Comodo hacker claims more CA breaches

Comodo hacker claims more CA breaches

Summary: The hacker that broke into four Certificate Authorities (CAs) and vowed that more attacks would come has claimed that he now has access to several more CAs, but has ruled out Australia as a target.

SHARE:
TOPICS: Security
0

The hacker that broke into four Certificate Authorities (CAs) and vowed that more attacks would come has claimed that he now has access to several more CAs, but has ruled out Australia as a target.

(secure_failed image by Wrote, CC BY 2.0)

In an interview with ZDNet Australia, the 21-year-old Iranian hacker, who goes by the alias "Sun Ich", said that he currently has access to three more CAs, and would continue to focus his efforts solely on CAs rather than any other targets. He wouldn't disclose which CAs he had tapped into.

In his last statement via the ComodoHacker Pastebin account, he had said that he was aiming to compromise three other CAs, but did not divulge whether he had them under control yet. CAs are responsible for authorising the digital certificates that determine which websites browsers can trust.

However, any CA with roots in Australia, for example CAcert, need not be worried that the hacker has compromised their systems. Sun Ich said that he does not consider Australia to be a target, since he believes that the nation has done nothing wrong.

Sun Ich's previous attacks have been politically motivated, with the hacker claiming that he was targeting spies from foreign agencies within Iran that were able to read citizens' emails and track social media use.

Sun Ich was also critical of members of the AntiSec movement and Anonymous, calling them "script kiddies" — unskilled hackers that rely on pre-written scripts to attack others, without understanding how they work.

"Some script kiddies hack some web server with a simple SQL injection bug, then they download that server's data and they think they leaked a big load of really highly so important data," he said. "When you get access in www server, for important data finding, you have to get behind walls. [They are] just some low-skilled hackers [that] do some not so important [work], but with good media coverage.

"When a person puts a file on www server, he/she already should know that data will be [on the] internet soon, so that's not important."

He also avoided Anonymous' IRC channels, saying that he doesn't have enough time to waste on them, and adding that he prefers to work alone.

He was "never ever" worried about the prospect of being caught, cryptically asking "have you ever watched Mission Impossible?"

Topic: Security

Michael Lee

About Michael Lee

A Sydney, Australia-based journalist, Michael Lee covers a gamut of news in the technology space including information security, state Government initiatives, and local startups.

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

0 comments
Log in or register to start the discussion