The hack that resulted in Comodo creating certificates for popular e-mail providers including Google Gmail, Yahoo Mail, and Microsoft Hotmail has been claimed as the work of an independent Iranian patriot. A post made to data sharing site pastebin.com by a person going by the handle "comodohacker" claimed responsibility for the hack and described details of the attack. A second post provided source code apparently reverse-engineered as one of the parts of the attack.

Whether the postings are authentic and accurate is, at present at least, a matter of conjecture. The post specifies a number of details that appear authentic. The writer fingers Italian Registration Authority GlobalTrust.it/InstantSSL.it (the same company operating under multiple names) as the weak link. A Registration Authority (RA) is essentially a local reseller for a Certification Authority (CA); in principle, the RA performs the validation of identity that would be too difficult or expensive for the root CA to do, and then sends a request to the root CA to generate an appropriate certificate. Comodo's systems trust that the RA has done its job appropriately, and issues the certificate. This is consistent with Comodo's statement that it was a Southern European company that was compromised.

In addition to blaming a specific RA, the post includes other details: the username ("gtadmin") and password ("globaltrust," proving once again that security companies can pick really bad passwords) used by the RA to submit requests to Comodo's system, the e-mail address of InstantSSL's CEO ("mfpenco@mfpenco.com"), and the names of the databases used by GlobalTrust's website. In practice, though, only Comodo can verify this information, and the company has no good reason to do so.

The alleged hacker also described some details of the hack itself. He claims to have broken into GlobalTrust's server and found a DLL, TrustDLL.dll, used by that server to send the requests to Comodo and retrieve the generated certificates. The DLL was written in C#, so decompiling it to produce relatively clear C# was easy; within the DLL the hacker found hard-coded usernames and passwords corresponding to GlobalTrust's account on Comodo's system, and another account for the system of another CA, GeoTrust. The source code the hacker posted was part of this DLL, and certainly has the right form for decompiled source code. Again, though, only GlobalTrust could provide absolute confirmation of its authenticity.

Reasons for caution

So at least to some extent, the claim looks legitimate. They're saying the right kind of things. There are, however, a few reasons to be cautious. The identity of the RA was already presumed to be InstantSSL.it, and the company is Comodo's only listed reseller in the Southern Europe area. That listing also discloses mfpenco's Comodo e-mail address, and from there it's easy to find his full name, e-mail address, and position within the company. So someone uninvolved with the hack could provide this information. Even the DLL source code is not cast iron evidence: Comodo publishes the API that RAs use to integrate with its systems, so anybody could produce a similar DLL. Indeed, the only details not trivially discoverable with a bit of search engine leg-work are the ones that are also entirely unverifiable anyway.

The claims are also infused with an almost unbelievable amount of BS in its purest form. Though initially describing him- or herself as "we," the hacker then claims to be a 21-year-old programmer working alone, and to be unaffiliated with the Iranian Cyber Army (a group accused of hacking Twitter in 2009). So far, so good. He then goes rather off the rails, however, when he claims to have the hacking experience of 1,000 hackers, the programming experience of 1,000 programmers, and the project management experience of 1,000 project managers. Mmm-hmm.

He claims also that his original plan was to hack the RSA algorithm commonly used in SSL. RSA is a public key cryptography algorithm, and its security depends on one thing: that factorizing numbers into their prime factors (for example, converting 12 into 3×2×2) is computationally difficult. With numbers of the size used in RSA—typically 1024 bits, equivalent to about 309 decimal digits, or 2048 bits, equivalent to about 617 decimal digits—and the current best-known algorithms, literally thousands of years of CPU time are required to factorize the numbers involved, making it computationally intractable.

Though the hacker initially admits that he didn't find a solution to the integer factorization problem—instead getting waylaid by the distraction of breaking into CAs—he later claims that "RSA certificates are broken," and that "RSA 2048 was not able to resist in front of me." He also directly threatens Comodo and other CAs, saying "never think you can rule the internet, ruling the world with a 256 digit [sic] number which nobody can find it's [sic] 2 prime factors (you think so), I'll show you how someone in my age can rule the digital world, how your assumptions are wrong." So the implication is that an attack on RSA is forthcoming, but there's no sign of it so far.

The decompilation of the DLL and subsequent generation of code that allowed the hacker to generate his own certificates is also ascribed to the hacker's own brilliance. He claims that he had "no idea" of Comodo's API or "how it works," and that the DLL did not quite work properly due to being out of date and not providing all the information that Comodo's systems needed. Nonetheless, he learned what to do and rewrote the code "very very fast," with the result that Comodo will be "really shocked about my knowledge, my skill, my speed, my expertise and entire attack." Skill and expertise are certainly one possibility, but looking at the documents that Comodo publishes is surely the easier approach—and surely the preferred approach of someone with the experience of 1,000 hackers.

The hacker's manifesto

Nonetheless, the claims are probably authentic, at least insofar as they come from someone with some knowledge of, and involvement in, the Comodo attack. They tie together all the right pieces, and the DLL code, though by no means absolute evidence, is pretty compelling—though the grandiose claims about RSA are unlikely to amount to anything. In addition to claiming responsibility, the post includes something of a political manifesto—a series of "rules" that hint at the underlying reason for the attacks.

The nature of the targets chosen—mainly e-mail sites—enabled the perpetrator to relatively effectively eavesdrop on secure e-mail sent using Gmail, Yahoo! Mail, and Hotmail. This in turn implicated government agencies, as such an ability would allow them to more easily detect dissident communications. However, the hacker insists that he is independent and acting alone. He is, however, a staunch pro-government nationalist, and issues a warning to people within Iran such as the Green Movement and the MKO that they should be "afraid of [him] personally." He continues, "I won't let anyone inside Iran, harm people of Iran, harm my country's Nuclear Scientists, harm my Leader (which nobody can), harm my President, as I live, you won't be able to do so." Those people "don't have privacy in internet" and "don't have security in digital world. [sic throughout]"

So, while operating alone, the hacker was certainly acting in a manner aligned with the Iranian regime, leading to speculation that the actions were likely "rewarded" by the state, if not explicitly carried out on the state's behalf. Either way, the intent is clearly to allow spying on Iranian citizens.

The hacker also criticizes Western governments, Western media, and Western corporations. He positions the fraudulent certificates as a means of giving himself equivalent powers to the US and Israel, stating that they can already read mail in Yahoo, Hotmail, Gmail, and so on "without any simple little problem," since they can spy using Echelon. The certificates just let him do the same.

He criticizes the media in a number of ways. He regards it as unfair that Iranian ambassadors were quizzed by the media regarding the Comodo attack, and yet no equivalent scrutiny was given to US and Israeli officials over Stuxnet. Similarly, the Western media wrote about the Comodo attack, but ignores Echelon and HAARP—in other words, that the media swoops into action when it appears that Iranians might compromise the secrecy of Westerners, but doesn't care about Westerners spying on the rest of the world.

And finally, he claims that Microsoft, Mozilla, and Google updated their software "as soon as instructions came from CIA." He also claims that the reason Microsoft did not patch the Stuxnet vulnerabilities for so long is not because the company didn't know about them, but rather because those vulnerabilities were required by Stuxnet—Redmond was again acting on the behalf of the CIA.

The hacker says that we should be scared and afraid, that he is immensely skilled, and that the security offered by SSL will soon come crashing down around our ears. This is highly unlikely. His claims are far-fetched, with more than a hint of conspiracy theory madness to them.

But in another sense, he's right. The hack he describes was not particularly clever or advanced; we still don't know all the details, but it appears that Comodo has done little to ensure that its RAs are secure, leaving it extremely prone to attack. It's unlikely that Comodo is unique in this regard, too—the specifics will vary from CA to CA, RA to RA, but there are so many of these entities, all of them trusted by default, that further holes are inevitable. Such attacks don't need large teams or state sponsorship to work; they're well within the reach of a suitably well-motivated individual. With SSL we have built, and depend on, a large trust system—breaches of that trust are a genuine threat with the potential for enormous harm. It's high time these trusted companies made sure they actually deserved that trust.