Comodo Hacker Paradigm Intel

More of our INTEL

Prelim Paradigm Intel:
He wants people to Believe.
Comodo attacker is Persian,

English second language,

math background,

lived in Iran entire life,

Right wing

pro-regime

newly Middle class,

never in position of authority,

Persian is street level,

family connected to regime Institution.

ICA scrambling to recruit him.

Considerations:

His sentences are breathless ,few vowels, few verbs.
The language/semantics used was intended to mislead.
The semantics don't match with a Persian writing
English as a second language.
Only Persian used was in Wikipedia.
If Iran did do this they would want deny ability.
Hence the lone Iranian hacker. But Iran would
have given him a name for propaganda reasons,
to promote his feats, and the power of Persians
in the cyber realm.

Somebody claiming to be the "Comodo hacker" has released a statement here
http://pastebin.com/74KXCaEZ, decompiled code here http://pastebin.com/DBDqm6Km, and account database here http://pastebin.com/CvGXyfiJ.



Compare the English in the Pastebin links to this email
exchange. http://erratasec.blogspot.com/2011/03/interview-with-comodohacker.html

The sophistication and finesse hack points to an INSIDER.

The id and ego of a hacker tend to drive them to pride and

recognition of their work, even if only a non-plume. 
Stuxnet was a Gov operation and covert, this Comodo
hacker knew he would be discovered.

The greater the hack the greater the motivation and desire

for acknowledgement, recognition.

He never gives himself a NAME.

Our conclusion is he isn't Persian,

and at the time of the hack was not connected

to the Iranian Regime.

He didn't use the hack for financial gain,

which further points to a White hat gone BAD.

He doesn't have the means or knowledge 

to follow through, and knows even a small slip

up in monetizing his hack would lead to his discovery.

Iran has made no currency from his hack and

been mysteriously silent. Almost as if they don't

trust him. He maybe trying to sell his services
to Iran.


 Mikko Hyponen of F-Secure asks on Twitter:
"Do we really believe that a lone hacker gets into a CA, can generate any cert he wants..and goes after login.live.com instead of paypal.com?"

The limited business Geo-location of his hacks,

puts him squarely among Comodo White hats,

or programmers. Look for someone complaining
about possible exploits in Comodo systems. 
He doesn't know Paypal as well as he knows 
Comodo, he is an insider at Comodo.

He knows:

Bruce Schneier, RSA people (Ron, Adi and Leonard) and specially David Wagner.

He is weeks away from being arrested.

Gerald

Anthropologist

Tactical Internet Systems analyst.

InternetAnthropologistTT@gmail.com
http://warintel.blogspot.com/

Iranian Cyber Forces uber threat NOT

.