Is DigiNotar Hack another example of direct action?
The recent attack on DigiNotar, the Dutch certificate authority, ended with several hundred certificates compromised. This would allow a third-party to interfere with allegedly secure connections and eavesdrop on data one thinks is exchanged in encrypted communications. As media raised awareness on this, more and more SSL certificates are being revoked Hopefully, the overall impact on users’ privacy will be minimal.
In my opinion, the most interesting part concerns the reason behind the act itself. According to a post by ComodoHacker, responsible for the hack, this was to some extent politically motivated, as “Anything your country did in past, you have to pay for it”. The reference is explicitly named in the same post and in two more released September 6th:
"It effects entire world even your PC which you waste it by using it. You need to study more, study more about Srebrenica, study more about how Serbian soldiers was wild animal, how they was killing innocent people of Bosnia, it was 16 years ago, but nothing is changed, today see how Israel is killing Palestinian children. Yes, I can't do so much in real world against Israel, Dutch or any anti-Islam country, but I can destroy their IT infrastructure as I do, isn't it?"
If anyone thinks the actions of young Comodo (“a person who came to this world just 21 years ago”) are a simple display of power, I guess he or she is as wrong as it gets. The worrying fact is that he still has access to four additional CAs on behalf of which he can issue certificates and whose identity remains unknown. That, and his recent release of a copy of calculator.exe signed with a spoofed Google certificate.
Safe surfing everybody!
All product and company names mentioned herein are for identification purposes only and are the property of, and may be trademarks of, their respective owners.