Donate for the Cryptome archive of 65.000 files from June 1996 to the present

24 December 2011. A cites the source of GPS' RSA claims, Andrew Presentation:

http://grothserver.princeton.edu/~groth/frs144s06/Presentations/Andrew_Presentation.ppt

Andrew Presentation also here:

http://www.scribd.com/doc/51162211/Andrew-Presentation

Andrew Presentation's sources:

http://www.sss-mag.com/pdf/Ss_jme_denayer_appl_print.pdf (Slide 4)

http://pnt.gov/outreach/ieee2004/5-ImprovingTheGPSL1Signal.pdf (Slide 5 dead link, see:)

http://web.archive.org/web/20060930113850/http://pnt.gov/outreach/ieee2004/5-
ImprovingTheGPSL1Signal.pdf

http://www.gpsworld.com/defense/warfighter/saasm-and-direct-py-signal-acquisition-754 (Slides 10, 11 and 12)

Partial Bibliography (Slide 15)

GPS World

National Defense Magazine

GPS SPS Signal Specification, 2nd Edition (June 2, 1995) - (http://www.navcen.uscg.gov/pubs/gps/sigspec/default.htm) (dead link, see:)

http://web.archive.org/web/20030808171451/http://www.navcen.uscg.gov/pubs/gps/sigspec/default.htm

http://web.archive.org/web/20110429214230/http://www.navcen.uscg.gov/pubs/gps/sigspec/gpssps1.pdf

http://web.archive.org/web/20110429214230/http://www.navcen.uscg.gov/pubs/gps/sigspec/gpsspsa.pdf

Overview of the GPS M Code Signal - (http://www.mitre.org/work/tech_papers/tech_papers_00/betz_overview/betz_overview.pdf)

24 December 2011. Additional discussion in UK Cryptography archives:

http://www.chiark.greenend.org.uk/pipermail/ukcrypto/2011-December/thread.html

Also, an article which elaborates on the topic, citing Lockheed Martin, also a target of ComodoHacker, as the drone manufacturer (DE):

http://www.tech-blog.net/comodohacker-gps-spoofing-durch-den-iran-rsa/

And, A comments on the Tech-Blog article:

Lockheed Martin & Boeing make the satellites:

http://en.wikipedia.org/wiki/USA-206

http://en.wikipedia.org/wiki/USA-213


22 December 2011. Typos and formatting corrected. Add another A comment and an exchange with a reader.

Iran GPS Spoofing and the RSA Cipher


A sends 21 December 2011:

Have you heard anything additional about Iran's spoofing of GPS to misdirect the stealth drone to land it where they wanted?

Military-band GPS (M-code) is protected against spoofing by the RSA cipher.

In admitting that they spoofed military GPS are they admitting to the world that they've cracked RSA?

ComodoHacker claimed [below] he had also broken into EMC's RSA servers, and he claimed to be in pursuit of a cryptanalytic attack against RSA.

Just wondering if you'd heard anybody else mention RSA in regards to Iran's GPS spoofing.

If they really did spoof GPS to misdirect the drone they would have had to have broken red-key mode M-code GPS, which is the military GPS signal used in classified hardware (black-key mode is used in unclassified hardware).

They could have done this in two ways: 1) by fast-factoring large semiprimes that are the basis of RSA, or 2) by stealing the secret red key.


Cryptome:

I have not heard of the RSA attack. There was a report today that the Russians helped Iran intercept the drone:

http://www.intelligenceonline.com/north-america/government-intelligence

The Russian claim could be a cover-up of an RSA decrypt.


A:

Actually, I almost mentioned Russia in my original email.

GLONASS became globally operational only recently, October 2011.  In part GLONASS works by augmenting our GPS signals, and GLONASS would be capable of spoofing our GPS signals at a high enough power to drown out the official M-code signals (so long as they possess the RSA private keys).

Since 2008 I've been working on a method to fast-factor large semiprimes with a friend of mine (maybe I've emailed you about this in the past). We've made several advances that are previously unknown in the mathematics literature. We found a unique prime number sieve that uses digital-roots and the Chinese remainder theorem (it operates in an almost "numerological" manner and it starts at the number 7); we found symmetries that hint at a branch-and-bound contrapositive solution to Riemann's Zeta; etc.

Lately we've been submitting a bunch of the integer sequences that resulted from our research to AT&T's Online Encyclopedia of Integer Sequences: http://oeis.org/search?q=helkenberg

That article definitely looks worth checking out.  Lemme know what you find.


Cryptome:

The RU IR-drone snippet:

http://www.intelligenceonline.com/north-america/government-intelligence

The American drone RQ 170 was forced to land on December 4 while it was flying over Iranian soil was guided down by Russian equipment. The aircraft’s presence was detected by peripheral installations that are part of the S300 antiaircraft system, and it was forced to land at a base in the desert region of Tabas, some 250km from the frontier with Afghanistan, from where it had come. To prove Iran had successfully intercepted the drone, Iranian television broadcast strategic imagery captured by the state-of-the-art drone. Iranian experts are understood to have begun taking the drone apart to understand how it operates, which will help Iran to carry out a similar operation if the opportunity presents itself. Relations between Iran’s military industrial system, linked to the Guardians of the Revolution, or Pasdaran, and Russia’s GRU make it probable that Iran will share the drone’s secrets with the Russians.


A:

It is a simple intelligence community report, and not a technical dossier leaked from Iran or Russia. Details are sketchy on our side, but Iran's supposed admissions do corroborate what the CIA said about the plane losing contact & veering off into Iran. Iran & Russia do have a lot of intellectual human capital that are as capable as America's; they're no Pakistan or N. Korea.

You can't expect much for 1.5 euros! But it was more specific than the scant information available in the press.  It's actually less likely that a stealth drone was using C-code GPS than it is that Iran stole the RSA red key to M-code GPS, but are we really talkin' odds here? ;)

Crypto-systems provide integrity & assurance, so we are either assured that the drone was not landed with GPS spoofing, or we are assured that the use of classified red-key RSA is compromised.

It isn't well-known that M-code uses RSA, but it isn't exactly a secret either, so I'm just surprised that apparently I'm the only person alive openly wondering about the relation of RSA integrity to the continuing claims of military GPS spoofing by Iran &/or Russia.

M-code was designed for an improved key distribution system, so they can ultimately recover integrity of GPS guidance so long as the keys were stolen and not compromised through advancements in factoring techniques.


A:

It looks like a few articles were posted late yesterday on this topic:

http://www.airtrafficmanagement.net/view_news.asp?ID=4671

http://www.techweekeurope.co.uk/news/iranians-claim-hack-brought-us-drone-spy-plane-down-51005

http://www.theregister.co.uk/2011/12/21/spy_drone_hijack_gps_spoofing_implausible/

None of the articles mention RSA, and The Register article even goes so far as to say that the GPS signals are unencrypted, which is just plain false. These articles seem to be trying to say, "Er uh, it sounds too hard to spoof C-code GPS; oh, and there's no such thing as M-code GPS..."

You might try to look up ComodoHacker's hyperbolic rants about being on the verge of cracking RSA, since that kinda makes the connection between Iran wanting to attack RSA and Iran claiming to attack a service that relies on RSA.

Here's a PowerPoint that mentions GPS' use of RSA:

http://grothserver.princeton.edu/~groth/frs144s06/Presentations/Andrew_Presentation.ppt


A:

Additionally:

http://news.softpedia.com/news/Experts-Question-Iranian-GPS-Attack-to-Capture-Drone-242310.shtml

http://www.syssec.ethz.ch/research/ccs139-tippenhauer.pdf

Frankly, I can totally see why the-powers-that-be would not want to publicly admit to a successful & sophisticated attack.


A later 22 December 2011:

Here are some interesting articles today from both sides of the propaganda war, they contrast pretty well:

http://www.avionics-intelligence.com/news/2011/12/1568035031/capture-of-us-hi-tech-drone-signifies-
iran-s-power-in-electronic-warfare.html

http://www.avionics-intelligence.com/news/2011/12/1567969681/dude-where-s-my-drone.html

Gotta love the dismissive tone of the Lexington Institute.


End A comments.


Exchange between reader and A:

From: Ian Mason <ukcrypto[at]sourcetagged.ian.co.uk>
To: UK Cryptography Policy Discussion Group <ukcrypto[at]chiark.greenend.org.uk>
Subject: Re: Iran GPS Spoofing and the RSA Cipher
Date: Thu, 22 Dec 2011 21:04:26 +0000

I do wish people would check their facts sometimes. The linked article 
asserts that "GPS (M-code) is protected against spoofing by the RSA 
cipher" - it is not, it's protected by a keyed PRNG. You don't have to 
be an ace cryptologist to figure this out, you just need to look up 
"GPS signal" on Wikipedia.

On 22 Dec 2011, at 16:33, John Young wrote:

> Iran GPS Spoofing and the RSA Cipher
>
> http://cryptome.org/0005/iran-rsa-cipher.htm

_____

Date: Thu, 22 Dec 2011 17:17:19 -0500
To: UK Cryptography Policy Discussion Group<ukcrypto[at]chiark.greenend.org.uk>
From: John Young <cryptome[at]earthlink.net>
Subject: Re: Iran GPS Spoofing and the RSA Cipher

The article source responds:

[Quote]

PRNG means Pseudo-Random Number Generator.  Other sources that discuss
GPS say simply "RNG".  Another way of being equally ambiguous would be to
call it a "keystream."

Any cryptosystem can be used as a source PRNG.  The PRNG for M-code GPS
is RSA, tell this cryptographer that.  RSA is the RNG keystream, GPS data
is the plaintext, and the M code signal is the ciphertext.  To turn the M code
ciphertext into GPS plaintext you need to replicate independently the same
RNG sequence used by the satellite to derive the GPS plaintext, to do this
you use RSA in either symmetric or asymmetric mode (as per red-key or
black-key M-code modes, respectively).

[Unquote]


ComodoHacker on Pastebin:

http://pastebin.com/u/ComodoHacker


[ComodoHacker paste which mentions RSA]

http://pastebin.com/74KXCaEZ

March 26, 2011

Hello

I'm writing this to all the world, so you'll know more about us..

At first I want to give some points, so you'll be sure I'm the hacker:

I hacked Comodo from InstantSSL.it, their CEO's e-mail address mfpenco[at]mfpenco.com

Their Comodo username/password was: user: gtadmin password: globaltrust

Their DB name was: globaltrust and instantsslcms

Enough said, huh? Yes, enough said, someone who should know already knows...

Anyway, at first I should mention we have no relation to Iranian Cyber Army, we don't change DNSes, we just hack and own.

I see Comodo CEO and other wrote that it was a managed attack, it was a planned attack, a group of cyber criminals did it, etc.

Let me explain:

a) I'm not a group, I'm single hacker with experience of 1000 hacker, I'm single programmer with experience of 1000 programmer, I'm single planner/project manager with experience of 1000 project managers, so you are right, it's managed by 1000 hackers, but it was only I with experience of 1000 hackers.

b) It was not really a managed hack. At first I decided to hack RSA algorithm, I did too much investigation on SSL protocol, tried to find an algorithm for factoring integer, for now I was not able to do so, at least not yet, but I know it's not impossible and I'll prove it, anyway... I saw that there is easier ways of doing it, like hacking a CA. I was looking to hack some CAs like Thawthe, Verisign, Comodo, etc. I found some small vulnerabilities in their servers, but it wasn't enough to gain access to server to sign my CSRs. During my search about InstantSSL of Comodo, I found InstantSSL.it which was doing same thing under control of Comodo. After a little try, easily I got FULL access on the server, after a little investigation on their server, I found out that TrustDll.dll takes care of signing. It was coded in C#. Simply I decompiled it and I found username/password of their GeoTrust and Comodo reseller account.

GeoTrust reseller URL was not working, it was in ADTP.cs. Then I found out their Comodo account works and Comodo URL is active. I logged into Comodo account and I saw I have right of signing using APIs. I had no idea of APIs and how it works. I wrote a code in C# for signing my CSRs using POST request to APIs, I learned their APIs so FAST and their TrustDLL.DLL was too old and was sending too little parameters, it wasn't enough for signing a CSR. As I said, I rewrote the code for !AutoApplySSL and !

PickUpSSL APIs, first API returns OrderID of placed Order and second API returns entire signed certificate if you pass OrderID from previous call. I learned all these stuff, re-wrote the code and generated CSR for those sites all in about 10-15 minutes. I wasn't ready for these type of APIs, these type of CSR generation, API calling, etc. But I did it very very fast.

Anyway, I know you are really shocked about my knowledge, my skill, my speed, my expertise, that's all OK, all of it was so easy for me, I did more important things I can't talk about, so if you have to worry, you can worry... I should mention my age is 21

Let's back to reason of posting this message.

I'm telling this to the world, so listen carefully:

When USA and Israel write Stuxnet, nobody talks about it, nobody gots blamed, nothing happened at all, so when I sign certificates nothing happens, I say that, when I sign certificates nothing should happen. It's a simple deal.

When USA and Isarel could read my emails in Yahoo, Hotmail, Skype, Gmail, etc. without any simple little problem, when they can spy using Echelon, I can do anything I can. It's a simple rule. You do, I do, that's all. You stop, I stop. It's rule #1 (My Rules as I rule to internet, you should know it already...)

Rule#2: So why all the world got worried, internet shocked and all writers write about it, but nobody writes about Stuxnet anymore? Nobody writes about HAARP, nobody writes about Echelon... So nobody should write about SSL certificates.

Rule#3: Anyone inside Iran with problems, from fake green movement to all MKO members and two faced terrorist, should afraid of me personally. I won't let anyone inside Iran, harm people of Iran, harm my country's Nuclear Scientists, harm my Leader (which nobody can), harm my President, as I live, you won't be able to do so. as I live, you don't have privacy in internet, you don't have security in digital world, just wait and see...

Rule#4: Comodo and other CAs in the world: Never think you are safe, never think you can rule the internet, rule the world with a 256 digit number which nobody can find it's 2 prime factors, I'll show you how someone in my age can rule the digital world.

Rule#5: To microsoft, mozilla and chrome who updated their softwares as soon as instructions came from CIA. You are my targets too. Why Stuxnet's Printer vulnerability patched after 2 years? Because it was need in Stuxnet? So you'll learn sometimes you have to close your eyes on some stuff in internet, you'll learn... You'll learn... I'll bring equality in internet. My orders will equal to CIA orders, lol ;)

Rule#6: I'm a GHOST

Rule#7: I'm unstoppable, so afraid if you should afraid, worry if you should worry.

A message in Persian: Janam Fadaye Rahbar

[Proof Of Hack 1]: http://pastebin.com/DBDqm6Km

[Proof of Hack 2]: http://pastebin.com/X8znzPWH

[UPDATE 1]: http://pastebin.com/CvGXyfiJ

[UPDATE 2]: http://pastebin.com/kkPzzGKW


[ComodoHacker paste which mentions RSA]

http://pastebin.com/CvGXyfiJ

28  March 2011

Some stupids in internet still cannot understand I'm behind the attack on SSL, talks about their small understandings about my hack and makes me nervous.

Why you can't understand? What's your problem? If you have Psychological or mental problems, don't write your ideas in internet, just surf, ok?

Here is another proof:

http://rapidshare.com/files/454806052/GlobalTrustTable.rar

I uploaded JUST 1 table of their ENTIRE database which I own.

Also ask Comodo about my hack, ask them what I did to them. Let me tell you what I did:

I was logged in into their server via RDP (remote desktop), they detected me and via hardware firewall, they added allowed IP for RDP, so I was no longer able to login via RDP.

But I got UI control in their server just 2 days later, then I logged in via roberto franchini's user/pass, then I formatted their external backup HDD, it was LG with backup of all files inside it. I formatted it.

Then I stopped IIS, deleted all logs, not normal delete which could be recovered with recovery tools, I deleted it with secure delete method and infact I wiped them.

Then I noticed another backup in another drive, I deleted ALL files of it with secure wiping method also and I left this session open with a notepad message in their desktop with this text: "SURPRISE!"

What more I should say?

Stop talking about who was behind it, it's already proven.

Some people says, Microsoft wasn't aware of issue to patch Printer vulnerability. It's simply wrong, it was in a security magazine, you never saw this:

http://www.computerworld.com/s/article/9187300/Microsoft_confirms_it_missed_Stuxnet_print_spooler_
zero_day_

Some others said I don't know about RSA, it's impossible to hack RSA, etc. etc. etc.

Never judge so fast, never write anything you think in your head in internet, most of my daily work focuses on encryption algorithms, differential cryptanalysis, inventing new methods of attacks on encryption algorithms, creating new secure encryption algorithms (symmetric and asymmetric), creating secure hash algorithm, I told you, I can't talk about other things I did, I don't see any use for it just giving away my work and causing more updates. So simply keep your mouth shut and wait. I already created my own encryption protocol, from asymmetric algorithm (for key exchange) to symmetric algorithm for encrypting data to my own hash algorithm to sign encrypted algorithms. You are so far from knowing about me...

Some others says APIs was easy, it was all documented, everything was inside DLL so what I did about re-writing APIs, a person with experience of 1000 programmers had problems with APIs, LOL.

Do you know how many codes I wrote in C++ and Assembly language? Do you know how much work I did in reversing Skype and it's undisclosed protocol? Man! I create my own APIs, from web SOAP XML APIs to windows DLLs with exports.

I said I wasn't aware of !ApplySSL API and other needed APIs like PickUpSSL and others.

I found that out when I was already logged into Comodo Partner's account and I was sure they'll notice me soon, so I had to do my job fast.

TrustDLL.dll was too old, it's last modify date was end of 2007, APIs of Comodo was changed and a lot of more crucial parameters was added, they wasn't using TrustDLL anymore, as far as I understood, they was doing processing and authenticating orders and signing CSRs manually. They had not too much order in last years, about 1 order per 4-5 days for example. So don't worry, I'm aware of APIs ;)

Some other said I'm not religious, "Janam Fadaye Rahbar" is political, not religious, you are simply wrong. No need to explain more.

Some others said I said too much about myself and enjoyed myself too much, if you were did same thing, wouldn't you enjoy like me? :))

Enough said, huh? Let's think more before writing stuff...


[ComodoHacker paste which mentions RSA]

http://pastebin.com/kkPzzGKW

29 March 2011

I got a lot of messages and responses with different ideas and I thought it's time to response all of them:

a) "He (referring to me) is so self proud and bluffs about RSA", etc.

Yes, maybe I wrote too much good words about myself, but none of them was wrong. Just I was too happy about my work, maybe I wrote more than what I should.

About RSA. Some people who have no idea about encryption and encryption protocols says that it's all wrong, I'm lying, it's impossible, etc.

I should say that about last 6 years of my life had been spent on encryption and cryptanalysis, I cryptanalysis all type of encryption algorithms, I don't want to talk about details of research and my work, just know that when people in blackhat presented A5/1 rainbow table, that was too funny for me, such huge database with problem of frequency hopping remaining unresolved, means nothing. A5/1 could be broken easier with solution to frequency hopping in so reasonable time. Just in addition I should say, I program for ARM and AVR processors. Find it's relation and get what you should get. Forget it if you don't understand relation. There is really much more to say on my cryptanalysis work, but there is no use as more updates will come to corrupt my work.

Anyway, yes, you are right I didn't broke RSA, but I'm in it's way, current algorithm I own (for integer factorization) is far far faster than others like Pollard's. I just don't focus on integer factoring, also I work on cryptanalysis RSA itself, yes, I didn't found a way YET, but even if find I won't publish it, just I'll use it. I hope RSA stuff keep close after this comment.

b) "If he already broke UltraSurf or TOR, why he was looking for breaking RSA or stealing certificates?"

- Good point, even if you break UltraSurf or TOR, you can't intercept HTTPS traffic without them.

c) "Comodo hack was so easy, Italian reseller was insecure, hack was nothing, it's trivial, simple hack, ..." etc.

- First of all, for some people, if you split the moon in the half, it's nothing, they'll say you are a good magician, that's all, like what people said to our Prophet when he actually did it.

Anyway, for whom who is not like people I mentioned above, it's not so simple hack, it took me time, I hacked a lot of resellers, but I found out that most of CAs verify customers in their own way. After a lot of research and talking as a customer to CAs, I found out there is possible potential in Comodo, I saw resellers can't verify customers, but Comodo partners can, I hacked so much Comodo reseller account, but all of them was not able to use ApplySSL API. They was able to use only OrderSSL API (I learned these stuff after I owned instantssl.it) Anyway... From listed resellers of Comodo, I owned 3 of them, not only Italian one, but I interested more in Italian brach because they had too many codes, works, domains, (globaltrust, cybertech, instantssl, etc.) so I thought they are more tied with Comodo.

After breach in insantssl.it, as you know default IIS configuration doesn't let you to do so much thing, getting SYSTEM (highest level in windows OS, like root in *nix) shell from that server with all updates installed and AVG Anti-Virus wasn't easy.

After that I even installed keylogger on their server and I was monitoring administrators who logged in, keylogger was mine which bypasses all AV and Firewalls (including Kaspersky heuristic engine to Comodo Internet Security). So do not try to make it look simple.

d) He's connected to somewhere, he's not alone, he's not 21 years old, he's not from Iran, his english is good, his english is bad, ..........

- You don't deserve an actual answer, just I repeat, I'm from Iran, acting alone, work and research on cryptography daily, I don't care ideas about my english. That's all

At the end, I want to say my message to world leaders with problems with Iran and Iranian people:

1) So counted green movement people in Iran isn't most of Iran, so when Obama says I'm with Iranian young community, I should say as Iranian young simply I hate you and I'm not with you, at least 90% of youngs in Iran will tell you same thing, it's not my sentence. But you have bad advisors, they report you wrong details, maybe you would think better if you have better advisors.

2) To Ashton and others who do their best to stop Iranian nuclear program, to Israel who send terrorist to my country to terror my country's nuclear scientist (http://www.presstv.com/detail/153576.html), these type of works would not help you, you even can't stop me, there is a lot of more computer scientist in Iran, when you don't hear about our works inside Iran, that's simple, we don't share our findings as there is no use for us about sharing, so don't think Iran is so simple country, behind today's technology, you are far stronger then them, etc.

Iran will do it's job about nuclear program, as it's simple right of each nation. Instead of struggling and obeying a fake regime's orders 22,072 km area (sum of area of some cities in Iran) and 63 years back, join Iranian people with 1000s years of civilization. Only loser of this fight is you.

If a person in my age reached this level of expertise and knowledge keep the rest of olders and scientist in different areas like Physics, Chemistry, Math and Technology.

Let's have a better world by not obeying 63 years old fake regime. That's all I have to share with you right now.

Anyone interested in talk? Contact me at: ichsun [at sign goes here] ymail [put a dot here] com


[ComodoHacker paste which mentions RSA]

http://pastebin.com/1AxH30em

5 September 2011

Hi again! I strike back again, huh?

I told all that I can do it again, I told all in interviews that I still have accesses in Comodo resellers, I told all I have access to most of CAs, you see that words now?

You know, I have access to 4 more so HIGH profile CAs, which I can issue certs from them too which I will, I won't name them, I also had access to StartCom CA, I hacked their server too with so sophisticated methods, he was lucky by being sitted in front of HSM for signing, I will name just one more which I still have access: GlobalSign, let me use these accesses and CAs, later I'll talk about them too..

I won't talk so many detail for now, just I wanted to let the world know that ANYTHING you do will have consequences, ANYTHING your country did in past, you have to pay for it...

I was sure if I issue those certificates for myself from a company, company will be closed and will not be able to issue certs anymore, Comodo was really really lucky!

I thought if I issue certs from Dutch Gov. CA, they'll lose a lot of money:

http://www.nasdaq.com/aspx/dynamic_charting.aspx?selected=VDSI&timeframe=6m&charttype=line

But I remembered something and I hacked DigiNotar without more thinking in anniversary of that mistake:

http://www.tepav.org.tr/en/kose-yazisi-tepav/s/2551

When Dutch government, exchanged 8000 Muslim for 30 Dutch soldiers and Animal Serbian soldiers killed 8000 Muslims in same day, Dutch government have to pay for it, nothing is changed, just 16 years has been passed. Dutch government's 13 million dollars which paid for DigiNotar will have to go DIRECTLY into trash, it's what I can do from KMs away! It's enough for Dutch government for now, to understand that 1 Muslim soldier worth 10000 Dutch government.

I'll talk technical details of hack later, I don't have time now... How I got access to 6 layer network behind internet servers of DigiNotar, how I found passwords, how I got SYSTEM privilage in fully patched and up-to-date system, how I bypassed their nCipher NetHSM, their hardware keys, their RSA certificate manager, their 6th layer internal "CERT NETWORK" which have no ANY connection to internet, how I got full remote desktop connection when there was firewalls that blocked all ports except 80 and 443 and doesn't allow Reverse or direct VNC connections, more and more and more...

After I explain, you'll understand how sophisticated attack it was, It will be a good hacking course for hackers like Anonymous and Lulzsec :) There was so many 0-day bugs, methods and skill shows...

Have you ever heard of XUDA programming language which RSA Certificate manager uses it? NO! I heard of it in RSA Certificate Manager and I learned programming in it in same night, it is so unusual like greater than sign in all programming languages is "<" but in XUDA it is "{"

Anyway... I'll talk about DigiNotar later! For now keep thinking about what Dutch government did in 16 years ago in same day of my hack, I'll talk later and I'll introduce to you MOST sophisticated hack of the year which will come more, you have to also wait for other CA's certificates to be used by me, then I'll talk about them too.

Interviews will be done via email ichsun [at] ymail.com

By the way, ask DigiNotar about this username/password combination:

Username: PRODUCTION\Administrator (domain administrator of certificate network)

Password: Pr0d[at]dm1n

It's not all about passwords or cracking them,

1) you can't have remote desktop connection in a really closed and protected network by firewalls which doesn't allow Reverse VNC, VNC, remote desktop, etc. by packet detection.

2) you can't even dump hashes of domain if you don't have admin privilege to crack them

3) you can't access 6th layer network which have no ANY connection to internet from internet

Yeah!

Bye for now


[ComodoHacker paste which mentions RSA]

7 September 2011

http://pastebin.com/GkKUhu35

Hi again

Some more clarification seems to be needed...

a) What you did affected Iranian users, you attacked Iranian people, etc. etc. etc. bla bla bla

First of all people against Iranian government or Islam, even if they live inside Iran, we can't count them as Iranian people, I can't! If they get power to harm Islam and Iranian government, spying for foreign spying agencies (Mossad, CIA, MI6), they won't miss it. If they get paid from a foreign secret service, they can gather and send ANY information THEY CAN. These are not people of Iran, these type of people was my target, not normal people, people who don't have anything to do with secret services, Iran's enemies, Islam's enemies, etc.

Second: this time attack was limited to Iran, next time, I'll own as more as gateways in Israel, USA, Europe, as more as ISPs and attack will run there. You know man, I give promises and I keep them, I say words and they just happen, I told you wait and see previous time (Comodo case), now you see more. For an example ask a little from LMI.NET Berkley's ISP, ask about user Todd and password loc!666 (for example), ask if they detected that I was owned their all Linux boxes and I got access to their DNS servers, you see? I'm really sharp, powerful, dangerous and smart! I told in Comodo hack case that I rule the internet, I'll bring equality of controlling internet like USA for myself and you see I'm simply doing it, huh? How you are going to stop me you Mossad animals? Like this: http://www.silviacattori.net/article1421.html ? Israel still lives in age of stones, they kill people they just can't see, they kill Palestinian children and women, believe me, they shouldn't exists in this world. Hope to see that day soon...

Third: Do you know meaning of "Unstoppable Genius Digital Hacker?"

b) Some small brains said in their articles that it was easy hack, passwords was weak, it was a simple DNN bug, etc. etc. etc. bla bla bla blaaaa

First: If I gave all hackers of the world, ALL hackers by it's real meaning, they wouldn't be able to reach that network behind all those firewalls, routers and final networks without any access to internet which even doesn't have internet connection. So shut the ....

Second: You think I generated SSL and code signing certificates by sending some SQL queries or sending some requests or using some ready made in desktop applications with 1234 password default? Ahhh man! Stop taking people's work easy... There was netHSM with OpenBSD OS, only 1 port open, totally closed/protected with RSA SecurID and SafeSign Token management systems, they had around 8 smart card totally (a company with a lot of employees, only 8 smart card for SSL generation), you see? It's not "simple DNN bug", ok? I had remote desktop access in last RSA Certificate Manager system which had no any connection to internet, all files was coded in XUDA (there is no reference to XUDA programming language, even a single line), no one can access those server via Remote desktop, there was enough firewalls and routers which even blocked their own employeee to access that network. That network had different domain controller with different users, man! There is so much thing to explain, I'll do it later, just know it is most sophisticated hack of all time, that's all!

Third: You only heards Comodo (successfully issued 9 certs for me -thanks by the way-), DigiNotar (successfully generated 500+ code signing and SSL certs for me -thanks again-), StartCOM (got connection to HSM, was generating for twitter, google, etc. CEO was lucky enough, but I have ALL emails, database backups, customer data which I'll publish all via cryptome in near future), GlobalSign (I have access to their entire server, got DB backups, their linux / tar gzipped and downloaded, I even have private key of their OWN globalsign.com domain, hahahaa).... BUT YOU HAVE TO HEAR SO MUCH MORE! SO MUCH MORE! At least 3 more, AT LEAST! Wait and see, just wait a little bit like I said in Comodo case.

P.S. In wikipedia of SSL, it should be added for future that I caused to remove SSL or CA system security model, I have a special idea for private communication via browsers which could be used instead of SSL, but why should I share it and cause trouble for my own country? When USA and Israel can read all emails they want in Gmail, in Yahoo, data in Facebook, Twitter, etc. How my country should control those services? I'll help my own country for it as I did and you saw it. If my country get equal right as USA in controlling emails, I may share my brilliant unbreakable encryption system for replacement of SSL and CA system.

World is shocked just by my Comodo and DigiNotar hack, what would happen if I show my other skills in cryptography, cryptanalysis, binary analysis (assessment), reversing, kernel programming, other high profiles servers I hacked and extracted all needed information from them, etc. etc. Ohhh! May they change internet model, hahahahaaaaa

P.S.S. never forget, I'm just 21, you have to see much more from me!

By the way, I heard that Comodo CEO (poor Melih) have talked again and said it was again State sponsored and I'm not a single hacker bla bla... Dear Melih, please wake up, I'm the only hacker, just I have shared some certs with some people in Iran, that's all... Hacker is single, just know it


ComodoHacker on Twitter:

http://twitter.com/#!/ichsunx2

No mentions of RSA.