More of our INTEL
Prelim Paradigm Intel:
He wants people to Believe.
Comodo attacker is Persian,
English second language,
lived in Iran entire life,
newly Middle class,
never in position of authority,
Persian is street level,
family connected to regime Institution.
ICA scrambling to recruit him.
His sentences are breathless ,few vowels, few verbs.
The language/semantics used was intended to mislead.
The semantics don't match with a Persian writing
English as a second language.
Only Persian used was in Wikipedia.
If Iran did do this they would want deny ability.
Hence the lone Iranian hacker. But Iran would
have given him a name for propaganda reasons,
to promote his feats, and the power of Persians
in the cyber realm.
The sophistication and finesse hack points to an INSIDER.
The id and ego of a hacker tend to drive them to pride and
recognition of their work, even if only a non-plume.
Stuxnet was a Gov operation and covert, this Comodo
hacker knew he would be discovered.
The greater the hack the greater the motivation and desire
for acknowledgement, recognition.
He never gives himself a NAME.
Our conclusion is he isn't Persian,
and at the time of the hack was not connected
to the Iranian Regime.
He didn't use the hack for financial gain,
which further points to a White hat gone BAD.
He doesn't have the means or knowledge
to follow through, and knows even a small slip
up in monetizing his hack would lead to his discovery.
Iran has made no currency from his hack and
been mysteriously silent. Almost as if they don't
trust him. He maybe trying to sell his services
Mikko Hyponen of F-Secure asks on Twitter:
"Do we really believe that a lone hacker gets into a CA, can generate any cert he wants..and goes after login.live.com instead of paypal.com?"
The limited business Geo-location of his hacks,
puts him squarely among Comodo White hats,
or programmers. Look for someone complaining
about possible exploits in Comodo systems.
He doesn't know Paypal as well as he knows
Comodo, he is an insider at Comodo.
Bruce Schneier, RSA people (Ron, Adi and Leonard) and specially David Wagner.
He is weeks away from being arrested.
Tactical Internet Systems analyst.