Is DigiNotar Hack another example of direct action?

The recent attack on DigiNotar, the Dutch certificate authority, ended with several hundred certificates compromised. This would allow a third-party to interfere with allegedly secure connections and eavesdrop on data one thinks is exchanged in encrypted communications. As media raised awareness on this, more and more SSL certificates are being revoked Hopefully, the overall impact on users’ privacy will be minimal.

In my opinion, the most interesting part concerns the reason behind the act itself. According to a post by ComodoHacker, responsible for the hack, this was to some extent politically motivated, as “Anything your country did in past, you have to pay for it”. The reference is explicitly named in the same post and in two more released September 6th:

"It effects entire world even your PC which you waste it by using it. You need to study more, study more about Srebrenica, study more about how Serbian soldiers was wild animal, how they was killing innocent people of Bosnia, it was 16 years ago, but nothing is changed, today see how Israel is killing Palestinian children. Yes, I can't do so much in real world against Israel, Dutch or any anti-Islam country, but I can destroy their IT infrastructure as I do, isn't it?"

If anyone thinks the actions of young Comodo (“a person who came to this world just 21 years ago”) are a simple display of power, I guess he or she is as wrong as it gets. The worrying fact is that he still has access to four additional CAs on behalf of which he can issue certificates and whose identity remains unknown. That, and his recent release of a copy of calculator.exe signed with a spoofed Google certificate.

Safe surfing everybody!

All product and company names mentioned herein are for identification purposes only and are the property of, and may be trademarks of, their respective owners.

About the author


With a humanities passion and background (BA and MA in Comparative Literature at the Faculty of Letters, University of Bucharest) - complemented by an avid interest for the IT world and its stunning evolution, I joined in the autumn of 2003 the chief editors' team from Niculescu Publishing House, as IT&C Chief Editor, where (among many other things) I coordinated the Romanian version of the well-known SAMS Teach Yourself in 24 Hours series. In 2005 I accepted two new challenges and became Junior Lecturer at the Faculty of Letters (to quote U2 - "A Sort of Homecoming") and Lead Technical Writer at BluePhoenix Solutions.

After leaving from BluePhoenix in 2008, I rediscovered "all that technical jazz" with the E-Threat Analysis and Communication Team at BitDefender, the creator of one of the industry's fastest and most effective lines of internationally certified security software. Here I produce a wide range of IT&C security-related content, from malware, spam and phishing alerts to technical whitepapers and press releases. Every now and then, I enjoy scrutinizing the convolutions of e-criminals' "not-so-beautiful mind" and, in counterpart, the new defensive trends throughout posts on www.hotforsecurity.com.

Balancing the keen and until late in night (please read "early morning") reading (fiction and comparative literature studies mostly) with Internet "addiction", the genuine zeal for my bright and fervid students with the craze for the latest discoveries in science and technology, I also enjoy taking not very usual pictures (I'm not a pro, but if you want to see the world through my lenses, here are some samples http://martzipan.blogspot.com), messing around with DTP programs to put out some nifty book layouts and wacky t-shirts, roaming the world (I can hardly wait to come back in the Big Apple), and last but not least, driving my small Korean car throughout the intricacies of our metropolis's traffic.