DigiNotar Hack … and Hubris?

An Iranian hacker/troll has claimed to have hacked the hell out of the verification certificates websites use to ensure user security. The hacker calls himself Comodohacker. He is quoted in the NYT:

 

Comodohacker was plainspoken about his motivations.

“My country should have control over Google, Skype, Yahoo, etc.,” he said by e-mail. “I’m breaking all encryption algorithms and giving power to my country to control all of them.”

In the days since his attack was discovered, Comodohacker posted lengthy explanations on Pastebin, a sort of Internet bulletin board, of how he had penetrated the system of the Dutch firm and why, along with his e-mail address.

He has also boasted of his own skills, calling his work the “most sophisticated hack of all time,” and at one point exclaiming: “I’m really sharp, powerful, dangerous and smart!”

My problem with the story is that either Comodohacker is the dumbest patriot ever – or he’s playing a game whose rules we haven’t fully grasped.

  1. If you hack a system to track opponents – why tell them?
  2. Why post the hack on pastebin with explanations?
  3. Are you an idiot or a master of irony? “I’m really sharp, powerful, dangerous and smart!”

The hack is real. Comodohacker? I’m not so sure. Regardless the NYT article has one thing right:

In the annals of Internet attacks, this is likely to go down as a moment of reckoning. For activists, it shows the downside of using online tools to organize: an opponent with enough determination and resources just might find a way to track their every move.

Hacker Rattles Internet Security Circles – NYTimes.com

 

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: