computerwoche.de

Archiv

DigiNotar hacker threatens to expand spy attacks using stolen certificates

08.09.2011
The hacker with links to several breaches of SSL certificate-issuing networks this year admitted sharing stolen certificates with others in Iran, and threatened to extend future spy-style attacks to computer users in the U.S., Europe and Israel.

"I'll own as more as gateways in Israel, USA, Europe, as more as ISPs and attack will run there," the hacker said in a written in sometimes-fractured English.

Comodohacker, as he calls himself, also made new claims, saying that he stole sensitive data, including customer information, from two other certificate authorities, or CAs, the term for organizations of companies allowed to issue SSL (secure socket layer) certificates.

On Thursday, Comodohacker said he had penetrated the networks of StartCom, an Israeli CA, and U.S.-based GlobalSign.

"I have ALL emails, database backups, customer data which I'll publish all via cryptome in near future," Comodohacker said of StartCom, then about GlobalSign added, "I have access to their entire server, got [database] backups ... I even have private key of their OWN globalsign.com domain."

Comodohacker has previously taken credit for both the in March and the more recent intrusion of DigiNotar. In both cases, he was able to generate unauthorized SSL (secure socket layer) certificates.