The attacker who breached the certificate authority speaks, prompting Comodo to acknowledge that two more of its partners were breached. The attack on certificate authority Comodo continued to stay in the news this week, with a person claiming to be the sole perpetrator of the attack posting a handful of times online and the company acknowledging the hacker’s claims that two more of its partners had been breached.On Saturday, a person writing under the name of “ComodoHacker” posted to PasteBin, claiming to be the attacker that breached the systems of a Comodo partner that vets requests for secure socket layer (SSL) certificates. Last week, Comodo acknowledged that an attacker coming from Iranian servers, which the company believed to be state-funded, had breached a partner and successfully used the access to request nine high-value certificates.Tuesday, two security researchers confirmed that the private key released by the person in a subsequent post matched that of one of the fraudulently obtained certificates for Mozilla’s add-on site, proving that some of the hacker’s claims were accurate.“It’s not so simple a hack, it took me time,” the hacker wrote. “I hacked a lot of resellers, but I found out that most of CAs verify customers in their own way. After a lot of research and talking as a customer to CAs, I found out there was possible potential in Comodo.” The hacker also claimed to have breached another certificate authority and two more Comodo partners, the latter claim confirmed by Comodo’s chief technical officer on Tuesday.“Two further RA accounts have since been compromised and had RA privileges withdrawn,” CTO Robin Alden wrote. “No further mis-issued certificates have resulted from those compromises.” The SSL certificates are a key component of the security of the Internet, adding a level of authentication to domain names. Browsers rely on the certificates to send HTTP requests securely to an authenticated server, such as an online banks site. An attacker would need to control some part of the domain-name infrastructure or conduct a man-in-the-middle attack to make use of a certificate.The problems in using the certificates were one piece of evidence that convinced Comodo that a nation-state had been behind the attacks, since a country, such as Iran, has control of its own DNS infrastructure.However, in an email to CSO, the hacker claims that controlling DNS requests are not difficult.There is “no need to access DNS infrastructure of entire Iran, I have my own personal targets and I already own a lot of these type of networks,” he wrote. “Owning a gateway of a network or owning a single PC in a target network with ARP (address resolution protocol) poisoning with my certs would solve too much problem for me.” Related content news New CISO appointments 2023 Keep up with news of CSO, CISO, and other senior security executive appointments. By CSO Staff Dec 08, 2023 28 mins CSO and CISO CSO and CISO CSO and CISO news Top cybersecurity product news of the week New product and service announcements from Coro, Descope, Genetec, Varonis, Cloudbrink, Databarracks, and Security Journey By CSO staff Dec 07, 2023 22 mins Generative AI Security news analysis Attackers breach US government agencies through ColdFusion flaw Both incidents targeted outdated and unpatched ColdFusion servers and exploited a known vulnerability. By Lucian Constantin Dec 06, 2023 5 mins Advanced Persistent Threats Cyberattacks Vulnerabilities news BSIMM 14 finds rapid growth in automated security technology Embrace of a "shift everywhere" philosophy is driving a demand for automated, event-driven software security testing. By John P. Mello Jr. Dec 06, 2023 4 mins Application Security Network Security Podcasts Videos Resources Events SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe