Internet Anthropologist Think Tank: Comodo Hacker Paradigm Intel

  • Search our BLOG


  • HOME
    Terrorist Names SEARCH:
    Loading

    Saturday, April 02, 2011

    Comodo Hacker Paradigm Intel

    More of our INTEL


    Prelim Paradigm Intel:
    He wants people to Believe.
    Comodo attacker is Persian,
    English second language,
    math background,
    lived in Iran entire life,
    Right wing
    pro-regime
    newly Middle class,
    never in position of authority,
    Persian is street level,
    family connected to regime Institution.
    ICA scrambling to recruit him.

    Considerations:

    His sentences are breathless ,few vowels, few verbs.
    The language/semantics used was intended to mislead.
    The semantics don't match with a Persian writing
    English as a second language.
    Only Persian used was in Wikipedia.
    If Iran did do this they would want deny ability.
    Hence the lone Iranian hacker. But Iran would
    have given him a name for propaganda reasons,
    to promote his feats, and the power of Persians
    in the cyber realm.



    Somebody claiming to be the "Comodo hacker" has released a statement here
    http://pastebin.com/74KXCaEZ, decompiled code here http://pastebin.com/DBDqm6Km, and account database here http://pastebin.com/CvGXyfiJ.




    Compare the English in the Pastebin links to this email
    exchange. http://erratasec.blogspot.com/2011/03/interview-with-comodohacker.html

    The sophistication and finesse hack points to an INSIDER.
    The id and ego of a hacker tend to drive them to pride and
    recognition of their work, even if only a non-plume. 
    Stuxnet was a Gov operation and covert, this Comodo
    hacker knew he would be discovered.

    The greater the hack the greater the motivation and desire
    for acknowledgement, recognition.
    He never gives himself a NAME.

    Our conclusion is he isn't Persian,
    and at the time of the hack was not connected
    to the Iranian Regime.

    He didn't use the hack for financial gain,
    which further points to a White hat gone BAD.
    He doesn't have the means or knowledge 
    to follow through, and knows even a small slip
    up in monetizing his hack would lead to his discovery.

    Iran has made no currency from his hack and
    been mysteriously silent. Almost as if they don't
    trust him. He maybe trying to sell his services
    to Iran.


     Mikko Hyponen of F-Secure asks on Twitter:
    "Do we really believe that a lone hacker gets into a CA, can generate any cert he wants..and goes after login.live.com instead of paypal.com?"

    The limited business Geo-location of his hacks,
    puts him squarely among Comodo White hats,
    or programmers. Look for someone complaining
    about possible exploits in Comodo systems. 
    He doesn't know Paypal as well as he knows 
    Comodo, he is an insider at Comodo.
    He knows:
    Bruce Schneier, RSA people (Ron, Adi and Leonard) and specially David Wagner.


    He is weeks away from being arrested.





    Gerald
    Anthropologist
    Tactical Internet Systems analyst.
    InternetAnthropologistTT@gmail.com
    http://warintel.blogspot.com/
    .

    1 Comments:

    Anonymous Anonymous said...

    Guessing there would be a connection between http://www.facebook.com/pages/9VPN/103655829702886 and the guy since they advertise "9VPN."

    A dedicated server for VPN services could be established by Iran government for stealing users' name and password and also for recording valid requests to send them afterward.

    3:19 AM  

    Post a Comment

    Subscribe to Post Comments [Atom]

    << Home