The attacker who breached the certificate authority speaks, prompting Comodo to acknowledge that two more of its partners were breached. The attack on certificate authority Comodo continued to stay in the news this week, with a person claiming to be the sole perpetrator of the attack posting a handful of times online and the company acknowledging the hacker’s claims that two more of its partners had been breached.On Saturday, a person writing under the name of “ComodoHacker” posted to PasteBin, claiming to be the attacker that breached the systems of a Comodo partner that vets requests for secure socket layer (SSL) certificates. Last week, Comodo acknowledged that an attacker coming from Iranian servers, which the company believed to be state-funded, had breached a partner and successfully used the access to request nine high-value certificates.Tuesday, two security researchers confirmed that the private key released by the person in a subsequent post matched that of one of the fraudulently obtained certificates for Mozilla’s add-on site, proving that some of the hacker’s claims were accurate.“It’s not so simple a hack, it took me time,” the hacker wrote. “I hacked a lot of resellers, but I found out that most of CAs verify customers in their own way. After a lot of research and talking as a customer to CAs, I found out there was possible potential in Comodo.” The hacker also claimed to have breached another certificate authority and two more Comodo partners, the latter claim confirmed by Comodo’s chief technical officer on Tuesday.“Two further RA accounts have since been compromised and had RA privileges withdrawn,” CTO Robin Alden wrote. “No further mis-issued certificates have resulted from those compromises.” The SSL certificates are a key component of the security of the Internet, adding a level of authentication to domain names. Browsers rely on the certificates to send HTTP requests securely to an authenticated server, such as an online banks site. An attacker would need to control some part of the domain-name infrastructure or conduct a man-in-the-middle attack to make use of a certificate.The problems in using the certificates were one piece of evidence that convinced Comodo that a nation-state had been behind the attacks, since a country, such as Iran, has control of its own DNS infrastructure.However, in an email to CSO, the hacker claims that controlling DNS requests are not difficult.There is “no need to access DNS infrastructure of entire Iran, I have my own personal targets and I already own a lot of these type of networks,” he wrote. “Owning a gateway of a network or owning a single PC in a target network with ARP (address resolution protocol) poisoning with my certs would solve too much problem for me.” Related content news UK government plans 2,500 new tech recruits by 2025 with focus on cybersecurity New apprenticeships and talent programmes will support recruitment for in-demand roles such as cybersecurity technologists and software developers By Michael Hill Sep 29, 2023 4 mins Education Industry Education Industry Education Industry news UK data regulator orders end to spreadsheet FOI requests after serious data breaches The Information Commissioner’s Office says alternative approaches should be used to publish freedom of information data to mitigate risks to personal information By Michael Hill Sep 29, 2023 3 mins Government Cybercrime Data and Information Security feature Cybersecurity startups to watch for in 2023 These startups are jumping in where most established security vendors have yet to go. By CSO Staff Sep 29, 2023 19 mins CSO and CISO Security news analysis Companies are already feeling the pressure from upcoming US SEC cyber rules New Securities and Exchange Commission cyber incident reporting rules don't kick in until December, but experts say they highlight the need for greater collaboration between CISOs and the C-suite By Cynthia Brumfield Sep 28, 2023 6 mins Regulation Data Breach Financial Services Industry Podcasts Videos Resources Events SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe