Comodo Hacker Paradigm Intel
More of our INTEL
Prelim Paradigm Intel:
He wants people to Believe.
Comodo attacker is Persian,
His sentences are breathless ,few vowels, few verbs.
The language/semantics used was intended to mislead.
The semantics don't match with a Persian writing
English as a second language.
Only Persian used was in Wikipedia.
If Iran did do this they would want deny ability.
Hence the lone Iranian hacker. But Iran would
have given him a name for propaganda reasons,
to promote his feats, and the power of Persians
in the cyber realm.
Somebody claiming to be the "Comodo hacker" has released a statement here
http://pastebin.com/74KXCaEZ, decompiled code here http://pastebin.com/DBDqm6Km, and account database here http://pastebin.com/CvGXyfiJ.
Compare the English in the Pastebin links to this email
exchange. http://erratasec.blogspot.com/2011/03/interview-with-comodohacker.html
He is weeks away from being arrested.
Prelim Paradigm Intel:
He wants people to Believe.
Comodo attacker is Persian,
English second language,
math background,
lived in Iran entire life,
Right wing
pro-regime
newly Middle class,
never in position of authority,
Persian is street level,
family connected to regime Institution.
ICA scrambling to recruit him.
Considerations:
His sentences are breathless ,few vowels, few verbs.
The language/semantics used was intended to mislead.
The semantics don't match with a Persian writing
English as a second language.
Only Persian used was in Wikipedia.
If Iran did do this they would want deny ability.
Hence the lone Iranian hacker. But Iran would
have given him a name for propaganda reasons,
to promote his feats, and the power of Persians
in the cyber realm.
Somebody claiming to be the "Comodo hacker" has released a statement here
http://pastebin.com/74KXCaEZ, decompiled code here http://pastebin.com/DBDqm6Km, and account database here http://pastebin.com/CvGXyfiJ.
Compare the English in the Pastebin links to this email
exchange. http://erratasec.blogspot.com/2011/03/interview-with-comodohacker.html
The sophistication and finesse hack points to an INSIDER.
The id and ego of a hacker tend to drive them to pride and
recognition of their work, even if only a non-plume.
Stuxnet was a Gov operation and covert, this Comodo
hacker knew he would be discovered.
Stuxnet was a Gov operation and covert, this Comodo
hacker knew he would be discovered.
The greater the hack the greater the motivation and desire
for acknowledgement, recognition.
He never gives himself a NAME.
Our conclusion is he isn't Persian,
and at the time of the hack was not connected
to the Iranian Regime.
He didn't use the hack for financial gain,
which further points to a White hat gone BAD.
He doesn't have the means or knowledge
to follow through, and knows even a small slip
up in monetizing his hack would lead to his discovery.
Iran has made no currency from his hack and
been mysteriously silent. Almost as if they don't
trust him. He maybe trying to sell his services
to Iran.
Mikko Hyponen of F-Secure asks on Twitter:
"Do we really believe that a lone hacker gets into a CA, can generate any cert he wants..and goes after login.live.com instead of paypal.com?"
to Iran.
Mikko Hyponen of F-Secure asks on Twitter:
"Do we really believe that a lone hacker gets into a CA, can generate any cert he wants..and goes after login.live.com instead of paypal.com?"
The limited business Geo-location of his hacks,
puts him squarely among Comodo White hats,
or programmers. Look for someone complaining
about possible exploits in Comodo systems.
He doesn't know Paypal as well as he knows
Comodo, he is an insider at Comodo.
about possible exploits in Comodo systems.
He doesn't know Paypal as well as he knows
Comodo, he is an insider at Comodo.
He knows:
Bruce Schneier, RSA people (Ron, Adi and Leonard) and specially David Wagner.
He is weeks away from being arrested.
Gerald
Anthropologist
Tactical Internet Systems analyst.
.
1 Comments:
Guessing there would be a connection between http://www.facebook.com/pages/9VPN/103655829702886 and the guy since they advertise "9VPN."
A dedicated server for VPN services could be established by Iran government for stealing users' name and password and also for recording valid requests to send them afterward.
Post a Comment
Subscribe to Post Comments [Atom]
<< Home