Skip to main content

Comodo attacker claims credit for DigiNotar breach

DigiNotar Google cert access map (FOX-IT)
Image used with permission by copyright holder

If unauthenticated postings on the Internet are to be believes—and we all know how that goes—the attacker who was behind a breach of the SSL affiliate registration authority Comodo earlier this year may be behind the recent compromise of Dutch SSL certificate authority DigiNotar. The attacker posted an announcement on Pastebin under the name “Comodohacker” claiming responsibility for the DigiNotar breach. In the message, the writer says the action was retaliation for the role of Dutch soldiers in Srebrenica in 1995, where more than 8,000 Muslims were killed by Serbian forces during the Bosnian War.

The same account was previously used earlier this year to describe the attack on SSL certificate authority Comodo. The attacker also claims to have infiltrated four more unnamed high-profile certificate authorities, and gained the ability to issue false certificates from them. He also claimed to have access to the widely-used certificate authority GlobalSign, and to have attempted an attack on StartCom.

“Comodohacker” has given interviews in the last year, and described himself as a 21 year-old Iranian student. Some security experts have also speculated that Comodohacker could be Turkish. However, the Iranian connection is interesting, especially since name of the IP addresses that used Google account information under the fraudulent Google certificate issued by DigiNotar were located in Iran.

In all, over 500 fraudulent certificates were issued from DigiNotar after its systems were compromised. DigiNotar’s auditor FOX-IT has found (PDF) that more than 300,000 unique IP addresses accessed Google accounts alone under the bogus certificate issued for Google. Supposedly-secure information on any of those sessions could, in theory, have been intercepted by a third party.

Geoff Duncan
Former Digital Trends Contributor
Geoff Duncan writes, programs, edits, plays music, and delights in making software misbehave. He's probably the only member…
A dangerous new jailbreak for AI chatbots was just discovered
the side of a Microsoft building

Microsoft has released more details about a troubling new generative AI jailbreak technique it has discovered, called "Skeleton Key." Using this prompt injection method, malicious users can effectively bypass a chatbot's safety guardrails, the security features that keeps ChatGPT from going full Taye.

Skeleton Key is an example of a prompt injection or prompt engineering attack. It's a multi-turn strategy designed to essentially convince an AI model to ignore its ingrained safety guardrails, "[causing] the system to violate its operators’ policies, make decisions unduly influenced by a user, or execute malicious instructions," Mark Russinovich, CTO of Microsoft Azure, wrote in the announcement.

Read more