A post on the popular website Pastebin sheds new light on the recent Comodo SSL certificate attacks. A 21 year old Iranian hacker who goes by the name of ComodoHacker, claims full responsibility for the hacks which saw certificates from popular websites created and forged.
Comodo admitted that on March 15, 2011 a Registration Authority (RA) in southern Europe was compromised and fraudulent certificates were created. The hacker some how gained access to an administrative username and password which they then used to create themselves their own username and password to create SSL certificates for URL's such as gmail.com, live.com and Skype. The New Jersey company came to the conclusion that the circumstantial evidence suggested the attack originated in Iran, and focused on the communication infrastructure, not the financial infrastructure as a typical cyber-criminal might. The company also thought the attacks were likely to be state-driven, however this recent news disputes the claim.
"I hacked Comodo from InstantSSL.it, their CEO's e-mail address firstname.lastname@example.org, their Comodo username/password was: user: gtadmin password: [trimmed], their DB name was: globaltrust and instantsslcms" says the document. ComodoHacker then explained more about how he managed to carry out the attack, "InstantSSL.it which was doing it's job under control of Comodo, I wrote a code for signing my CSRs using POST request to those APIs, I learned their APIs so FAST and their TrustDLL.DLL was too old and was not working properly, it doesn't send all needed parameters, it wasn't enough for signing a CSR."
We contacted Comodo but they declined to comment.