He presents himself as a young Iranian 21 years, calls himself ComodoHack and launched last week, a cyber attack that would "potentially could undermine the trust we place on the Internet," in the words of Lawrence Heslaut, responsible for security at Symantec France.
In a message posted Friday on the Web, ComodoHack said he wanted "revenge operation Stuxnet led by the United States and Israel against Iran's nuclear power plants last summer.In broken English, the young man, who claims to have "the capacity of 1 000 hackers gathered," promised that he would attack other computer using the same modus operandi.
What did he do exactly? ComodoHack is one of the first hacker to have managed the feat of creating digital certificates authentication system by hacking Comodo, one of the leading companies in the closed world of certification.
Gmail, Skype or Yahoo
Comodo, like Verisign or RSA, to validate the identity of secure sites whose addresses begin with "https."Without certification, there is no evidence, for example, a site selling online has not been established by a small malignant eager to retrieve the data bank of a surfer.
Motivated more by politics than profit, the hacker Iranian authentication certificates issued on behalf of Comodo for Gmail, Yahoo Mail or Skype, instant messaging popular with opponents of the regime in Tehran. With these certificates usurped, cybercriminals was able to create fake Gmail and Skype conversations which he recovered and personal data of users fooled.An amount of information it could then sell to the highest bidder or give generously to the Iranian authorities.
By last weekend, Microsoft, Mozilla (Firefox), Google had, in an emergency, to update their browser to identify and banish the Net certificates. Still, the attack proved that the security of commercial transactions and the confidentiality of conversations is to be engraved in stone digital. Lawrence Heslaut even sees one of the major trends in cybercrime: "Today, criminals are doing everything to confuse the issue between what is true and what is wrong on the Internet."
