An Iranian hacker/troll has claimed to have hacked the hell out of the verification certificates websites use to ensure user security. The hacker calls himself Comodohacker. He is quoted in the NYT:
Comodohacker was plainspoken about his motivations.
“My country should have control over Google, Skype, Yahoo, etc.,” he said by e-mail. “I’m breaking all encryption algorithms and giving power to my country to control all of them.”
In the days since his attack was discovered, Comodohacker posted lengthy explanations on Pastebin, a sort of Internet bulletin board, of how he had penetrated the system of the Dutch firm and why, along with his e-mail address.
He has also boasted of his own skills, calling his work the “most sophisticated hack of all time,” and at one point exclaiming: “I’m really sharp, powerful, dangerous and smart!”
My problem with the story is that either Comodohacker is the dumbest patriot ever – or he’s playing a game whose rules we haven’t fully grasped.
- If you hack a system to track opponents – why tell them?
- Why post the hack on pastebin with explanations?
- Are you an idiot or a master of irony? “I’m really sharp, powerful, dangerous and smart!”
The hack is real. Comodohacker? I’m not so sure. Regardless the NYT article has one thing right:
In the annals of Internet attacks, this is likely to go down as a moment of reckoning. For activists, it shows the downside of using online tools to organize: an opponent with enough determination and resources just might find a way to track their every move.