Security Experts:

ComodoHacker Claims Major GlobalSign Breach, Company Hires DigiNotar Cyber-Investigators

On Wednesday, GlobalSign said that it has tapped Fox-IT, the Dutch cybersecurity team hired to investigate the recent compromise of Dutch Certificate Authority (CA) DigiNotar, to assist with investigations of a claimed breach by an individual that seems to be a serial CA hacker. Fox-IT has been deeply involved in the investigation of the compromise of DigiNotar, and may have knowledge and experience in understanding the tactics used if, in fact, the claims are true and the individual is the same hacker.

In a statement posted on Wednesday, the hacker, who identifies himself as “Comodohacker”, a 21-year old hacker acting as an individual, continued claims that he had compromised systems at GlobalSign, one of the longest established Certification Authorities. “I have access to their entire server, got DB backups, their linux / tar gzipped and downloaded, I even have private key of their OWN globalsign.com domain, hahahaa,” he wrote.

GlobalSign said on Tuesday that has temporarily ceased issuance of all digital certificates following an initial claim that the same hacker responsible for the recent DigiNotar hack had access to four other Certificate Authorities, and named GlobalSign as one of them.

In a statement, the company said it had hired Fox-IT is a precautionary measure as it continues to assess the Comodohacker's claims. The company has not, as of the time of publishing, disclosed any discovery of a breach. The hacker, however, claims he will publish many of his discoveries soon.

What’s interesting, is that the claimed hacker, an Iranian loyalist, says he has developed an “unbreakable” system for replacing SSL certificates. “If my country get equal right as USA in controlling emails, I may share my brilliant unbreakable encryption system for replacement of SSL and CA system,” he wrote. He also hints at his bright future as a hacker, writing: “P.S.S. never forget, I'm just 21, you have to see much more from me!”

Subscribe to the SecurityWeek Email Briefing
view counter
view counter