Almost from the beginning of the
DigiNotar CA Disaster (report here), we had a reason to believe the case was
connected to "ComodoGate" — the hacking of another Certificate
Authority earlier this year, by an Iranian
attacker.
This connection has now been
confirmed.
After ComodoGate, the hacker
— who called himself
ComodoHacker — sent a series of
messages via his
Pastebin account. Then at the end of March 2011, it went silent.
We've been keeping an eye on it, just in case the
attacker will post something related to the
Diginotar case.
And he just did.
In his latest post, ComodoHacker
claims that he is the one that hacked DigiNotar as
well. He also claims he still has access to
four other "high-profile" CAs and is still
able to issue new rogue certificates (including
code signing certificates).
As a proof
to show that he really did infiltrate DigiNotar,
he shares the domain administrator password of the
CA network: Pr0d@dm1n. DigiNotar would be
able to confirm if this was accurate or not.
The
same hacker seems to be active on Twitter as well,
under the nickname "ich sun" at @ichsunx2.
The Certificate Authority system is
in bad shape indeed. For some answers on what we
should do next, we recommend watching
this video
of Moxie Marlinspike's Black Hat 2011 talk.