The hacker who stole more than 500 SSL certificates from a Dutch certificate authority and compromised Facebook, Google and Skype, as well as MI6 and CIA Web sites, has claimed another attack on the Dutch.
Known as the Comodo Hacker for breaking into the network of certificate authority Comodo and issuing fake certificates, the Iranian hacker identified himself as Ichsun and claimed to have struck back with another hacking operation in July, the DigiNotar.
In a message posted from a Pastebin account, the hacker justified his hacking of DigiNotar as vengeance for the failure of the Dutch military to protect Srebrenica in 1995, during the Bosnian War. The same account, however, was used in March to release details about the Comodo hacking, which confirmed that the identity of the miscreant is the same.
When Dutch government, exchanged 8000 Muslim for 30 Dutch soldiers and Animal Serbian soldiers killed 8000 Muslims in same day, Dutch government have to pay for it, nothing is changed, just 16 years has been passed, the hacker wrote.
Declaring loyalty Iran's government and spiritual leaders, the hacker warns about the most sophisticated hacking of the year which is yet to come and which will issue more bogus certificates. He said he still holds access to four unnamed but high-profile certificate authorities and can issue rogue certificates.
He published the alleged password for the domain administrator account on the Dutch company's network that again proved his presence in the hacking of DigiNotar. He promised to come back with more details on that.
Although he did not explain how the hacking had been done, he said Anonymous and LulzSec could learn from it as there were so many zero-day bugs, methods and skill shows.
The identity of the hacker is not yet confirmed as the security community is waiting for DigiNotar's confirmation or denial of the existence of the administrative credentials that the hacker claimed to have compromised.
Although Google, Mozilla, Microsoft are working hard to block the use of all DigiNotar certificates, this incident again posed a serious question on the fragility and security of information shared by millions of online users every day.