DigiNotar hacker shares details on GlobalSign breach

Yesterday, GlobalSign announced that it will not be issuing any more certificates until the claims about a breach into its networks made by the “Comodohacker” are proved or disproved.

Apart from mounting its own internal investigation, the company has also retained the services of Fox IT, the security audit firm that is investigating the DigiNotar breach on behest of the Dutch Government.

Also yesterday, the Comodohacker left another message on Pastebin, detailing what he had managed to compromised during the attacks he allegedly perpetrated and that we know about.

He says that he has access to GlobalSign’s “entire server”, database backups, system configuration files and the private key to their globalsign.com domain, and to emails, database backups and customer data from StartCom, which he intends to publish.

Boasting about his abilities, he also goes to great lengths to try and convince everybody that he and he alone was behind the attack. He does admit that he targeted Iranians who work against the current regime with his attack and that he is on his Government side, but insists he has not been instructed by them to execute the various attacks.

Finally, he offers his own “brilliant unbreakable encryption system for replacement of SSL and CA system”, on the condition that Iran gets to monitor services like Gmail, Yahoo, Facebook, Twitter – services that, according to him, are being monitored by the USA and Israel.

In a previous message, he also claims that, despite what Microsoft says, he is able to issue Windows updates. “I already reversed ENTIRE windows update protocol, how it reads XMLs via SSL which includes URL, KB no, SHA-1 hash of file for each update, how it verifies that downloaded file is signed using WinVerifyTrust API, and… Simply I can issue updates via windows update,” he boasts. According to The Register, Microsoft has declined to comment on that particular statement.