“The hack of Dutch certificate authority DigiNotar already bore many similarities to the break-in earlier this year that occurred at a reseller for CA Comodo. Bogus certificates were issued for webmail systems, which were in turn used to intercept Web traffic in Iran. Another similiarity has since emerged: the perpetrator of the earlier attacks is claiming responsibility for the DigiNotar break-in. Calling himself ComodoHacker, the hacker claims that DigiNotar is not the only certificate authority he has broken into. He says that he has broken into GlobalSign, and a further four more CAs that he won’t name. He also claimed that at one time he had access to StartCom.”
As the founder of StartCom stated: “We defended ourselves successfully in June from a different attack, but same ppl.”
Seriously, anyone can claim this kind of stuff without backing it up. I broke into Verisign but I won’t say how or when. There, i’m now an awesome hax0r.
I wouldn’t say that.
The guy from the Comodo hack actually published some keys on pastebin at the time. Which proved it.
Here is the PDF of the first report from Fox-IT which did the report on what happend at DigiNotar:
http://www.rijksoverheid.nl/bestanden/documenten-en-publicaties/rap…
It specifically says: “The same text was found in the Comodo hack in March of this year”
Which doesn’t say much, but says atleast the DigiNotar was the same person/group or wanted it to look that way.
Doesn’t say anything about all those other CA’s he’s supposedly hacked though.