Beta

Slashdot: News for Nerds

×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Lone Iranian Claims Credit For Comodo Hack

Soulskill posted more than 3 years ago | from the army-of-one dept.

Security 72

nk497 writes "A boastful Iranian hacker has claimed sole responsibility for the Comodo security certificate attack, saying it had nothing to do with his government. The 21-year-old claimed via a note on PasteBin, 'I'm not a group of hacker, I'm single hacker with experience of 1,000 hackers.' While some researchers believed his claims, saying the media had accepted Comodo's claims that the attack was from the Iranian government too easily, others said it was impossible to tell if the hacker was real, or a PR move by Iran."

cancel ×

72 comments

a question of faith in the middle east? (0)

MichaelKristopeit419 (2018878) | more than 3 years ago | (#35645764)

unbelievable.

Why provide him a platform? (2)

bogaboga (793279) | more than 3 years ago | (#35645836)

Isn't Slashdot providing this dude a platform for [free] publicity? Why is this story even here? Nothing about it is substantiated at all.

The only thing I can guarantee is that there is a human being at the other end who is now in the news.

Re:Why provide him a platform? (1)

iamhassi (659463) | more than 3 years ago | (#35647526)

Dude? I thought this was a PR move by Iran?

Read it wrong (1)

QA (146189) | more than 3 years ago | (#35645794)

Anyone else read this as "lone attack on commode"? Gives it a whole new meaning.....

Who do we believe? (0)

Anonymous Coward | more than 3 years ago | (#35645804)

Then again, why should we care?

Security certificates from external companies are all used by security agencies anyway - I for one don't want my stuff being snooped on.

Re:Who do we believe? (1)

ls671 (1122017) | more than 3 years ago | (#35646092)

Hmm... If I understand your post correctly, let me comment a bit:

Do you know how certificate signing work ?

Done properly, one should never reveal its certificates private keys at any time. So in the end, a certificate signed by an external company should be as confidential as a self signed certificate or a certificate signed by a company you trust.

This is the whole idea behind PKI.

Granted, I have seen many people who do not understand this important point. I have seen cases where the the signing authority was aware of the private key but this should never occur if you know a bit about PKI 101.

Dude can't speak English very well. (0)

Anonymous Coward | more than 3 years ago | (#35645806)

I say we hack him ... to pieces.

Re:Dude can't speak English very well. (0)

Anonymous Coward | more than 3 years ago | (#35645934)

a 1,000 pieces

Re:Dude can't speak English very well. (2, Funny)

Anonymous Coward | more than 3 years ago | (#35646246)

Snake Plisskin. I've heard of you. I HEARD YOU WERE DEAD!

An anonymous claim of skill? (0)

Anonymous Coward | more than 3 years ago | (#35645830)

Probably trustworthy

Re:An anonymous claim of skill? (4, Funny)

_Sprocket_ (42527) | more than 3 years ago | (#35645958)

New infosec meme.... "with experience of 1,000 hackers."

Re:An anonymous claim of skill? (5, Funny)

kill-1 (36256) | more than 3 years ago | (#35646556)

Follow-ups:

"I should mention my age is 21"

"How smartass you are?"

"My orders will equal to CIA orders"

"I'm a GHOST"

"I'm unstoppable, so afraid if you should afraid, worry if you should worry."

"I did it one time, make sure I'll do it again" (reminds me of Steve Ballmer)

"RSA 2048 was not able to resist in front of me"

Re:An anonymous claim of skill? (0)

Anonymous Coward | more than 3 years ago | (#35646590)

Oh, if I could give you more mod points, I would.

Re:An anonymous claim of skill? (1)

game kid (805301) | more than 3 years ago | (#35646872)

"I'm unstoppable, so afraid if you should afraid, worry if you should worry."

I think 1,000 hackers is a pretty cool guy. eh takes over comodos and doesn't afraid of anything.

Re:An anonymous claim of skill? (1)

_Sprocket_ (42527) | more than 3 years ago | (#35648114)

I think 1,000 hackers is a pretty cool guy. eh takes over comodos and doesn't afraid of anything.

Dude. I was in to 1,000 Hackers before they were cool. Now they're just sell-outs.

Humble (0)

Anonymous Coward | more than 3 years ago | (#35645888)

Gotta love how he decided not to break RSA. *Decided*.

Huh? (2)

nog_lorp (896553) | more than 3 years ago | (#35646002)

This message is sort of retarded. First he tried to solve prime factorization, and then he was like "maybe I should hack a CA instead"? And later he will do us the favor of "proving it is not possible" to come up with a prime factorization algorithm?

Re:Huh? (0)

Anonymous Coward | more than 3 years ago | (#35646072)

pot, meet kettle.

rules, rules, rules (1)

simoncpu was here (1601629) | more than 3 years ago | (#35646004)

I'm glad there's no rule #34 of this Iranian hacker.

Re:rules, rules, rules (3, Funny)

coyote_oww (749758) | more than 3 years ago | (#35646056)

If he has the experience of 1000 hackers, it would still not involve a single woman.

At least we know where they get the virgins (1)

SmallFurryCreature (593017) | more than 3 years ago | (#35649174)

To bad suicide bombers, the virgins? It is this guy... mind you, if you examine world history especially in the sunnier parts... they might not mind.

First Rule Of Iranian Hacker Club...... (0)

Anonymous Coward | more than 3 years ago | (#35646076)

The first rule of Iranian hacker club.. Don't talk about Iranian hack club!!!!
no wait.. the first rule of Iranian hacker club is actually "I do, that's all. You stop, I don't stop.". Thanks not nearly as catchy.

Re:First Rule Of Iranian Hacker Club...... (1)

Isaac Remuant (1891806) | more than 3 years ago | (#35647324)

It loses it's magic after Google Translate... :P

On a serious note, Is it possible that the grammar mistakes are intentional? Would a decent hacker who'd have to deal with the English language all around make so many mistakes? I'm asking out of total ignorance here.

Re:First Rule Of Iranian Hacker Club...... (0)

Anonymous Coward | more than 3 years ago | (#35647730)

I doesn't have running water...but I can hack comodo...

Uhg... (1)

Anonymous Coward | more than 3 years ago | (#35646078)

This is the first I saw a straightforward description of the hack... "SQL injection, then privilage escalation, got SYSTEM shell, remote desktop, investigation and I discovered trustdll.dll :)" Where trustdll.dll was a c# lib he decompiled and saw hard-coded credentials. This was it? Really?

Of course it's a PR move (4, Insightful)

Weaselmancer (533834) | more than 3 years ago | (#35646082)

I mean come on, really?

'I'm not a group of hacker, I'm single hacker with experience of 1,000 hackers.'

Sounds just like the Iraqi Information Minister or Kim Jong Il. "Oh no no no! I not a group or government no! I am super skilled hacker with skill of 1000 men. I can play 18 rounds of golf in 18 shots by getting 18 hole in one. Yes! I just that good!"

Re:Of course it's a PR move (1)

bongey (974911) | more than 3 years ago | (#35646232)

18 rounds of golf in 18 shots

Just 18 I could do it 1

Re:Of course it's a PR move (1)

AlienIntelligence (1184493) | more than 3 years ago | (#35651348)

18 rounds of golf in 18 shots

Just 18 I could do it 1

Chuck? Chuck Norris? Is that you?

-AI

Re:Of course it's a PR move (1)

MrSenile (759314) | more than 3 years ago | (#35653486)

No, if it was Chuck Norris, he'd get all 18 holes in one without swinging, without the need for a ball, and without having to get out of bed to actually show up.

Re:Of course it's a PR move (1)

Anonymous Coward | more than 3 years ago | (#35646286)

'I'm not a group of hacker, I'm single hacker with experience of 1,000 hackers.'

Something tells me this guy will soon become a single dead hacker with experience of 1,000 virgins.

Tip your server. I'll be here all the week.

Re:Of course it's a PR move (1)

Anonymous Coward | more than 3 years ago | (#35646304)

First, the Dear Leader did not claim to make 18 hole-in-ones. Just a hole-in-one one the first par 4, his first hole ever (although they didn't mention if he took a practice swing), and all the subsequent par 3s. I believe his final score was somewhere in the 40s.

Second, I did the exact same thing once on Tiger Woods PGA Tour 2009 on Xbox, so I wasn't impressed.

Re:Of course it's a PR move (1)

retchdog (1319261) | more than 3 years ago | (#35646342)

it's 38 under par, so ~34 shots, and with five holes-in-one claimed.

Re:Of course it's a PR move (0)

Anonymous Coward | more than 3 years ago | (#35646334)

I mean come on, really?

'I'm not a group of hacker, I'm single hacker with experience of 1,000 hackers.'

Or like anon with the hyperbole ramped up to 11?

Re:Of course it's a PR move (0)

Anonymous Coward | more than 3 years ago | (#35648036)

That would mean anon has the experience of over 9000 hackers!

Re:Of course it's a PR move (1)

failedlogic (627314) | more than 3 years ago | (#35646378)

I think you are heading down the right direction here in finding this network based SCWMD assault (Security Certificates for the Web of Massively Disorganized). Unfortunately the hacker will be very difficult to identify. As you allude, a skilled hacker that can write press releases like the Iraqi Information Minister, instill fear like only Kim Jong Ill can do and yet still have the time to practice and play a perfect round of 18 rounds of golf. I think while the clues you offer are an attempt to be helpful, I don't think any one person could have such a skill set.

Re:Of course it's a PR move (1)

syousef (465911) | more than 3 years ago | (#35646862)

'I'm not a group of hacker, I'm single hacker with experience of 1,000 hackers.'

Sounds just like the Iraqi Information Minister or Kim Jong Il. "Oh no no no! I not a group or government no! I am super skilled hacker with skill of 1000 men. I can play 18 rounds of golf in 18 shots by getting 18 hole in one. Yes! I just that good!"

Actually my first thought was Charlie Sheen...winning with the power of his mind once again....I know, I know, that was last week's meme.

He didn't mean he had the skill of 1000 hackers (1)

CrazyJim1 (809850) | more than 3 years ago | (#35647594)

He meant to say he had the skill of a 1000 hacks.

Re:Of course it's a PR move (1)

antdude (79039) | more than 3 years ago | (#35647728)

That is why I like to say "prove it!". :)

Re:Of course it's a PR move (0)

Anonymous Coward | more than 3 years ago | (#35652374)

It's Charlie Sheen... he's taken up hacking now.

I'm convinced (4, Funny)

wrencherd (865833) | more than 3 years ago | (#35646114)

From TFA:

The individual, who calls himself ComodoHacker

Well, there you are.

Re:I'm convinced (1)

binaryseraph (955557) | more than 3 years ago | (#35647572)

Or to the rest of the SSL using world: CommodeHacker.

Hack Like An Lone Iranian (-1)

Anonymous Coward | more than 3 years ago | (#35646130)

To the tune of Walk Like An Egyptian...

All the old web sites on the net
The have the web forms, don't you know
But if you inject SQL (oh way oh)
They're falling down like the Comodo

Black hat types with a thousand swipes say
Ay oh way oh, ay oh way oh
Hack like a lone Iranian

Re:Hack Like An Lone Iranian (1)

Zanadou (1043400) | more than 3 years ago | (#35649436)

Would you like to sell a vowel?

haha (0)

Anonymous Coward | more than 3 years ago | (#35646408)

I Lol'd

Experience (0)

Anonymous Coward | more than 3 years ago | (#35646440)

He failed to mention that he is a braggart with the experience of 1000 braggarts.

It was really just the MCP (1)

Dachannien (617929) | more than 3 years ago | (#35646450)

I've grown 2,415 times smarter since then.

Re:It was really just the MCP (0)

Anonymous Coward | more than 3 years ago | (#35646638)

I mean really?? give me a break this is hardly even written in the context of the first person. This is totally without a doubt a PR release.

Having the skill of 1000 hackers... (1)

sdguero (1112795) | more than 3 years ago | (#35646786)

deserves 1000 virgins in the afterlife, right?

Re:Having the skill of 1000 hackers... (1)

sayfawa (1099071) | more than 3 years ago | (#35647836)

No, no, no, the jihadists get the 1000 virgins. He gets the 1000 right hands.

I am sorry. (0)

Anonymous Coward | more than 3 years ago | (#35647016)

I read all of his Pastie's.

If you want a laugh, read them.

A lot of egotistical shit talk from a guy who doesn't realize RSA simply cannot be "cracked". It's impossible.

If you had any common sense, you would use your "hacks" on the actual people who have/had access to having CR's resigned.

Also, let's not just throw around "symmetric" and "asymmetric" when dealing with encryption and hashing, it just makes you look dumb.

And working on a way to derive two prime factors of a number is ridiculous, you won't ever accomplish it. Simply because we are dealing with numbers larger than the processing ability of most computers that can be accessed (spare some), and the fact that primality tests aren't something you can simply "write".

I thought I had an epiphany in math class a few weeks ago (pre-calc is boring as fuck, and my Ti-84 only can do so much, even with asm programmin), and realized that if you took any number, you can first run it against basic tests and tests of division. Even numbers out, numbers whom digits add up to a multiple of 3 are out, etc. After that, you are fucked.

RSA is secure. Period. It's implementation can only be *so* secure.

And lol, if you want to do something actually epic, and worth bragging about, steal the private RSA key and code yourself a resigner. Until then, stop acting like you did anything tremendously amazing.

This is all >implying this kid isn't just frontin.

-Thilo The "Hax"

Re:I am sorry. (2, Insightful)

Anonymous Coward | more than 3 years ago | (#35647144)

I read all of his Pastie's.

If you want a laugh, read them.

A lot of egotistical shit talk from a guy who doesn't realize RSA simply cannot be "cracked". It's impossible.

If you had any common sense, you would use your "hacks" on the actual people who have/had access to having CR's resigned.

Also, let's not just throw around "symmetric" and "asymmetric" when dealing with encryption and hashing, it just makes you look dumb.

And working on a way to derive two prime factors of a number is ridiculous, you won't ever accomplish it. Simply because we are dealing with numbers larger than the processing ability of most computers that can be accessed (spare some), and the fact that primality tests aren't something you can simply "write".

I thought I had an epiphany in math class a few weeks ago (pre-calc is boring as fuck, and my Ti-84 only can do so much, even with asm programmin), and realized that if you took any number, you can first run it against basic tests and tests of division. Even numbers out, numbers whom digits add up to a multiple of 3 are out, etc. After that, you are fucked.

RSA is secure. Period. It's implementation can only be *so* secure.

And lol, if you want to do something actually epic, and worth bragging about, steal the private RSA key and code yourself a resigner. Until then, stop acting like you did anything tremendously amazing.

This is all >implying this kid isn't just frontin.

-Thilo The "Hax"

Are you talking about yourself? You're only in high school. The extent of your formal math knowledge is beneath basic calculus. Shut up and get over yourself.

Re:I am sorry. (0)

Anonymous Coward | more than 3 years ago | (#35651666)

A lot of egotistical shit talk from a guy who doesn't realize RSA simply cannot be "cracked". It's impossible.

Well, with our current knowledge it is considered to be "impossible", or rather infeasible. But there has been many problems no one seemed to be able to solve that have been solved since.

Throwing around words like "impossible" is just plain stupid and show that you yourself doesn't have enough experience in the field. Experts in the field are careful to use words like "impossible" or "never", since they know that breakthroughs can come at any time and sometimes systems are cracked by using another, not previously foreseen, attack vector.

For example, there are attacks on RSA when the two factors (the private and the public keys) are of very different sizes. So even if this attack doesn't work in the generic case, you might be able to use a battery of attacks to find a weakness in a given system.

A breakthrough in quantum computing might render some cryptographic systems weak, systems that today are considered very strong.

Hell, just compare it to computer graphics. When I started using my first computer, no one would imagine that full length feature films were made entirely using photo realistic rendering. Today, no one lifts an eyebrow when these films are released. So much for "impossible"...

hacker (0)

kerrykoyi (2026638) | more than 3 years ago | (#35647326)

i think the hacker is terrible ,i dont like them~~but i think they must be very excellent. wholesale clothing [wholesale-dress.net]

single (0)

Anonymous Coward | more than 3 years ago | (#35647418)

Of *course* you're single. I don't think anyone assumed you had a girlfriend, so there was really no need to clarify.

He sounds VERY pro-government! (4, Interesting)

damoncz (648166) | more than 3 years ago | (#35647472)

I am an Iranian dissident living outside Iran and this guy is VERY pro-government, which is a rarity in Iran if you are following the news.. Line 41: "A message in Persian: Janam Fadaye Rahbar" Means "my life sacrificed for the Leader". Only Khamenei goons otter that. I smell something fishy. Can't be a lone hacker...

Re:He sounds VERY pro-government! (1)

iamhassi (659463) | more than 3 years ago | (#35647650)

Means "my life sacrificed for the Leader". Only Khamenei goons otter that. I smell something fishy. Can't be a lone hacker...

Maybe he took the blue pill...

Re:He sounds VERY pro-government! (0)

Anonymous Coward | more than 3 years ago | (#35649990)

Viagra?

Re:He sounds VERY pro-government! (0)

Anonymous Coward | more than 3 years ago | (#35649994)

"I am an Iranian dissident living outside Iran and this guy is VERY pro-government, which is a rarity in Iran if you are following the US propaganda..

FTFY

Re:He sounds VERY pro-government! (0)

Anonymous Coward | more than 3 years ago | (#35650760)

Can't be a lone hacker...

Why not?

Do you think it's literally impossible for people to be in favor of the current Iranian government, at least when they're not themselves part of, affiliated with, or employed by said government?

The problem with people like you is that you make up your mind based on your own prejudices, and then stick to those and interpret everything that happens accordingly. Hacking from Iran? Oh, hacking is bad, and the Iranian government is bad, therefore it MUST have been the government. Case closed! Nothing else is even possible, and any new information etc. will be interpreted accordingly. If it fits your prejudice, you just accept it at face value; if it doesn't, it's misinformation, untrue, propaganda, a lie, a joe job, psyops, or otherwise fishy.

That's not to say that you're necessarily wrong. But you fail to convince, and the more you do this, the more credibility you lose. And by "you", I don't mean you personally, I mean dissidents etc. in general, no matter whether they're Iranian, Chinese, Cuban etc.

And yes, I realize that most likely there's a lot of shit going on behind the scenes and unlike you, I don't know one tenth of it, but you'll still have to convince people.

Re:He sounds VERY pro-government! (1)

AB3A (192265) | more than 3 years ago | (#35650816)

Mod parent up for informative post.

This boastful diatribe is not the mark of a really smart person. It seems more like a cult member taunting the public.

I do not doubt that he could be crazy and smart at the same time. I think Iran's leadership has noticed the power of the stuxnet virus/worm. They're rightfully embarrassed. However, instead of fixing their problems and moving on, they're lashing out with dweebs like this deluded idiot.

The fact is that our CA platforms of trust are quite vulnerable. We should be afraid, though perhaps not from drooling whack jobs like this. Take time to review where your trust has been given, and then make some decisions. However, I wouldn't lose much sleep over something like this.

Re:He sounds VERY pro-government! (1)

GameboyRMH (1153867) | more than 3 years ago | (#35652194)

Who says he isn't the Iranian equivalent of The Jester?

Re:He sounds VERY pro-government! (0)

Anonymous Coward | more than 3 years ago | (#35661044)

Maybe it's the otter that smells fishy.

Easy Question? (0)

Anonymous Coward | more than 3 years ago | (#35648218)

Did anyone use the forged certs? In what circumstances?

If they were deployed on a countrywide scale in Iran, it doesn't matter whether it was a lone user or a team of government hackers; the end result is the same and the government is certainly just as culpable. Unfortunately, I'm not having a lot of luck finding an answer to that question in my several minutes of googling. Anyone have a good reference on this question?

Newer Info (1)

LoneHighway (1625681) | more than 3 years ago | (#35649156)

Jacob Appelbaum tweeted this earlier. Comodohacker may be for real.

It appears that the #comodogate hacker has posted the secret key for Mozilla's cert: http://pastebin.com/X8znzPWH [pastebin.com]

Re:Newer Info (1)

netsharc (195805) | more than 3 years ago | (#35651032)

BTW it's not "Mozilla's cert", it's the cert faking to be addons.mozilla.org that he created and signed through the compromised CA...

Re:Newer Info (2)

Xest (935314) | more than 3 years ago | (#35651392)

Why would that make him legit? Just means if he's an Iranian propaganda agent that the actual group of Iranians, from perhaps Iranian military establishments that did the hack gave it to this PR guy to paste.

We know the hack was real, we know it came from Iran, nothing there changes that. That doesn't in any way prove he was a lone individual. only that he is at least connected to the person or people that really did the attacks.

Lolz (0)

Anonymous Coward | more than 3 years ago | (#35650024)

Well that was quite a funny read, apparently he rules teh internetz, everyone better watch out for the guy who has the skillz of 1,000 hackers, programmers and *coughs* project managers??? He might just PM our asses to death, though it is nice to see one man with the combined abilities of 3,000, he should deffo be running some kind of multinational corporation on his own.

I doubt the Iranian govt. would say anything (0)

Anonymous Coward | more than 3 years ago | (#35650316)

I doubt the Iranian government would make any kind of comment about the Comodo hack, even one like this (which might ultimately be traced somehow). It's possible for individuals to cause amazing damage (Gary McKinnon, Robert Morris etc) so why not this guy?

till.. (1)

0dugo0 (735093) | more than 3 years ago | (#35651476)

He had me till HAARP.

You's a trollin.. (0)

Anonymous Coward | more than 3 years ago | (#35652960)

Do not feed the trolls.

I hacked... (0)

Anonymous Coward | more than 3 years ago | (#35668276)

...with the force of one thousand suns!

Check for New Comments
Slashdot Account

Need an Account?

Forgot your password?

Don't worry, we never post anything without your permission.

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>
Create a Slashdot Account

Loading...