Comodo hacker hints at more stolen certificates

The Iranian hacker allegedly responsible for stealing digital certificates, which included Mozilla, Gmail and Skype, has hinted there may be more outstanding hacks

The hacker allegedly responsible for stealing digital certificates from Comodo has said that further certificate authorities may have been hacked.

In an email interview, the hacker going by the name Sun Ich said "maybe there is more CAs involved", but would not elaborate, saying only that it is the decision of affected authorities to come forward. There are hundreds of certificate authorities (CAs) around the world, responsible for authorising digital certificates that determine which websites browsers can trust. CAs use registration authorities to administer certificates.

The alleged lone Iranian hacker made headlines after he broke into one of Comodo's registration authorities InstantSSL.it and obtained nine fraudulent digital certificates for the likes of Gmail, Microsoft Live, Mozilla and Skype. He posted the private key to the Mozilla certificate as proof of the attacks.

For more on this ZDNet UK-selected story, see Comodo attacker hints at more CA hacks on ZDNet Australia.


Get the latest technology news and analysis, blogs and reviews delivered directly to your inbox with ZDNet UK's newsletters.