Comodohacker speaks

I wrote an article about the Comodo hack for Deutsche Welle here. The following is an introduction to the full interview (further below) with Comodohacker.

On March 15, 2011, a major Internet-security company, Comodo, said that it sustained a major security breach, by allowing nine “SSL certificates,” to be issued in their name. These certificates are used to digitally authenticate a secure connection to websites like Gmail, Hotmail and Skype. The hacker acquired fake certificates for Gmail, Hotmail, Google, Yahoo, Skype, and Mozilla. However, once this attack became known, those certificates were revoked, eliminating their risk of being used for malicious purposes. On Tuesday, Comodo further announced on an security e-mail list that two more registration authority accounts had been compromised.

The first breach came through a Comodo partner in Italy, GlobalTrust, which had its network compromised apparently by an Iranian hacker. Comodo disclosed the attack on its company blog on March 23, but noted that “this may be the result of an attacker attempting to lay a false trail.” Computer security experts often note that they can never be 100 percent certain of the origins of such a breach.

However, security researchers are very concerned that if a Iranian government agents or other malicious agents could duplicate this attack, then that could create serious problems.

“In theory, an Iranian attempting to log into his Yahoo account, for example, could have been misdirected to a fake site,” wrote Mikko Hypponen, the chief research officer at F-Secure in Finland, on his company’s blog last week.

“That would allow the perpetrators to obtain a host of online information including contents of email, passwords and usernames, while monitoring activity on the dummy sites. Since the targeted sites offer communication services, not financial transactions, Comodo said it seemed clear the hackers sought information, not money.”

Last Saturday, March 26, someone claiming to be the “ComodoHacker,” began posting messages and technical details of the attack, leading many to believe that he was, indeed, responsible for these breaches. Comodohacker said that he was a self-taught, 21-year-old university student in Iran.

To learn more, Icontacted him using the e-mail address that he provided on these posts. However, it is impossible to verify with 100 percent certainty the claims that he makes. His responses have only been edited for spelling and clarity.

Cyrus Farivar: What’s your name, and where do you live in Iran? What school do you attend? How can you prove that you are in Iran?

ComodoHacker: My name is ComodoHacker. University, I don’t want to prove it, I already sent my political views and my writeups shows I’m from Iran. Anyone doesn’t believe, I think have personal problems, no offense.

What was your ultimate goal in terms of cracking the system of digital certificates? How were you trying to use them, presuming you’re not working with the government? Why these specific targets, Yahoo, Skype, et cetera?

I answered this question too much time. First of all, I should say, there is no Green Movement in Iran, just some gangsters with woods and stones, attacks normal people in a day they get out. Really they are counted and they just harm people.

From here, I say to them, stop being a gang and hear the voice of people of Iran, do not obey instructions who comes from people outside of Iran, they don’t have power to do anything, they just use you for their targets, they write reports about how they managed [protesters] in Tehran and get paid, what you can in return? Jail.

Let’s back to idea of its usage. MKO members [Note: an Islamic socialist organization that advocates the overthrow of the Islamic Republic of Iran] have secure private networks in Germany, France, Canada, USA, Iraq, Jordan. Other Green Movement leaders mostly reside in USA.

Some remaining and counted people lives in Iran. Accessing and owning their private networks, maybe already done, maybe I’ll do it. But with a good control on their gateway and my signed certificates everything would go well, right?

A group of people who just harm and have no use for people, should not have privacy in digital world, with zero-day bugs [Note: A flaw in a security system that the operators of that system are unaware of] I have which I don’t want to even name vulnerable software or hardware, owning network itself is so easy. For decrypting traffic, I need some other tools which I gathered. I invite Comodo CEO to talk, I don’t want to talk about second breach to Comodo.

Comodo was lucky for detecting me, who knows? Maybe another not popular [certificate authority] decided to not talk. Or maybe they didn’t notice anything (at least not yet)?

I said it once, as I live, privacy in Internet is impossible. I would be happy to publish PGP and GPG keyrings of these gangsters which they think protect them. Enough said. Enjoy surfing Internet.

You’ve said that you acted alone. Do you understand why that’s hard for a lot of people to believe?

It’s because people don’t understand power of Iranian scientist, they also didn’t believe our power in physics, in laser, in sending satellites, to be honest, I’m tired of explaining my country’s potential, when we decide to do something, we just do.

Everything isn’t what you see, everything isn’t materials you touch, there is some stuff you can’t see, like God, sometimes God helps some people. Most of people doesn’t understand, it’s exactly what Holy Quran says. That’s someone like me in my age owns Internet security structure alone, decrypt most of encryption protocols, breaks A5/1, breaks other software/hardware which I don’t want to talk about them.

Have you had any contact with anyone in the Iranian government, Sepah [Islamic Revolutionary Guard Corps], Basij, Gerdab.ir or anyone else in that vein prior to, during, or subsequent to this attack?

No, to be honest, [I’ve been wondering] about it also, no one can reach me personally via tracing that IP, that’s not my actual IP, I have too much tunnels, in fact I tried to be completely hidden and being appeared from another country’s IP, but I didn’t noticed my tunnel’s VPN connection disconnected from target server. So they saw my first tunnel. I thought some people inside Iran, some press or any other org. will contact me, but no one contacted me, maybe they didn’t find my email address or they got so deep in that IP. Who knows?

Why post on Pastebin about the hack? Why did you wait four days until after Jacob Appelbaum‘s [Note: an American security researcher] original post to respond? Why attract attention to yourself?

Because I saw a lot of false allegations about my hack, some said it was Iranian government, some said I’m from Cyber Army, etc. I decided to tell the truth about it. I don’t like to see my work assigned to someone else, in previous works.

Comodo said on its blog: “The IP address of the initial attack was recorded and has been determined to be assigned to an ISP in Iran.” Why didn’t you conceal your IP better, presuming you are actually in Iran?

Answered above.

What’s next for you?

All encryption systems/protocols CIA have access to them but my country doesn’t. I’ll reverse/cryptanalysis/attack in any method I can, owning servers, breaking algorithm, reversing code to break them and bring equality.

As I said in my first post, CIA have access to all e-mails of me, a copy of my e-mail goes to CIA officals before even reaching you, I want same rights, why not?

Funny printer bug patched two years after being public, because creators of Stuxnet (USA and Israel) ordered so. So I have my own zero-days for several highly critical softwares which I don’t want to even name them, I use them on my targets, no one should patch it. I love equality.

I’m Iranian-American, so I don’t doubt the capability of Iran or Iranians. 🙂

But still, you haven’t quite answered this basic question: What was your ultimate goal and what did you plan on doing with these certificates, and why target these specific companies, Yahoo, Skype, etc?

Decrypting traffic of anti-Islamic republic groups like MKO and Green Movement leaders like Balatarin and other site’s members, I already own a lot of their networks. It will help me to decrypt all their encrypted communications. Their private networks are located in France, Germany, Jordan, USA and Canada. Some of them also connected to people in Iran via VPNs. They should know from now, they are insecure, I got what I wanted, Comodo published breach, others don’t that’s all.

Fmr. US State Dept. official in Tehran Henry Precht on WikiLeaks

The following message was sent to the Gulf2000 email list on December 19, 2010 and is re-printed here below with his permission. Henry Precht is a retired Foreign Service officer who was country director for Iran during the Iranian Revolution and subsequent hostage crisis. -CF

As I understand it, Wikileaks has captured a huge half of State Department cable reports — the less interesting half. As Frank Rettenberg has written, the really good stuff is sent under captions (EXDIS, NODIS, etc.) that restrict distribution. Each Department principal (assistant secretary and above) will have a flunky whose job it is to winnow the traffic that arrives hourly. Into the burn bag go much of the reporting that Wikileaks is publishing; into it also goes lots of the restricted traffic that provides no special insights. What is left are the relatively few messages that are read by policy-making eyes. The Wikileaks material is destined mainly for desk officers whose knowledge is supposed to be encyclopedic and must constantly be affirmed.

The Wikileaks stuff is generated by political officers whose words are designed to give the flavor and context of life abroad, frequently, but not always, in support of established US positions. (The Department has difficulty coming up with nominees for its dissent awards.) Thus, I imagine an Iran listening post will report on the complaints of dissatisfied Iranians while not considering it news when a regime supporter praises A/N. Not unusually, the reporter may also try to elaborate on the news described and published by journalists, i.e., the accepted wisdom. The most useful reporting is when Washington is taken by surprise by a conversation or observation.

So how did the views of various Gulf royals about Iran slip into the Wikileaks collection? Perhaps a mistake in classification. (That will surely not again be repeated.) Perhaps, the reporting officer did not consider the views as news, having been frequently expressed in cables. Similarly, the unflattering descriptions of various European leaders were probably considered part of the commonly accepted truths appearing in the press — and thus not requiring special (EXDIS) protection.

In my distant day, a certain etiquette was observed in references to favored foreign leaders. I don’t recall ever reading a rude word about the leadership of Israel, or Sadat or the early Mubarak, or the Shah. Fear of leaks? Or the bended knee syndrome? Whatever the reason there was every inclination to protect friends and to avoid open discussion of our differences with them. Once an economic officer in Embassy Tehran, completing a four-year tour, wrote a detailed memo describing corruption in high places. Only two copies were made and they were closely guarded. Perhaps the occupiers of the Embassy have published it. Generally, speaking they did a much more comprehensive job a (if selective on certain subjects) of exposing official communications to the daylight.

Unhappily, the sheer volume of Wikileaks material will weigh heavily on US diplomacy for years to come. Foreigners will be less forthcoming with our officers; the reports produced by those officers will be more restricted in circulation. It will be harder to conduct our business under those conditions.

Henry Precht
Bethesda, Maryland

Iranian blogging pioneer temporarily released from prison

I just filed this latest update to the ongoing Hoder saga.

Iranian-Canadian blogger Hossein Derakhshan was temporarily released from a Tehran prison, after having been incarcerated for 26 months, according to a report Thursday on Mashregh News, a conservative Iranian news website.

The site was among the first to report Derakhshan’s conviction at the end of September on charges of “conspiring with hostile governments, disseminating anti-Islamic propaganda, disseminating anti-revolutionary propaganda, blasphemy, and operating and managing obscene pornography websites.”

The account was confirmed by a source close to the Derakhshan family, who wished to remain anonymous and said Derakhshan was “happy to be out,” adding “we have been pushing for this for months, especially after his trial, but it has always been refused.”

The same source also told Deutsche Welle that Derakhshan “will be out for a couple of days only,” and that the family had put up $1.5 million (1.3 million euros) worth of bail to ensure Derakhshan returns to prison when demanded by authorities.

More here.

Canadian FM Lawrence Cannon on Hossein Derakhshan’s jail sentence

I emailed the Ministry of Foreign Affairs in Ottawa and received this statement back from Melissa Lantsman, on behalf of Canada’s Foreign Minister, Lawrence Cannon.

“We are deeply concerned about the news of this severe sentence. Our officials continue to seek confirmation of these reports from Tehran.

If true, this is completely unacceptable and unjustifiable. Canada believes that no one should be punished anywhere for simply exercising one’s inherent right to freedom of expression.

His situation is complicated by his dual nationality which is not recognized by the Iranian authorities. Iran must release him and other dual-nationals who have been unjustly detained.

Since learning of Hossein Derakhshan’s arrest in November 2008, Canadian government officials have been in contact with Iranian authorities, including by diplomatic note and through high level meetings, to seek consular access.

We will continue to press the Iranian authorities on Mr. Derakhshan’s behalf and urge Iran to fully respect all of its human rights obligations, both in law and in practice”.

Lawrence Cannon
Minister of Foreign Affairs
Canada

Hossein Derakhshan sentenced to 19.5 years in prison

A conservative Persian news website, Mashregh News, is reporting that Iranian-Canadian blogging pioneer Hossein Derakhshan has been found guilty of “conspiring with hostile governments, disseminating anti-Islamic propaganda, disseminating anti-revolutionary propaganda, blasphemy, annd operating and managing obscene pornography websites.”

He is ordered to serve 19.5 years in prison, is banned for five years from joining any Iranian political party and is required to pay €30,750, $2,900 and 200 British pounds. The article also states that the sentence can be appealed.

Upon seeing this link, I sent it over to my Derakhshan family contact, who confirmed this information.

More info coming soon as this story develops. I will contact the Canadian authorities to see if they have any further information.

Paris Mayor Bertrand Delanoë speaks out for Hossein Derakhshan

The mayor of Paris, Bertrand Delanoë, released a statement (in French) today in support of Hossein Derakhshan. I have translated it below to the best of my ability.

—BEGIN ENGLISH TRANSLATION—

I have learned with dismay and the utmost concern that the death penalty was requested, Wednesday, September 22, by the prosecutor of Tehran, at the trial of the young blogger, Hossein Derakhshan.

He is a high cultural figure and is a figure for freedom of expression in an also-threatened Iran. Hossein Derakhshan’s blog, written in both Persian and English, is one of the world’s most visited sites that express the voice of a free Iran.

Hossein Derakhshan is a man of peace, which was especially shown during his two trips to Israel, and because of his texts “contributing to a rapprochement between Tel-Aviv and Tehran,” — this is why today he is in danger.

He is also a man of great culture, openness and dialogue. And he is a friend of France and Paris. As someone fascinated by the philosophical works of Foucault, Derrida and Deleuze, he is linked to our city and its new generation of entrepeneurs and creators.

In the name of Paris, I solemnly call upon the judicial authorities of Tehran to not condemn Hossein Derakhshan to death. And I invite the mobilization of all of our energies to save this honorable, courageous and dignified life.

—BEGIN PERSIAN TRANSLATION—

نامه شهردار پاریس، برتران دولانوه، در حمایت از آزادی حسین درخشان

من با بهت وحیرت و نگرانی فراوان دریافتم که در تاریخ چهارشنبه ۲۲ سپتامبر از سوی دادستان تهران مجازات اعدام برای وبلاگ نویس جوان، حسین درخشان درخواست شده است

با این عمل چهرهٔ والای فرهنگ و آزادی بیان در ایران است که تهدید شده است. وبلاگ حسین درخشان، نوشته شده به زبان فارسی و انگلیسی، یکی ازپرخواننده ترین سایت های جهان است که به بیان نوای ایران آزاد می پردازد حسین درخشان انسانی طالب صلح است. او اکنون به خصوص به خاطر دو سفرش به اسراییل و نوشته هایش “برای کمک به ایجاد روابط حسنه میان تهران و تل آویو”، دربند میباشد

او همچنین ، انسانی با فرهنگ، دارای اندیشه ای باز و طالب گفتگوست. از دوستان فرانسه و پاریس محسوب میشود، شیفتهُ کارهای فلاسفه ای چون فوکو، دریدا و دلوز، و با شهر ما و نسل جدید کارآفرینان و طراحانش بسیار مأنوس میباشد

من از طرف شهر پاریس از مقامات قضایی تهران درخواست دارم که از حسین درخشان رفع اتهام کنند و از همه دعوت میکنم که برای نجات این زندگی پر افتخار، شجاع و پرعزت به تلاش در آیند

Translation/Copyright: Forgani.com

Hossein Derakhshan’s mother speaks

Editor’s Note: This is a English translation of an interview originally done in Persian by Kamtarin, published on September 21, 2010. I did not translate this interview myself, nor have I been in direct contact with Kamtarin nor Ozra Kiarashpour, Hossein’s mother, but my Derakhshan family source did confirm the authenticity of this interview and the accuracy of the translation.

—BEGIN TRANSLATION—

Salman, a writer with the website Kamtarin, conducted an interview with Ozra Kiarashpour, the mother of Hossein Derakhshan about her son’s situation:

Hello Ms. Derakhshan, thank you for agreeing to the interview with us.

Hello, I really don’t know what will help Hossein and what will harm him, and the only thing I can do is to pray for him. These days I am really bewildered and so is Hossein’s poor dad.

How is Hossein doing psychologically these days?

He is extremely overwhelmed and listless. He seems really depressed. He is really tired of being in limbo, being in jail, and being alone for two years. He says he spends most of the day sleeping.

He recently requested to at least be transferred to the general ward but instead they agreed to move him to a different and better room, and potted a rose plant for him.

Are you able to visit Hossein?

For over a year we’ve had routine visitation with him once a week, but during the first eight months of his detention we had no visitation and didn’t know where he was.

How do the prison authorities behave during your visitation?

It depends on who is there on any particular day but the majority of time they are respectful.

There are still some who doubt that Hossein is in Prison and there were even some who were saying that Hossein is staying at a villa in Zafaraniya [a wealthy area of Tehran] where he is helping the government. Don’t you think the reason for these rumors is linked to the fact that you haven’t really dealt with the media?

I pray that those people never have to endure the pain that we are going through. During the early months of Hossein’s detention we were very confused, didn’t know what was going on, and didn’t know what we should do. On the one hand, Hossein had requested that we not speak to foreign media. And the domestic media wasn’t interested in us. Even with all of this, Hossein’s father and I wrote a letter to the Head of the Judiciary that was published in a number of places.

And once the air cleared a bit, my daughter set up a blog to provide information about Hossein’s situation. These two years have been very difficult for us. Hossein’s father had several cardiac episodes. At the time when they told Hossein that his father had had a heart attack, he wasn’t allowed to use the phone. My child cried so much and blamed himself so much, which was even more painful for Hossein’s father and I. But we didn’t even tell Hossein that his father was upset because half of what upset Hossein in prison has to do with us.

You wrote a post for the blog that you said was called “Justice for Hossein Derakhshan,” are you familiar with blogging and with computers?

Since my children are often traveling abroad, I have to use the Internet as a means of communication. Could it be possible that I know nothing about blogging? The truth is that Hossein used to talk our heads off about blogging. All that we are suffering unfortunately started with Hossein’s blogging.

Had Hossein come to Iran by invitation of the government?

Hossein had had some conversations with Press TV about working in their Tehran office. Even during the days before his arrest, he would sometimes go to their office since we didn’t have high speed internet at home. Before his return to Iran, the High Council of Iranian Affairs Abroad promised Hossein that his trip would be without problem. He had cleared his trip with this Council which is governmental and which is in contact with the Intelligence service. That’s why even though Hossein knew that they would call him to be questioned, he did not expect to be arrested like this and hadn’t told us what to do in case he was arrested.

A representative from the Council told us that they pursued his case on behalf of the Council but that unfortunately they couldn’t do anything further. Why are there such splits in the country’s security apparatus?

Is Hossein accused of espionage?

Absolutely not, I don’t know how these people who constantly accuse Hossein of these things can live with their own conscience. If Hossein is a spy and had a security project, then why hasn’t the documentation for this turned up anywhere? And why wasn’t espionage part of Hossein’s charges?

What do you think the Judge’s ruling will be?

We can’t do anything about the judge’s ruling except to pray since other than God no one knows what the future will bring. The prosecutor has asked for the severest sentence possible to punish Hossein and to make an example of him. As Hossein’s mother, and not as someone whose family has sacrificed much for the sake of the Revolution, I want to ask why are they making an example of Hossein rather than making a role model of him? He is someone who repented and returned to serve his country and is ready to criticize his past thoughts and actions. Are you making an example to prove to people that repenting is useless? To show that supporting the ruling system will have this outcome? All these years, this family has been a steadfast supporter of this ruling system, and Hossein is one of us. It is not fair that you should punish him so severely for honestly conveying his life experiences over these years.

If Hossein is freed, will he leave Iran?

Hossein had grown really tired of living abroad and even now to make us feel better he says, I may have been in prison these past two years in Iran but before that I was in prison abroad.

Thank you for the interview, we hope that Hossein’s situation is resolved soon.

Canadian government response to Derakhshan case

Hello Cyrus,

Here is the comment I can provide at this time:

Since learning of Hossein Derakhshan’s arrest in November 2008, DFAIT officials have been in contact with Iranian authorities, including by diplomatic note and through high level meetings, to seek consular
access.

Iran does not legally recognize dual nationality. As such, Canadian- Iranians are considered to be Iranian under local law. The consular assistance that may be provided by Canadian consular officials to Canadian-Iranian nationals is very limited. This limitation is noted in DFAIT’s travel report for Iran (www.voyage.gc.ca), under “Dual Nationality”.

Despite the Iranian government’s position, we consider Mr. Derakhshan to be a Canadian citizen. We will continue to press the Iranian authorities for access, as we have in similar cases involving dual nationals in other jurisdictions. Canada continues to urge Iran to fully respect all of its human rights obligations, both in law and in practice.

Due to the Privacy Act, no further information can be released at this time.

Thanks!
Lisa

Lisa Monette
Spokesperson/Porte-parole
Department of Foreign Affairs and International Trade/
Ministère des affaires étrangères et du commerce international