Skip to main content

DigiNotar SSL Certificate Hacker Identified

Recent revelations indicate that the DigiNotar SSL certificate hack was pulled off by the CommodoHacker, who was also responsible for hacking another security certificate provider, Commodo.

According to a blog post by firm F-Secure, the hacker made the disclosure on his Paste Bin account, which has remained silent since March 2011.

The hacker claims that he was indeed responsible for the attack on DigiNotar. He wrote that he is in possession of 4 more high profile certificates and is still capable of assigning fake certificates.

“Almost from the beginning of the DigiNotar CA Disaster, we had a reason to believe the case was connected to "ComodoGate" — the hacking of another Certificate Authority earlier this year, by an Iranian attacker,” said F-Secure.

“As a proof to show that he really did infiltrate DigiNotar, he shares the domain administrator password of the CA network:Pr0d@dm1n. DigiNotar would be able to confirm if this was accurate or not,” the company added.

The fake SSL certificates issued by the hacker were for related websites. Iranian users were targeted in the attack.