Slashdot Mirror

← Back to Stories (view on slashdot.org)

Lone Iranian Claims Credit For Comodo Hack

Posted by Soulskill on from the army-of-one dept.

nk497 writes "A boastful Iranian hacker has claimed sole responsibility for the Comodo security certificate attack, saying it had nothing to do with his government. The 21-year-old claimed via a note on PasteBin, 'I'm not a group of hacker, I'm single hacker with experience of 1,000 hackers.' While some researchers believed his claims, saying the media had accepted Comodo's claims that the attack was from the Iranian government too easily, others said it was impossible to tell if the hacker was real, or a PR move by Iran."

41 of 72 comments (clear)

  1. Why provide him a platform? by bogaboga · · Score: 2

    Isn't Slashdot providing this dude a platform for [free] publicity? Why is this story even here? Nothing about it is substantiated at all.

    The only thing I can guarantee is that there is a human being at the other end who is now in the news.

    1. Re:Why provide him a platform? by iamhassi · · Score: 1

      Dude? I thought this was a PR move by Iran?

      --
      my karma will be here long after I'm gone
  2. Re:An anonymous claim of skill? by _Sprocket_ · · Score: 4, Funny

    New infosec meme.... "with experience of 1,000 hackers."

  3. Huh? by nog_lorp · · Score: 2

    This message is sort of retarded. First he tried to solve prime factorization, and then he was like "maybe I should hack a CA instead"? And later he will do us the favor of "proving it is not possible" to come up with a prime factorization algorithm?

  4. rules, rules, rules by simoncpu+was+here · · Score: 1

    I'm glad there's no rule #34 of this Iranian hacker.

    1. Re:rules, rules, rules by coyote_oww · · Score: 3, Funny

      If he has the experience of 1000 hackers, it would still not involve a single woman.

  5. Uhg... by Anonymous Coward · · Score: 1

    This is the first I saw a straightforward description of the hack... "SQL injection, then privilage escalation, got SYSTEM shell, remote desktop, investigation and I discovered trustdll.dll :)" Where trustdll.dll was a c# lib he decompiled and saw hard-coded credentials. This was it? Really?

  6. Of course it's a PR move by Weaselmancer · · Score: 4, Insightful

    I mean come on, really?

    'I'm not a group of hacker, I'm single hacker with experience of 1,000 hackers.'

    Sounds just like the Iraqi Information Minister or Kim Jong Il. "Oh no no no! I not a group or government no! I am super skilled hacker with skill of 1000 men. I can play 18 rounds of golf in 18 shots by getting 18 hole in one. Yes! I just that good!"

    --
    Weaselmancer
    rediculous.
    1. Re:Of course it's a PR move by bongey · · Score: 1

      18 rounds of golf in 18 shots

      Just 18 I could do it 1

    2. Re:Of course it's a PR move by Anonymous Coward · · Score: 1

      'I'm not a group of hacker, I'm single hacker with experience of 1,000 hackers.'

      Something tells me this guy will soon become a single dead hacker with experience of 1,000 virgins.

      Tip your server. I'll be here all the week.

    3. Re:Of course it's a PR move by Anonymous Coward · · Score: 1

      First, the Dear Leader did not claim to make 18 hole-in-ones. Just a hole-in-one one the first par 4, his first hole ever (although they didn't mention if he took a practice swing), and all the subsequent par 3s. I believe his final score was somewhere in the 40s.

      Second, I did the exact same thing once on Tiger Woods PGA Tour 2009 on Xbox, so I wasn't impressed.

    4. Re:Of course it's a PR move by retchdog · · Score: 1

      it's 38 under par, so ~34 shots, and with five holes-in-one claimed.

      --
      "They were pure niggers." – Noam Chomsky
    5. Re:Of course it's a PR move by failedlogic · · Score: 1

      I think you are heading down the right direction here in finding this network based SCWMD assault (Security Certificates for the Web of Massively Disorganized). Unfortunately the hacker will be very difficult to identify. As you allude, a skilled hacker that can write press releases like the Iraqi Information Minister, instill fear like only Kim Jong Ill can do and yet still have the time to practice and play a perfect round of 18 rounds of golf. I think while the clues you offer are an attempt to be helpful, I don't think any one person could have such a skill set.

    6. Re:Of course it's a PR move by syousef · · Score: 1

      'I'm not a group of hacker, I'm single hacker with experience of 1,000 hackers.'

      Sounds just like the Iraqi Information Minister or Kim Jong Il. "Oh no no no! I not a group or government no! I am super skilled hacker with skill of 1000 men. I can play 18 rounds of golf in 18 shots by getting 18 hole in one. Yes! I just that good!"

      Actually my first thought was Charlie Sheen...winning with the power of his mind once again....I know, I know, that was last week's meme.

      --
      These posts express my own personal views, not those of my employer
    7. Re:Of course it's a PR move by antdude · · Score: 1

      That is why I like to say "prove it!". :)

      --
      Ant(Dude) @ Quality Foraged Links (AQFL.net) & The Ant Farm (antfarm.ma.cx / antfarm.home.dhs.org).
    8. Re:Of course it's a PR move by AlienIntelligence · · Score: 1

      18 rounds of golf in 18 shots

      Just 18 I could do it 1

      Chuck? Chuck Norris? Is that you?

      -AI

      --
      For me, it is far better to grasp the Universe as it really is than to persist in delusion
    9. Re:Of course it's a PR move by MrSenile · · Score: 1

      No, if it was Chuck Norris, he'd get all 18 holes in one without swinging, without the need for a ball, and without having to get out of bed to actually show up.

  7. Re:Who do we believe? by ls671 · · Score: 1

    Hmm... If I understand your post correctly, let me comment a bit:

    Do you know how certificate signing work ?

    Done properly, one should never reveal its certificates private keys at any time. So in the end, a certificate signed by an external company should be as confidential as a self signed certificate or a certificate signed by a company you trust.

    This is the whole idea behind PKI.

    Granted, I have seen many people who do not understand this important point. I have seen cases where the the signing authority was aware of the private key but this should never occur if you know a bit about PKI 101.

    --
    Everything I write is lies, read between the lines.
  8. I'm convinced by wrencherd · · Score: 4, Funny
    From TFA:

    The individual, who calls himself ComodoHacker

    Well, there you are.

    1. Re:I'm convinced by binaryseraph · · Score: 1

      Or to the rest of the SSL using world: CommodeHacker.

  9. Re:Dude can't speak English very well. by Anonymous Coward · · Score: 2, Funny

    Snake Plisskin. I've heard of you. I HEARD YOU WERE DEAD!

  10. It was really just the MCP by Dachannien · · Score: 1

    I've grown 2,415 times smarter since then.

  11. Re:An anonymous claim of skill? by kill-1 · · Score: 5, Funny

    Follow-ups:

    "I should mention my age is 21"

    "How smartass you are?"

    "My orders will equal to CIA orders"

    "I'm a GHOST"

    "I'm unstoppable, so afraid if you should afraid, worry if you should worry."

    "I did it one time, make sure I'll do it again" (reminds me of Steve Ballmer)

    "RSA 2048 was not able to resist in front of me"

  12. Having the skill of 1000 hackers... by sdguero · · Score: 1

    deserves 1000 virgins in the afterlife, right?

    1. Re:Having the skill of 1000 hackers... by sayfawa · · Score: 1

      No, no, no, the jihadists get the 1000 virgins. He gets the 1000 right hands.

      --
      Free the Quark 3 from asymptotic confinement! Bring your charm! Don't get down! All colours and flavours welcome!
  13. Re:An anonymous claim of skill? by game+kid · · Score: 1

    "I'm unstoppable, so afraid if you should afraid, worry if you should worry."

    I think 1,000 hackers is a pretty cool guy. eh takes over comodos and doesn't afraid of anything.

    --
    You can hold down the "B" button for continuous firing.
  14. Re:I am sorry. by Anonymous Coward · · Score: 2, Insightful

    I read all of his Pastie's.

    If you want a laugh, read them.

    A lot of egotistical shit talk from a guy who doesn't realize RSA simply cannot be "cracked". It's impossible.

    If you had any common sense, you would use your "hacks" on the actual people who have/had access to having CR's resigned.

    Also, let's not just throw around "symmetric" and "asymmetric" when dealing with encryption and hashing, it just makes you look dumb.

    And working on a way to derive two prime factors of a number is ridiculous, you won't ever accomplish it. Simply because we are dealing with numbers larger than the processing ability of most computers that can be accessed (spare some), and the fact that primality tests aren't something you can simply "write".

    I thought I had an epiphany in math class a few weeks ago (pre-calc is boring as fuck, and my Ti-84 only can do so much, even with asm programmin), and realized that if you took any number, you can first run it against basic tests and tests of division. Even numbers out, numbers whom digits add up to a multiple of 3 are out, etc. After that, you are fucked.

    RSA is secure. Period. It's implementation can only be *so* secure.

    And lol, if you want to do something actually epic, and worth bragging about, steal the private RSA key and code yourself a resigner. Until then, stop acting like you did anything tremendously amazing.

    This is all >implying this kid isn't just frontin.

    -Thilo The "Hax"

    Are you talking about yourself? You're only in high school. The extent of your formal math knowledge is beneath basic calculus. Shut up and get over yourself.

  15. Re:First Rule Of Iranian Hacker Club...... by Isaac+Remuant · · Score: 1

    It loses it's magic after Google Translate... :P

    On a serious note, Is it possible that the grammar mistakes are intentional? Would a decent hacker who'd have to deal with the English language all around make so many mistakes? I'm asking out of total ignorance here.

    --
    "Science can amuse and fascinate us all, but it is engineering that changes the world. " - Asimov.
  16. He sounds VERY pro-government! by damoncz · · Score: 4, Interesting

    I am an Iranian dissident living outside Iran and this guy is VERY pro-government, which is a rarity in Iran if you are following the news.. Line 41: "A message in Persian: Janam Fadaye Rahbar" Means "my life sacrificed for the Leader". Only Khamenei goons otter that. I smell something fishy. Can't be a lone hacker...

    1. Re:He sounds VERY pro-government! by iamhassi · · Score: 1

      Means "my life sacrificed for the Leader". Only Khamenei goons otter that. I smell something fishy. Can't be a lone hacker...

      Maybe he took the blue pill...

      --
      my karma will be here long after I'm gone
    2. Re:He sounds VERY pro-government! by AB3A · · Score: 1

      Mod parent up for informative post.

      This boastful diatribe is not the mark of a really smart person. It seems more like a cult member taunting the public.

      I do not doubt that he could be crazy and smart at the same time. I think Iran's leadership has noticed the power of the stuxnet virus/worm. They're rightfully embarrassed. However, instead of fixing their problems and moving on, they're lashing out with dweebs like this deluded idiot.

      The fact is that our CA platforms of trust are quite vulnerable. We should be afraid, though perhaps not from drooling whack jobs like this. Take time to review where your trust has been given, and then make some decisions. However, I wouldn't lose much sleep over something like this.

      --
      Nearly fifty percent of all graduates come from the bottom half of the class!
    3. Re:He sounds VERY pro-government! by GameboyRMH · · Score: 1

      Who says he isn't the Iranian equivalent of The Jester?

      --
      "When information is power, privacy is freedom" - Jah-Wren Ryel
  17. He didn't mean he had the skill of 1000 hackers by CrazyJim1 · · Score: 1

    He meant to say he had the skill of a 1000 hacks.

    --
    God spoke to me.
  18. Re:An anonymous claim of skill? by _Sprocket_ · · Score: 1

    I think 1,000 hackers is a pretty cool guy. eh takes over comodos and doesn't afraid of anything.

    Dude. I was in to 1,000 Hackers before they were cool. Now they're just sell-outs.

  19. Newer Info by LoneHighway · · Score: 1

    Jacob Appelbaum tweeted this earlier. Comodohacker may be for real.

    It appears that the #comodogate hacker has posted the secret key for Mozilla's cert: http://pastebin.com/X8znzPWH

    1. Re:Newer Info by netsharc · · Score: 1

      BTW it's not "Mozilla's cert", it's the cert faking to be addons.mozilla.org that he created and signed through the compromised CA...

      --
      What time is it/will be over there? Check with my iPhone app!
    2. Re:Newer Info by Xest · · Score: 2

      Why would that make him legit? Just means if he's an Iranian propaganda agent that the actual group of Iranians, from perhaps Iranian military establishments that did the hack gave it to this PR guy to paste.

      We know the hack was real, we know it came from Iran, nothing there changes that. That doesn't in any way prove he was a lone individual. only that he is at least connected to the person or people that really did the attacks.

  20. At least we know where they get the virgins by SmallFurryCreature · · Score: 1

    To bad suicide bombers, the virgins? It is this guy... mind you, if you examine world history especially in the sunnier parts... they might not mind.

    --

    MMO Quests are like orgasms:

    You may solo them, I prefer them in a group.

  21. Re:Hack Like An Lone Iranian by Zanadou · · Score: 1

    Would you like to sell a vowel?

  22. More info by raulfragoso · · Score: 1

    An interview with ComodoHacker: http://erratasec.blogspot.com/2011/03/interview-with-comodohacker.html His twitter account is @ichsunx

  23. till.. by 0dugo0 · · Score: 1

    He had me till HAARP.