificates for legitimate web sites and services one can even see a list of the services and sites which were affected by it here.