21 Year Old Claims About the SSL Certificates Hack

Two days earlier, a website named PasteBin uploaded a message sent by a so called 21 year old hacker to the world claiming about the responsibility of hacking the SSL certificates. SSL certificated are the digital certificates issued by the websites for online transactions. The hacker claimed that he acted alone while stealing these digital security certificates of some of the biggest websites on the internet viz. Google, Yahoo, Microsoft and Skype. In his message, the author has clearly shown his anger for US and Israel. The hacker has formed a opinion that these are the two countries who have a hand in the development of stuxnet. The hacker said this worm was developed by US and Israel Government funded teams so target Iran’s nuclear facilities.

Mikko Hypponen, a security expert at F-Secure, said the hacker's postings on Pastebin "look convincing" but added "whether they were posted by a 21-year-old lone gunman or the Iranian government PR department, I don't knowComodo formally accepted the attack on 23^rd of this month mentioning that a week ago a anonymous hacker succeeded in acquiring nine bogus certificates. Comodo's chief executive, Melih Abdulhayoglu, said last week that "circumstantial evidence" pointed to a state-backed attack by Iranian hackers: "We believe these are politically motivated, state-driven/funded attacks," he said. He suggested that the Iranian government planned to create fake sites that would fool activists inside the country into thinking they were on a secure site which could not be tapped, but instead would collect their details. However, in his letter, the hacker has totally opposed this saying. He says that I am an independent hacker with an experience of more than 1000 programmers.

In his letter, the hacker started with the usernames and passwords of InstantSSL.it so as to make the readers sure about him being a genuine hacker. Then the hacker has sequentially written how he found loopholes in the InstantSSL systems and finally managed to get a full access to their server.

But how does this make a difference? What is the danger in some anonymous guy acquiring the digital security certificates? These SSL certificates are used by the user in confirming the identity of any website. The sight talks about it’s originality by displaying an icon (padlock icon) in the address bar of he user’s browser. Now, having these certificates, the hacker can easily form fake pages of these websites and they will not even appear fake because of presence of that icon in the browser address bar. So while the page will appear as a normal log-on page of a website, at the back, it might be something totally different. Then the users entering their username and password would actually be providing them to this hacker. In his letter, the author says - “When USA and Israel creates Stuxnet, nobody talks about it, nobody blamed, nothing happened at all, so when I sign certificates nothing should happen, I say that, when I sign certificates nothing should happen. It's a simple deal.”

We are literally no one to talk about the high level conspiracies amongst the countries. But one thing is sure that this hack may pose a danger to the users. So, beware!

News Source : #-Link-Snipped-#, Pastebin.com - #1 paste tool since 2002! | Image Credits : #-Link-Snipped-#