24 December 2011. A cites the source of GPS' RSA claims,
Andrew Presentation:
http://grothserver.princeton.edu/~groth/frs144s06/Presentations/Andrew_Presentation.ppt
Andrew Presentation also here:
http://www.scribd.com/doc/51162211/Andrew-Presentation
Andrew Presentation's sources:
http://www.sss-mag.com/pdf/Ss_jme_denayer_appl_print.pdf
(Slide 4)
http://pnt.gov/outreach/ieee2004/5-ImprovingTheGPSL1Signal.pdf
(Slide 5 dead link, see:)
http://web.archive.org/web/20060930113850/http://pnt.gov/outreach/ieee2004/5-
ImprovingTheGPSL1Signal.pdf
http://www.gpsworld.com/defense/warfighter/saasm-and-direct-py-signal-acquisition-754
(Slides 10, 11 and 12)
Partial Bibliography (Slide 15)
GPS World
National
Defense Magazine
GPS SPS Signal Specification, 2nd Edition (June 2, 1995) -
(http://www.navcen.uscg.gov/pubs/gps/sigspec/default.htm)
(dead link, see:)
http://web.archive.org/web/20030808171451/http://www.navcen.uscg.gov/pubs/gps/sigspec/default.htm
http://web.archive.org/web/20110429214230/http://www.navcen.uscg.gov/pubs/gps/sigspec/gpssps1.pdf
http://web.archive.org/web/20110429214230/http://www.navcen.uscg.gov/pubs/gps/sigspec/gpsspsa.pdf
Overview of the GPS M Code Signal -
(http://www.mitre.org/work/tech_papers/tech_papers_00/betz_overview/betz_overview.pdf)
24 December 2011. Additional discussion in UK
Cryptography archives:
http://www.chiark.greenend.org.uk/pipermail/ukcrypto/2011-December/thread.html
Also, an article which elaborates on the topic, citing Lockheed Martin, also
a target of ComodoHacker, as the drone manufacturer (DE):
http://www.tech-blog.net/comodohacker-gps-spoofing-durch-den-iran-rsa/
And, A comments on the Tech-Blog article:
Lockheed Martin & Boeing make the satellites:
http://en.wikipedia.org/wiki/USA-206
http://en.wikipedia.org/wiki/USA-213
22 December 2011. Typos and formatting corrected. Add another A
comment and an exchange
with a reader.
Iran GPS Spoofing and the RSA Cipher
A sends 21 December 2011:
Have you heard anything additional about Iran's spoofing of GPS to misdirect
the stealth drone to land it where they wanted?
Military-band GPS (M-code) is protected against spoofing by the RSA cipher.
In admitting that they spoofed military GPS are they admitting to the world
that they've cracked RSA?
ComodoHacker claimed [below] he had also broken
into EMC's RSA servers, and he claimed to be in pursuit of a cryptanalytic
attack against RSA.
Just wondering if you'd heard anybody else mention RSA in regards to Iran's
GPS spoofing.
If they really did spoof GPS to misdirect the drone they would have had to
have broken red-key mode M-code GPS, which is the military GPS signal used
in classified hardware (black-key mode is used in unclassified hardware).
They could have done this in two ways: 1) by fast-factoring large semiprimes
that are the basis of RSA, or 2) by stealing the secret red key.
Cryptome:
I have not heard of the RSA attack. There was a report today that the Russians
helped Iran intercept the drone:
http://www.intelligenceonline.com/north-america/government-intelligence
The Russian claim could be a cover-up of an RSA decrypt.
A:
Actually, I almost mentioned Russia in my original email.
GLONASS became globally operational only recently, October 2011. In
part GLONASS works by augmenting our GPS signals, and GLONASS would be capable
of spoofing our GPS signals at a high enough power to drown out the official
M-code signals (so long as they possess the RSA private keys).
Since 2008 I've been working on a method to fast-factor large semiprimes
with a friend of mine (maybe I've emailed you about this in the past). We've
made several advances that are previously unknown in the mathematics literature.
We found a unique prime number sieve that uses digital-roots and the Chinese
remainder theorem (it operates in an almost "numerological" manner and it
starts at the number 7); we found symmetries that hint at a branch-and-bound
contrapositive solution to Riemann's Zeta; etc.
Lately we've been submitting a bunch of the integer sequences that resulted
from our research to AT&T's Online Encyclopedia of Integer Sequences:
http://oeis.org/search?q=helkenberg
That article definitely looks worth checking out. Lemme know what you
find.
Cryptome:
The RU IR-drone snippet:
http://www.intelligenceonline.com/north-america/government-intelligence
The American drone RQ 170 was forced to land on December 4 while it was flying
over Iranian soil was guided down by Russian equipment. The aircrafts
presence was detected by peripheral installations that are part of the S300
antiaircraft system, and it was forced to land at a base in the desert region
of Tabas, some 250km from the frontier with Afghanistan, from where it had
come. To prove Iran had successfully intercepted the drone, Iranian television
broadcast strategic imagery captured by the state-of-the-art drone. Iranian
experts are understood to have begun taking the drone apart to understand
how it operates, which will help Iran to carry out a similar operation if
the opportunity presents itself. Relations between Irans military
industrial system, linked to the Guardians of the Revolution, or Pasdaran,
and Russias GRU make it probable that Iran will share the drones
secrets with the Russians.
A:
It is a simple intelligence community report, and not a technical dossier
leaked from Iran or Russia. Details are sketchy on our side, but Iran's supposed
admissions do corroborate what the CIA said about the plane losing contact
& veering off into Iran. Iran & Russia do have a lot of intellectual
human capital that are as capable as America's; they're no Pakistan or N.
Korea.
You can't expect much for 1.5 euros! But it was more specific than the scant
information available in the press. It's actually less likely that
a stealth drone was using C-code GPS than it is that Iran stole the RSA red
key to M-code GPS, but are we really talkin' odds here? ;)
Crypto-systems provide integrity & assurance, so we are either assured
that the drone was not landed with GPS spoofing, or we are assured that the
use of classified red-key RSA is compromised.
It isn't well-known that M-code uses RSA, but it isn't exactly a secret either,
so I'm just surprised that apparently I'm the only person alive openly wondering
about the relation of RSA integrity to the continuing claims of military
GPS spoofing by Iran &/or Russia.
M-code was designed for an improved key distribution system, so they can
ultimately recover integrity of GPS guidance so long as the keys were stolen
and not compromised through advancements in factoring techniques.
A:
It looks like a few articles were posted late yesterday on this topic:
http://www.airtrafficmanagement.net/view_news.asp?ID=4671
http://www.techweekeurope.co.uk/news/iranians-claim-hack-brought-us-drone-spy-plane-down-51005
http://www.theregister.co.uk/2011/12/21/spy_drone_hijack_gps_spoofing_implausible/
None of the articles mention RSA, and The Register article even goes so far
as to say that the GPS signals are unencrypted, which is just plain false.
These articles seem to be trying to say, "Er uh, it sounds too hard to spoof
C-code GPS; oh, and there's no such thing as M-code GPS..."
You might try to look up ComodoHacker's hyperbolic rants about being on the
verge of cracking RSA, since that kinda makes the connection between Iran
wanting to attack RSA and Iran claiming to attack a service that relies on
RSA.
Here's a PowerPoint that mentions GPS' use of RSA:
http://grothserver.princeton.edu/~groth/frs144s06/Presentations/Andrew_Presentation.ppt
A:
Additionally:
http://news.softpedia.com/news/Experts-Question-Iranian-GPS-Attack-to-Capture-Drone-242310.shtml
http://www.syssec.ethz.ch/research/ccs139-tippenhauer.pdf
Frankly, I can totally see why the-powers-that-be would not want to publicly
admit to a successful & sophisticated attack.
A later 22 December 2011:
Here are some interesting articles today from both sides of the propaganda
war, they contrast pretty well:
http://www.avionics-intelligence.com/news/2011/12/1568035031/capture-of-us-hi-tech-drone-signifies-
iran-s-power-in-electronic-warfare.html
http://www.avionics-intelligence.com/news/2011/12/1567969681/dude-where-s-my-drone.html
Gotta love the dismissive tone of the Lexington Institute.
End A comments.
Exchange between reader and A:
From: Ian Mason <ukcrypto[at]sourcetagged.ian.co.uk>
To: UK Cryptography Policy Discussion Group
<ukcrypto[at]chiark.greenend.org.uk>
Subject: Re: Iran GPS Spoofing and the RSA Cipher
Date: Thu, 22 Dec 2011 21:04:26 +0000
I do wish people would check their facts sometimes. The linked article
asserts that "GPS (M-code) is protected against spoofing by the RSA
cipher" - it is not, it's protected by a keyed PRNG. You don't have to
be an ace cryptologist to figure this out, you just need to look up
"GPS signal" on Wikipedia.
On 22 Dec 2011, at 16:33, John Young wrote:
> Iran GPS Spoofing and the RSA Cipher
>
> http://cryptome.org/0005/iran-rsa-cipher.htm
_____
Date: Thu, 22 Dec 2011 17:17:19 -0500
To: UK Cryptography Policy Discussion
Group<ukcrypto[at]chiark.greenend.org.uk>
From: John Young <cryptome[at]earthlink.net>
Subject: Re: Iran GPS Spoofing and the RSA Cipher
The article source responds:
[Quote]
PRNG means Pseudo-Random Number Generator. Other sources that discuss
GPS say simply "RNG". Another way of being equally ambiguous would
be to
call it a "keystream."
Any cryptosystem can be used as a source PRNG. The PRNG for M-code
GPS
is RSA, tell this cryptographer that. RSA is the RNG keystream, GPS
data
is the plaintext, and the M code signal is the ciphertext. To turn
the M code
ciphertext into GPS plaintext you need to replicate independently the same
RNG sequence used by the satellite to derive the GPS plaintext, to do this
you use RSA in either symmetric or asymmetric mode (as per red-key or
black-key M-code modes, respectively).
[Unquote]
ComodoHacker on Pastebin:
http://pastebin.com/u/ComodoHacker
[ComodoHacker paste which mentions RSA]
http://pastebin.com/74KXCaEZ
March 26, 2011
Hello
I'm writing this to all the world, so you'll know more about us..
At first I want to give some points, so you'll be sure I'm the hacker:
I hacked Comodo from InstantSSL.it, their CEO's e-mail address
mfpenco[at]mfpenco.com
Their Comodo username/password was: user: gtadmin password: globaltrust
Their DB name was: globaltrust and instantsslcms
Enough said, huh? Yes, enough said, someone who should know already knows...
Anyway, at first I should mention we have no relation to Iranian Cyber Army,
we don't change DNSes, we just hack and own.
I see Comodo CEO and other wrote that it was a managed attack, it was a planned
attack, a group of cyber criminals did it, etc.
Let me explain:
a) I'm not a group, I'm single hacker with experience of 1000 hacker, I'm
single programmer with experience of 1000 programmer, I'm single planner/project
manager with experience of 1000 project managers, so you are right, it's
managed by 1000 hackers, but it was only I with experience of 1000 hackers.
b) It was not really a managed hack. At first I decided to hack RSA algorithm,
I did too much investigation on SSL protocol, tried to find an algorithm
for factoring integer, for now I was not able to do so, at least not yet,
but I know it's not impossible and I'll prove it, anyway... I saw that there
is easier ways of doing it, like hacking a CA. I was looking to hack some
CAs like Thawthe, Verisign, Comodo, etc. I found some small vulnerabilities
in their servers, but it wasn't enough to gain access to server to sign my
CSRs. During my search about InstantSSL of Comodo, I found InstantSSL.it
which was doing same thing under control of Comodo. After a little try, easily
I got FULL access on the server, after a little investigation on their server,
I found out that TrustDll.dll takes care of signing. It was coded in C#.
Simply I decompiled it and I found username/password of their GeoTrust and
Comodo reseller account.
GeoTrust reseller URL was not working, it was in ADTP.cs. Then I found out
their Comodo account works and Comodo URL is active. I logged into Comodo
account and I saw I have right of signing using APIs. I had no idea of APIs
and how it works. I wrote a code in C# for signing my CSRs using POST request
to APIs, I learned their APIs so FAST and their TrustDLL.DLL was too old
and was sending too little parameters, it wasn't enough for signing a CSR.
As I said, I rewrote the code for !AutoApplySSL and !
PickUpSSL APIs, first API returns OrderID of placed Order and second API
returns entire signed certificate if you pass OrderID from previous call.
I learned all these stuff, re-wrote the code and generated CSR for those
sites all in about 10-15 minutes. I wasn't ready for these type of APIs,
these type of CSR generation, API calling, etc. But I did it very very fast.
Anyway, I know you are really shocked about my knowledge, my skill, my speed,
my expertise, that's all OK, all of it was so easy for me, I did more important
things I can't talk about, so if you have to worry, you can worry... I should
mention my age is 21
Let's back to reason of posting this message.
I'm telling this to the world, so listen carefully:
When USA and Israel write Stuxnet, nobody talks about it, nobody gots blamed,
nothing happened at all, so when I sign certificates nothing happens, I say
that, when I sign certificates nothing should happen. It's a simple deal.
When USA and Isarel could read my emails in Yahoo, Hotmail, Skype, Gmail,
etc. without any simple little problem, when they can spy using Echelon,
I can do anything I can. It's a simple rule. You do, I do, that's all. You
stop, I stop. It's rule #1 (My Rules as I rule to internet, you should know
it already...)
Rule#2: So why all the world got worried, internet shocked and all writers
write about it, but nobody writes about Stuxnet anymore? Nobody writes about
HAARP, nobody writes about Echelon... So nobody should write about SSL
certificates.
Rule#3: Anyone inside Iran with problems, from fake green movement to all
MKO members and two faced terrorist, should afraid of me personally. I won't
let anyone inside Iran, harm people of Iran, harm my country's Nuclear
Scientists, harm my Leader (which nobody can), harm my President, as I live,
you won't be able to do so. as I live, you don't have privacy in internet,
you don't have security in digital world, just wait and see...
Rule#4: Comodo and other CAs in the world: Never think you are safe, never
think you can rule the internet, rule the world with a 256 digit number which
nobody can find it's 2 prime factors, I'll show you how someone in my age
can rule the digital world.
Rule#5: To microsoft, mozilla and chrome who updated their softwares as soon
as instructions came from CIA. You are my targets too. Why Stuxnet's Printer
vulnerability patched after 2 years? Because it was need in Stuxnet? So you'll
learn sometimes you have to close your eyes on some stuff in internet, you'll
learn... You'll learn... I'll bring equality in internet. My orders will
equal to CIA orders, lol ;)
Rule#6: I'm a GHOST
Rule#7: I'm unstoppable, so afraid if you should afraid, worry if you should
worry.
A message in Persian: Janam Fadaye Rahbar
[Proof Of Hack 1]:
http://pastebin.com/DBDqm6Km
[Proof of Hack 2]:
http://pastebin.com/X8znzPWH
[UPDATE 1]:
http://pastebin.com/CvGXyfiJ
[UPDATE 2]:
http://pastebin.com/kkPzzGKW
[ComodoHacker paste which mentions RSA]
http://pastebin.com/CvGXyfiJ
28 March 2011
Some stupids in internet still cannot understand I'm behind the attack on
SSL, talks about their small understandings about my hack and makes me nervous.
Why you can't understand? What's your problem? If you have Psychological
or mental problems, don't write your ideas in internet, just surf, ok?
Here is another proof:
http://rapidshare.com/files/454806052/GlobalTrustTable.rar
I uploaded JUST 1 table of their ENTIRE database which I own.
Also ask Comodo about my hack, ask them what I did to them. Let me tell you
what I did:
I was logged in into their server via RDP (remote desktop), they detected
me and via hardware firewall, they added allowed IP for RDP, so I was no
longer able to login via RDP.
But I got UI control in their server just 2 days later, then I logged in
via roberto franchini's user/pass, then I formatted their external backup
HDD, it was LG with backup of all files inside it. I formatted it.
Then I stopped IIS, deleted all logs, not normal delete which could be recovered
with recovery tools, I deleted it with secure delete method and infact I
wiped them.
Then I noticed another backup in another drive, I deleted ALL files of it
with secure wiping method also and I left this session open with a notepad
message in their desktop with this text: "SURPRISE!"
What more I should say?
Stop talking about who was behind it, it's already proven.
Some people says, Microsoft wasn't aware of issue to patch Printer vulnerability.
It's simply wrong, it was in a security magazine, you never saw this:
http://www.computerworld.com/s/article/9187300/Microsoft_confirms_it_missed_Stuxnet_print_spooler_
zero_day_
Some others said I don't know about RSA, it's impossible to hack RSA, etc.
etc. etc.
Never judge so fast, never write anything you think in your head in internet,
most of my daily work focuses on encryption algorithms, differential
cryptanalysis, inventing new methods of attacks on encryption algorithms,
creating new secure encryption algorithms (symmetric and asymmetric), creating
secure hash algorithm, I told you, I can't talk about other things I did,
I don't see any use for it just giving away my work and causing more updates.
So simply keep your mouth shut and wait. I already created my own encryption
protocol, from asymmetric algorithm (for key exchange) to symmetric algorithm
for encrypting data to my own hash algorithm to sign encrypted algorithms.
You are so far from knowing about me...
Some others says APIs was easy, it was all documented, everything was inside
DLL so what I did about re-writing APIs, a person with experience of 1000
programmers had problems with APIs, LOL.
Do you know how many codes I wrote in C++ and Assembly language? Do you know
how much work I did in reversing Skype and it's undisclosed protocol? Man!
I create my own APIs, from web SOAP XML APIs to windows DLLs with exports.
I said I wasn't aware of !ApplySSL API and other needed APIs like PickUpSSL
and others.
I found that out when I was already logged into Comodo Partner's account
and I was sure they'll notice me soon, so I had to do my job fast.
TrustDLL.dll was too old, it's last modify date was end of 2007, APIs of
Comodo was changed and a lot of more crucial parameters was added, they wasn't
using TrustDLL anymore, as far as I understood, they was doing processing
and authenticating orders and signing CSRs manually. They had not too much
order in last years, about 1 order per 4-5 days for example. So don't worry,
I'm aware of APIs ;)
Some other said I'm not religious, "Janam Fadaye Rahbar" is political, not
religious, you are simply wrong. No need to explain more.
Some others said I said too much about myself and enjoyed myself too much,
if you were did same thing, wouldn't you enjoy like me? :))
Enough said, huh? Let's think more before writing stuff...
[ComodoHacker paste which mentions RSA]
http://pastebin.com/kkPzzGKW
29 March 2011
I got a lot of messages and responses with different ideas and I thought
it's time to response all of them:
a) "He (referring to me) is so self proud and bluffs about RSA", etc.
Yes, maybe I wrote too much good words about myself, but none of them was
wrong. Just I was too happy about my work, maybe I wrote more than what I
should.
About RSA. Some people who have no idea about encryption and encryption protocols
says that it's all wrong, I'm lying, it's impossible, etc.
I should say that about last 6 years of my life had been spent on encryption
and cryptanalysis, I cryptanalysis all type of encryption algorithms, I don't
want to talk about details of research and my work, just know that when people
in blackhat presented A5/1 rainbow table, that was too funny for me, such
huge database with problem of frequency hopping remaining unresolved, means
nothing. A5/1 could be broken easier with solution to frequency hopping in
so reasonable time. Just in addition I should say, I program for ARM and
AVR processors. Find it's relation and get what you should get. Forget it
if you don't understand relation. There is really much more to say on my
cryptanalysis work, but there is no use as more updates will come to corrupt
my work.
Anyway, yes, you are right I didn't broke RSA, but I'm in it's way, current
algorithm I own (for integer factorization) is far far faster than others
like Pollard's. I just don't focus on integer factoring, also I work on
cryptanalysis RSA itself, yes, I didn't found a way YET, but even if find
I won't publish it, just I'll use it. I hope RSA stuff keep close after this
comment.
b) "If he already broke UltraSurf or TOR, why he was looking for breaking
RSA or stealing certificates?"
- Good point, even if you break UltraSurf or TOR, you can't intercept HTTPS
traffic without them.
c) "Comodo hack was so easy, Italian reseller was insecure, hack was nothing,
it's trivial, simple hack, ..." etc.
- First of all, for some people, if you split the moon in the half, it's
nothing, they'll say you are a good magician, that's all, like what people
said to our Prophet when he actually did it.
Anyway, for whom who is not like people I mentioned above, it's not so simple
hack, it took me time, I hacked a lot of resellers, but I found out that
most of CAs verify customers in their own way. After a lot of research and
talking as a customer to CAs, I found out there is possible potential in
Comodo, I saw resellers can't verify customers, but Comodo partners can,
I hacked so much Comodo reseller account, but all of them was not able to
use ApplySSL API. They was able to use only OrderSSL API (I learned these
stuff after I owned instantssl.it) Anyway... From listed resellers of Comodo,
I owned 3 of them, not only Italian one, but I interested more in Italian
brach because they had too many codes, works, domains, (globaltrust, cybertech,
instantssl, etc.) so I thought they are more tied with Comodo.
After breach in insantssl.it, as you know default IIS configuration doesn't
let you to do so much thing, getting SYSTEM (highest level in windows OS,
like root in *nix) shell from that server with all updates installed and
AVG Anti-Virus wasn't easy.
After that I even installed keylogger on their server and I was monitoring
administrators who logged in, keylogger was mine which bypasses all AV and
Firewalls (including Kaspersky heuristic engine to Comodo Internet Security).
So do not try to make it look simple.
d) He's connected to somewhere, he's not alone, he's not 21 years old, he's
not from Iran, his english is good, his english is bad, ..........
- You don't deserve an actual answer, just I repeat, I'm from Iran, acting
alone, work and research on cryptography daily, I don't care ideas about
my english. That's all
At the end, I want to say my message to world leaders with problems with
Iran and Iranian people:
1) So counted green movement people in Iran isn't most of Iran, so when Obama
says I'm with Iranian young community, I should say as Iranian young simply
I hate you and I'm not with you, at least 90% of youngs in Iran will tell
you same thing, it's not my sentence. But you have bad advisors, they report
you wrong details, maybe you would think better if you have better advisors.
2) To Ashton and others who do their best to stop Iranian nuclear program,
to Israel who send terrorist to my country to terror my country's nuclear
scientist (http://www.presstv.com/detail/153576.html), these type of works
would not help you, you even can't stop me, there is a lot of more computer
scientist in Iran, when you don't hear about our works inside Iran, that's
simple, we don't share our findings as there is no use for us about sharing,
so don't think Iran is so simple country, behind today's technology, you
are far stronger then them, etc.
Iran will do it's job about nuclear program, as it's simple right of each
nation. Instead of struggling and obeying a fake regime's orders 22,072 km
area (sum of area of some cities in Iran) and 63 years back, join Iranian
people with 1000s years of civilization. Only loser of this fight is you.
If a person in my age reached this level of expertise and knowledge keep
the rest of olders and scientist in different areas like Physics, Chemistry,
Math and Technology.
Let's have a better world by not obeying 63 years old fake regime. That's
all I have to share with you right now.
Anyone interested in talk? Contact me at: ichsun [at sign goes here] ymail
[put a dot here] com
[ComodoHacker paste which mentions RSA]
http://pastebin.com/1AxH30em
5 September 2011
Hi again! I strike back again, huh?
I told all that I can do it again, I told all in interviews that I still
have accesses in Comodo resellers, I told all I have access to most of CAs,
you see that words now?
You know, I have access to 4 more so HIGH profile CAs, which I can issue
certs from them too which I will, I won't name them, I also had access to
StartCom CA, I hacked their server too with so sophisticated methods, he
was lucky by being sitted in front of HSM for signing, I will name just one
more which I still have access: GlobalSign, let me use these accesses and
CAs, later I'll talk about them too..
I won't talk so many detail for now, just I wanted to let the world know
that ANYTHING you do will have consequences, ANYTHING your country did in
past, you have to pay for it...
I was sure if I issue those certificates for myself from a company, company
will be closed and will not be able to issue certs anymore, Comodo was really
really lucky!
I thought if I issue certs from Dutch Gov. CA, they'll lose a lot of money:
http://www.nasdaq.com/aspx/dynamic_charting.aspx?selected=VDSI&timeframe=6m&charttype=line
But I remembered something and I hacked DigiNotar without more thinking in
anniversary of that mistake:
http://www.tepav.org.tr/en/kose-yazisi-tepav/s/2551
When Dutch government, exchanged 8000 Muslim for 30 Dutch soldiers and Animal
Serbian soldiers killed 8000 Muslims in same day, Dutch government have to
pay for it, nothing is changed, just 16 years has been passed. Dutch government's
13 million dollars which paid for DigiNotar will have to go DIRECTLY into
trash, it's what I can do from KMs away! It's enough for Dutch government
for now, to understand that 1 Muslim soldier worth 10000 Dutch government.
I'll talk technical details of hack later, I don't have time now... How I
got access to 6 layer network behind internet servers of DigiNotar, how I
found passwords, how I got SYSTEM privilage in fully patched and up-to-date
system, how I bypassed their nCipher NetHSM, their hardware keys, their RSA
certificate manager, their 6th layer internal "CERT NETWORK" which have no
ANY connection to internet, how I got full remote desktop connection when
there was firewalls that blocked all ports except 80 and 443 and doesn't
allow Reverse or direct VNC connections, more and more and more...
After I explain, you'll understand how sophisticated attack it was, It will
be a good hacking course for hackers like Anonymous and Lulzsec :) There
was so many 0-day bugs, methods and skill shows...
Have you ever heard of XUDA programming language which RSA Certificate manager
uses it? NO! I heard of it in RSA Certificate Manager and I learned programming
in it in same night, it is so unusual like greater than sign in all programming
languages is "<" but in XUDA it is "{"
Anyway... I'll talk about DigiNotar later! For now keep thinking about what
Dutch government did in 16 years ago in same day of my hack, I'll talk later
and I'll introduce to you MOST sophisticated hack of the year which will
come more, you have to also wait for other CA's certificates to be used by
me, then I'll talk about them too.
Interviews will be done via email ichsun [at] ymail.com
By the way, ask DigiNotar about this username/password combination:
Username: PRODUCTION\Administrator (domain administrator of certificate network)
Password: Pr0d[at]dm1n
It's not all about passwords or cracking them,
1) you can't have remote desktop connection in a really closed and protected
network by firewalls which doesn't allow Reverse VNC, VNC, remote desktop,
etc. by packet detection.
2) you can't even dump hashes of domain if you don't have admin privilege
to crack them
3) you can't access 6th layer network which have no ANY connection to internet
from internet
Yeah!
Bye for now
[ComodoHacker paste which mentions RSA]
7 September 2011
http://pastebin.com/GkKUhu35
Hi again
Some more clarification seems to be needed...
a) What you did affected Iranian users, you attacked Iranian people, etc.
etc. etc. bla bla bla
First of all people against Iranian government or Islam, even if they live
inside Iran, we can't count them as Iranian people, I can't! If they get
power to harm Islam and Iranian government, spying for foreign spying agencies
(Mossad, CIA, MI6), they won't miss it. If they get paid from a foreign secret
service, they can gather and send ANY information THEY CAN. These are not
people of Iran, these type of people was my target, not normal people, people
who don't have anything to do with secret services, Iran's enemies, Islam's
enemies, etc.
Second: this time attack was limited to Iran, next time, I'll own as more
as gateways in Israel, USA, Europe, as more as ISPs and attack will run there.
You know man, I give promises and I keep them, I say words and they just
happen, I told you wait and see previous time (Comodo case), now you see
more. For an example ask a little from LMI.NET Berkley's ISP, ask about user
Todd and password loc!666 (for example), ask if they detected that I was
owned their all Linux boxes and I got access to their DNS servers, you see?
I'm really sharp, powerful, dangerous and smart! I told in Comodo hack case
that I rule the internet, I'll bring equality of controlling internet like
USA for myself and you see I'm simply doing it, huh? How you are going to
stop me you Mossad animals? Like this:
http://www.silviacattori.net/article1421.html ? Israel still lives in age
of stones, they kill people they just can't see, they kill Palestinian children
and women, believe me, they shouldn't exists in this world. Hope to see that
day soon...
Third: Do you know meaning of "Unstoppable Genius Digital Hacker?"
b) Some small brains said in their articles that it was easy hack, passwords
was weak, it was a simple DNN bug, etc. etc. etc. bla bla bla blaaaa
First: If I gave all hackers of the world, ALL hackers by it's real meaning,
they wouldn't be able to reach that network behind all those firewalls, routers
and final networks without any access to internet which even doesn't have
internet connection. So shut the ....
Second: You think I generated SSL and code signing certificates by sending
some SQL queries or sending some requests or using some ready made in desktop
applications with 1234 password default? Ahhh man! Stop taking people's work
easy... There was netHSM with OpenBSD OS, only 1 port open, totally
closed/protected with RSA SecurID and SafeSign Token management systems,
they had around 8 smart card totally (a company with a lot of employees,
only 8 smart card for SSL generation), you see? It's not "simple DNN bug",
ok? I had remote desktop access in last RSA Certificate Manager system which
had no any connection to internet, all files was coded in XUDA (there is
no reference to XUDA programming language, even a single line), no one can
access those server via Remote desktop, there was enough firewalls and routers
which even blocked their own employeee to access that network. That network
had different domain controller with different users, man! There is so much
thing to explain, I'll do it later, just know it is most sophisticated hack
of all time, that's all!
Third: You only heards Comodo (successfully issued 9 certs for me -thanks
by the way-), DigiNotar (successfully generated 500+ code signing and SSL
certs for me -thanks again-), StartCOM (got connection to HSM, was generating
for twitter, google, etc. CEO was lucky enough, but I have ALL emails, database
backups, customer data which I'll publish all via cryptome in near future),
GlobalSign (I have access to their entire server, got DB backups, their linux
/ tar gzipped and downloaded, I even have private key of their OWN globalsign.com
domain, hahahaa).... BUT YOU HAVE TO HEAR SO MUCH MORE! SO MUCH MORE! At
least 3 more, AT LEAST! Wait and see, just wait a little bit like I said
in Comodo case.
P.S. In wikipedia of SSL, it should be added for future that I caused to
remove SSL or CA system security model, I have a special idea for private
communication via browsers which could be used instead of SSL, but why should
I share it and cause trouble for my own country? When USA and Israel can
read all emails they want in Gmail, in Yahoo, data in Facebook, Twitter,
etc. How my country should control those services? I'll help my own country
for it as I did and you saw it. If my country get equal right as USA in
controlling emails, I may share my brilliant unbreakable encryption system
for replacement of SSL and CA system.
World is shocked just by my Comodo and DigiNotar hack, what would happen
if I show my other skills in cryptography, cryptanalysis, binary analysis
(assessment), reversing, kernel programming, other high profiles servers
I hacked and extracted all needed information from them, etc. etc. Ohhh!
May they change internet model, hahahahaaaaa
P.S.S. never forget, I'm just 21, you have to see much more from me!
By the way, I heard that Comodo CEO (poor Melih) have talked again and said
it was again State sponsored and I'm not a single hacker bla bla... Dear
Melih, please wake up, I'm the only hacker, just I have shared some certs
with some people in Iran, that's all... Hacker is single, just know it
ComodoHacker on Twitter:
http://twitter.com/#!/ichsunx2
No mentions of RSA.
|