Announcement

Collapse
No announcement yet.

Mysterious hacks...Iran?

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • Mysterious hacks...Iran?

    Late last month "security firm Fox-IT was called in to analyse the sequence of events at DigiNotar". The company issued a technical statement on 5 September (http://www.diginotar.nl/Portals/7/Pe...ip%20v1.0a.pdf)
    and the matter hit the headlines on 6 September:

    "Iranians hit in email hack attack" BBC News - Iranians hit in email hack attack The following message left on pastebin (Striking Back... - Pastebin.com)

    Essentialy alot of fake certificates were granted that would alow a person or persons to track Iranian net traffick, twitter and such like. DigiNotar normaly issues these cerificates and was hacked.

    It then emerged that this was not first attempt; "On 19 July, Dutch CA DigiNotar detected an unauthorised intrusion into its systems." (BBC News - Fake DigiNotar web certificate risk to Iranians)

    This time the message left on one of the certicates was:

    "Of particular note is this certificate:
    CN=*.RamzShekaneBozorg.com,SN=PK000229200006593,OU =Sare Toro Ham Mishkanam,L=Tehran,O=Hameye Ramzaro Mishkanam,C=IR"


    The analyst interprets this as:

    "Thanks to an anonymous Farsi speaker, I now understand that the above certificate is actually a comment to anyone who bothers to read between the lines:
    "RamzShekaneBozorg" is "great cracker"
    "Hameyeh Ramzaro Mishkanam" translates to "I will crack all encryption"
    "Sare Toro Ham Mishkanam" translates to "i hate/break your head""


    Another pastebin message among other stuff says "a) I'm single person, do not AGAIN try to make an ARMY out of me in Iran. If someone in Iran used certs I have generated, I'm not one who should explain."

    So today, due to information in first message ("I still have access: GlobalSign") GlobalSign has stopped issuing cerificates; BBC News - GlobalSign stops secure certificates after hack claim

    It is reported that he also says: "Dutch government is paying what they did 16 years ago about Srebrenica, you don't have any more e-Government huh?"

    To summarise then: We have a farsi speaker, who claims to be a 'single person' elsewhere claims to be 21 etc (ie. 4 at the time of Srebrenica), speaks fluent English, can hack to a level barely below national security standards and whose sole accomplishment for this work was to comprimise the privacy of Iranian peoples web traffic... presumably the water fights are a serious threat!
    Last edited by snapper; 07 Sep 11,, 15:56.

  • #2
    All ComodHacker's messages: ComodoHacker's Pastebin - Pastebin.com

    Comment


    • #3
      Stuxnet 3 hits Iran (Duqu):

      "IRAN says its defence computer systems have been infected with a ''supervirus'' similar to the one believed to have been created by Israel that severely damaged Tehran's nuclear program last year.

      Anti-virus experts have identified a virus called Duqu that they say shares properties with the Stuxnet worm apparently created by Mossad, the Israeli security service. It was thought to have targeted the nuclear program's centrifuges, the devices that enrich uranium to create nuclear fuel.

      It was not clear from the Iranian statement whether Duqu had also struck nuclear facilities, but it was the regime's first admission of damage."


      Read more: Virus hits Iran's defence network

      Of course the assumption here that Stuxnet was an Israeli attack is not proved and actualy dubious.
      Last edited by snapper; 15 Nov 11,, 19:59.

      Comment

      Working...
      X