Monday, March 28, 2011

Interview with ComodoHacker

I had an e-mail exchange with the ComodoHacker. The original was one e-mail request, followed by an e-mail response. I've interleaved the two, but otherwise I haven't edited the questions/answers. Original statements from him are posts at http://pastebin.com/u/ComodoHacker. Note that I've verified the private key matches the public key, so this is the hacker (beyond a reasonable doubt).


Do you still have the original certificates (with the private keys)? I think that's the one thing that would convince the stupids, although what you've posted so far convinces me.
a) I already posted mozilla certificate: http://pastebin.com/X8znzPWH
Editor's note: this contains the "private" key, which only the hacker could have known, or somebody else with private access to Comodo's servers. I've verified it.


Are you a college student? Do you study in Iran or abroad? Have you traveled abroad? Do you study computers and cryptography as your primary subject? Or part time?
b) Yes, I'm student. I'm in Iran and I never traveled abroad. I study software engineering, but my main interest is cryptography and most of my time (around 15 hours a day) spent on cryptography and cryptanalysis.


Are you connected with your government? Or with some other organization like
the Basij? In much the same way that you might believe everyone in America works
for the CIA, we make the assumption that every hacker in Iran was trained by your
government.
c) I don't have any relation with Basij or gov. I don't say that all hackers are connected to CIA, I just say to people who I really think they are, see: http://cryptome.org/0003/tor-spy.htm


Where did you learn about cryptography and hacking. Are there books in Persian? English books? Or are you self-taught, learning from the Internet?
d) I'm self taught, books in Persian and English, but mostly papers in internet, short papers from experts like Bruce Schneier, RSA people (Ron, Adi and Leonard) and specially David Wagner. I learned programming in Qbasic when I was 9, I started learning cryptography when I was 13

I also started hacking too early, I think I was 12-13, I started in age of IIS 4 exploits, like jill.exe, jack.exe, IIS Unicode exploits, stuff like:
HTTP request to IIS with:
/scripts/..%5c..%5c..%5c..%5cwinnt/system32/cmd.exe

to execute cmd

Then I learned web application hacks, SQL injections, remote file include, local file include, etc. etc. etc.

I'm also expert in windows binary analysis, like malware analysis, discovering vulnerabilities in binaries, exploiting vulnerabilities, heap overflows, stack overflows, double free, vtable overwrite, etc.

I discover vulnerabilities in softwares or re-write stable proof of concept code for published exploits.


What are your politics? Obviously, you oppose the green-movement. In America,
all we saw was the protests from the green-movement point of view. Our press
never reported the opposite point of view.
e) Green movement is nothing in Iran, just some young gangs with stones and woods in hand attacks people and stores and break glasses and burns garbages some often, if they had any ideology or anything to talk about, they were already said it. They just makes problem for normal people, their heads are connected to western gov. and intelligence services, so absolutely I hate them. They are my target, I already decrypted most of protocols they use to encrypt their data (thing that already all try to do), I won't let anyone inside Iran to disturb Iranian people, I say to them again, you have no privacy in internet, be careful.


How did the hack start? How did you break into that first machine? SQL injection? Guess a password? How did you get "trustdll.dll"?
f) SQL injection, then privilage escalation, got SYSTEM shell, remote desktop, investigation and I discovered trustdll.dll :)
Editor's note: "SQL injection" is the most common attack on the Internet today. In his pastebin posts, the hacker describes what he did with the 'remote desktop' and decompiling 'trustdll.dll'

22 comments:

BatteRy said...

I as an Iranian just tell you everybody this man is just a basidji kind of freak...!

don't even doubt about it, he's 100% a basidji and working for Iran's intelligence agency. Iran's government is freaking fearful and worried about the internet because as much as they filter the websites at last they can't do a $hit!

just look @ what he said:

"" Green movement is nothing in Iran, just some young gangs with stones and woods in hand attacks people and stores and break glasses and burns garbages some often, if they had any ideology or anything to talk about, they were already said it. They just makes problem for normal people, their heads are connected to western gov. and intelligence services, so absolutely I hate them. They are my target, I already decrypted most of protocols they use to encrypt their data (thing that already all try to do), I won't let anyone inside Iran to disturb Iranian people, I say to them again, you have no privacy in internet, be careful. ""

if green movement is "nothing" and they're a few people hanging around making troubles SO (a big SO) WHY ARE YOU SO MUCH WORRIED ABOUT THEM???!!! (we have a saying in Persian defines them "worried like a dog!")...

you freak and whoever thinks like you can't EVEN gather 20k people whom are there by themselves (khodjoosh) in Tehran (a 15 million populated so damn big city)! all you can do to gather your supporters are moving and gathering the poor people of villages and small cities and by buses and vehicles and send them to Tehran's streets; BUT 90% of those ones you think they're your supporters are not really supporters! they're just coming because of free food and sometimes money...! just ONCE don't give them free food and money and you'll see you have NO supporter everybody hates you and you don't even have 5% of Iran's populations with you...

you said "if they had any ideology or anything to talk about, they were already said it." they told and they wanted to tell you everybody wanted to end everything with discussions, arguments, etc and everybody wanted a change the government's behavior and the wrong politics which are made our beloved Iran into a low country of the world... a very low country... why don't you just understand? most of the people don't agree what you think and most of the people don't like you and your ideology...

they wanted to tell you; BUT, BUT, BUT, YOU and whoever thinks like you, YOU DIDN'T LET THEM TO TELL! you didn't let the people to have peaceful arguments. you closed all of the opposition medias such as newspapers and even their offices, you blocked all of the oppositions' websites, you sent whoever doesn't think like you into the JAIL... then you lie to some foreigners who don't even know what's happening in Iran and whatever happens in Iran is just another action movie @ cnn and fox...!

BatteRy said...
This comment has been removed by the author.
BatteRy said...

and at last paragraph you said "I won't let anyone inside Iran to disturb Iranian people" ! what the hell man...?! where were you in the past 2 years and when more than 100 people of your country had been killed by the government's forces (those * basidjis) on the streets and in the jails such as "Kahrizak"...? where were you? huh...? where were you when those *** were killing your brothers and sisters in the streets of Tehran and other cities one and half a year ago on 1388, Khordad? where were you in the past 30 years when the ones you support them and you think like them killed tens of thousands of Iranian people? the hands of the ones you support are covered with Iranian people's blood (esp Khameneii and his friends and lately his son)... where are you? help us oh lord ComodoHacker help us oh... the nasty mollah's gov...!

you are just so disgusting... you are a so much hated kind of people in Iran...

and we have another saying in Persian which describes you:

"a blind man is able to wake up (and enter light of the knowledge into his mind) but a man who is not blind but wanted to be blind (wanted to deny the light of the knowledge) it is impossible to wake him up"

goodbye my Hacker friend! and please don't be angry of what i said; WHY NOT we all live in Iran in peace and be friends instead of killing each other? why not? do you think any of these fu**ing ideologies worth harming our fellows and our country's people?

what you are doing now is just wrong and it's absolutly opposit of what you said abou the people that "I won't let anyone inside Iran to disturb Iranian people"... what you're doing is being used by the government (which is not popular) to harm a very big part of the people of our country... whoever you like or hate they're all Iranian people and we're all living in Iran... why don't you come and join the people for a better Iran where everybody lives in PEACE with no fear of government's assassins and hackers etc...

just for one minute think about what you are doing and what you really believe in... they're 360 degrees different!

Unknown said...

Thank you said ..
Green Movement is unnumbered ...
dear comodohacker are you really in iran ?
basidjis ..
they are killers
killing us ...
just search YouTube ...
http://www.youtube.com/watch?v=KWod532prgU

0xAli said...

Aside from the political stuff, the technical side of the story adds up.

Excellent review, analysis and interview Robert!

0xAli said...

Aside from the political stuff, the technical side of the story adds up.

Excellent review, analysis and interview Robert!

Unknown said...

Dear ComodoHacker,
please keep your mouth shut about the current state of Iran, we all are iranian people, seems you're quite blind about what happend & what's happening to iranian people right now, if you're so clever and you're claiming you have passion to your country Iran, just Please DO NOT FORGET people like NEDA & all of the other people who killed innocent by Government and Basij oraganization,
Can you remember the days in Iran full of BLOOD & people who never want AHMADINEZHAD anymore?
What people at GOV did? Did day heared the people sounds?
The answer of all these questions are No, you're not aware, the gov DIDN'T WANT to hear the people's sounds & as easy as other things, they just put dissident into the jail & killed them, you already could see them ...!
There's no doubt behind technical aspects of your work on COMODO partner but you're quite somewhat blind about political aspects of your life this is quite obvious that you're working for iran's intelligent agency so called "ETELAAT" & of-course this is a big lie that you said there's no political motivation behind that Hack, you and bunch of asshole guys in "IRANIAN CYBER ARMY" are partners & this is quite obvious, you just think you're so clever & there's no guy more clever than you in fields of speciality in computer network security& such things,
Please let me put an end to this :
Be aware, there are another people in itself IRAN (the place you're living right now) who are quite SHADOW, you can't never know them, if you're claiming you're the best then it's a challenge (you will see what we're doing in a very soon future), you know, there are bunch of hand upon your hand, you're saying to other people "be careful" and you're making threat, & I'm alerting you, be so careful, some people are around you, they're shadow, you will see that soon dear COMODOHACKER !

Witilza Visigo said...

@BatteRy, you said "what you're doing is being used by the government (which is not popular)".

Ahmadineyad might be as popular as Obama in the US. Just a reminder: he won the elections. I know it's hard to accept, but nobody has any proof of the contrary. Let democracy rule, let the people write their own laws; you won't like it any other way in the US, won't you?

Unknown said...

Another right up : http://pastebin.com/kkPzzGKW

Unknown said...

Sorry for a political-only comment, but I hope it almost ends all discussion related to politics here.

To be fair, Green movement supporters are in the millions, as well as government supporters (and also the no-opinion people). After all, Iran is a populous country of 75m people and even 5% of people means "millions". Like any political controversy, everyone claims that he/she's in the majority.
For objective assessments of exactly how many are in each of these sides, perhaps we should consult independent opinion polls. Some Western organizations have been involved in such polls throughout Iran in the last few years, namely World Public Opinion, Zogby, GlobeScan, Terror Free Tomorrow, Gallup and International Peace Institute. So you can just google their websites for Iran polls. The most recent publicly published poll was IPI's September 2010 poll which is documented here:
http://www.ipinst.org/news/general-announcement/209-iran-lebanon-israelis-and-palestinians-new-ipi-opinion-polls.html
It found that major opposition figures (Mousavi and Karroubi) had approval/disapproval ratings of about 36%/37% and the Green Movement, 25%/38%. More moderate opposition figures, namely Khatami and Rafsanjani had respectively 63%/21% and 68%/16% ratings. This is while Khamenei and Ahmadinejad had 85%/8% and 81%/11% ratings.
A February 2010 analysis of previous polls by WPO similarly found relatively low support for Green Movement in the Iranian public. Nevertheless, it also found that Green Movement supporters tend to be younger, better educated and residing in larger cities, hence their visible presence on the Web.
http://www.worldpublicopinion.org/pipa/articles/brmiddleeastnafricara/652.php

Since most of these polls have been conducted by telephone, some Green Movement supporters have raised concerns that Iranians were not being straight in answering the polls and feared eavesdropping by authorities. The WPO report linked to above, has responded to these criticisms. Also the IPI questionnaire has a section filled in by the polling agents, who in the vast majority of cases say that the respondents seemed quite confident while answering even the most sensitive questions.

About this hacker, while I disagree with him ridiculing the Green Movement, it's absolutely likely that he is who what he says. I'm a university student myself (also in software engineering), and I have quite a few friends of both sides (opposition and government supporters). There are certainly people who would like to do these sorts of things, and they are just ordinary Iranians with no connections to the government.

The most fair conclusion is that we should accept that both sides have their legitimate reasons (and their "millions of supporters" of course), and neutral people like me find some of the arguments by both sides acceptable (which is almost always the case in every serious controversy).

Unknown said...

@ S A: Wow, what a "neutral" and "the most fair" conclusion I've read in a long time. In fact, your neutrality and "objective assessments" of the publicly published polls has already moved me into tears. You are so unbiased about the anti-government folks residing in Iran and especially the almost accurate polling on Khamenei and Ahmadinejad approval rating. I just couldn't figure out why you issued a fatwa when you wished you will be ending all the discussions about politics on your post opening. What's your real name by the way? Isn't "S A" stands for Richmond born Mohammad Marandi? Or Behrouz Kamalian (Iranian Cyber Army)? Oh I think it only stands for propaganda! With all due respect to your balanced views; which the likes of you have just learned to adopt after witnessing what Gadhafi has done to Libya, your statistics and polls means nothing as long as a dictatorship and its oil money enriched propaganda machine is in power. I recommend you; as the employer of the Comodo hacker, to put a leash on this drunken soviet as his dealings with you have become funnier:

http://img39.imageshack.us/img39/6858/ip2129513618.jpg”

There's no way you can prove he acted alone and clear your peaceful-appearing-to-foreigners-government from answering to the international community about your state sponsored terrorism on your own people and their privacy.

Oh, and thanks to both of you for making the internet browsing so much secure for my grandma. She now knows as much about encrypting and anonymous browsing as you do.

- parazit

Núñez Herrero said...

@iirrr S A has given us facts, third party data about the real situation in Iran. He/she even not trying to back up a particular point of view.

What about you? Your post is something I will show others as an example.... guess of what?

BatteRy said...

@Witilza Visigo

first of all the number of votes:
Total number: 39,165,191 votes
Mahmud Ahmadinejad: 24,527,516
Mir-Hossein Mousavi: 13,216,411

IF he REALLY won the election with that much votes (63%) WHY did he and his government (actually not his, the whole country's Khamenei's!) so if they really won WHY did they act like that to the protesters?

WHY did they disconnect all of the country's communication with the world @ the day of the election and the next days?

WHY did they put a LARGE number of oppositions right @ the night before the election?

doesn't this all mean a "coup d'etat"?

WHY didn't they even let the protesters SAY what they want at medias (like tv shows)? (+in Iran there's only 7 national tv channels and 30 local channels and tens of radio channels ALL running by "NATIONAL TV & RADIO ORGANIZATION" which is actually a government's org but it's politics and it's president is being ordered and appointed directly from Khameneii!!!)

WHY did they closed all of the opposition's medias right after the election?

WHY did they killed 100+ people in the days after the election on the streets and in the jails starting from the next days of the election? why did they attack the people protesting very quiet! that much bad?

WHY did they kill their own people? WHY did they avt this much horrible to their own people?

you say about "democracy" huh! they didn't even let the opposition to have 1 minute of speech at the national TV...! they do NONSTOP advertising against the opposition and the protesters everyday in these 19 months but didn't even let the people who have different ideas say 1 single word at the TV or the radio they don't even let them have a media (opposition's real newspapers, political parties and student's political societies are all closed)...

there are lots of WHYs without even 1 answer...

they don't even need to have support from the people... you know why? because they have so damn big amount of oil and gas resources and nobody can analyze what they do with the money... a government which doesn't feed! from the money paid by the people won't even care about what do people say or what's they're opinion! also they have an organization named "Shoraye Negahban" which works as a filter for whoever wanted to be a candidate for every election! the ones in "Shoraye Negahban" are (in the reality) are all being selected by Khameneii!

so you see there's NO democracy running this country! they're just robbing our resources...

Unknown said...

@ Editor: I don't intend to do the homework you should be doing and start googling some random polls in order to sound convincing to you. I just don't happen to have a list of polling agencies added to my favorites so I can instantly publish here or there. S A's list however is already compiled and ready for its intended audience: "YOU". Link to their organization here: http://www.bibijon.org/iranimage/. By the way, did you notice the English is all of a sudden not so broken?

I don't have anything against those polling agencies. In a country where a deep fear governs then of course +80% are in favor of the dictator. Remember Saddam won his last election with +99% majority. Iran's government easily kill the citizens. A few weeks back, they mischievously rumored a popular TV comedy series will not air on national TV because the supreme leader is against it. The next day its DVD sales break every record. This is how nation's hatred toward their unelected officials is easily exploited by the system and now the likes of you are falling for a similar trap.

Likes of "S A" has an agenda saying that guy was a lone hacker, unlinking him from the ruling government. There are deep conflicts within fractions of the government over publicizing their terrorizing acts that are simply not mentioned in any poll. You won't also read when they wet their pants hearing about the Tomahawks.

Did I mention I'm also 21 and a student in software engineering? :)

- parazit

Witilza Visigo said...

@BatteRy

>so you see there's NO democracy
>running this country!
>they're just robbing our
>resources...

welcome to the world!

One exception: today the US is the only country in the world with free speech, but hard to know for how long.

Unknown said...

@iirrr

I hate posting political comments at technical websites, but since I failed stopping politics-related discussion and you raised a number of personal attacks at me, I just have to respond.

First, I'm just an ordinary Iranian student, living in Tehran, who happens to know relatively good English and follow politics closely (this 2nd point much like most Iranians) in addition to my routine software engineering study. (To the blog owner: since Blogspot is currently blocked in Iran, I'm accessing here using Tor; that's why my IP is not from Iran).

Second, as a part of following politics, I am also interested in public opinion polls since I find them the most accurate representations of what people think, wherever they live. I have no special access to anything; published poll results are out there for everything to see. I can assure you that I didn't selectively choose some polls over others which fit my agenda; all Western-conducted polls have similar results, and are consistent with what I see here in Iran. It's not even fair to compare Iranian elections to Saddam-operated elections (if you are familiar with the process in Iran and actually live here), let alone comparing Western-conducted polls by highly respected organizations with them.

Third, I cited or discussed some reasons that that self-censorship due to prosecution fears are overestimated, and here is another: many of the responses to these poll aren't in line with the government's interests. There are many examples and you can just scan the questionnaires, but here's one: A pre-election TFT poll which predicted Ahmadinejad's victory, also found that 77% of Iranians want a system where the Supreme Leader can be directly elected (instead of indirectly as it is now):
http://www.terrorfreetomorrow.org/upimagestft/TFT Iran Survey Report 0609.pdf

Fourth, I should also emphasize that these polls show nothing but the proportions. They don't mean that everything is rosy in Iran, there have been no human rights abuses here or that who is morally superior. While I don't support the opposition, I sympathize with some of their plight. Anyway, you don't need at all to be at the majority to be right. If you believe in your way, fight for it; but don't pretend against the available evidence that you're in the majority.

Fifth, I don't have any interests in pretending that comodohacker is not government-supported, neither did I actually say that (read my previous comment again). I only see claims of him being supported by the government unfounded, as evidenced by what the blog owner has said and also the large numbers of genuine supporters the government has (some of which are my friends, as I mentioned before). For foreign people who want to understand the politics of Iran from a balanced point of view, I advise them to read both mainstream and alternative viewpoints (say NYTimes.com and Guardian.co.uk for mainstream and raceforiran.com for alternative ones). To my knowledge, unfortunately there are few satisfactorily balanced media outlets on Iran, due to the polarized politics of Iran.

BatteRy said...

i wrote so fast so there were many mistakes in my previous comment's writing; i want to just correct one part:

> WHY did they put a LARGE number of oppositions right @ the night before the election?

add "into the jail" at the end of this! this is the truth! they put a large number of oppositions' leaders and high rated member into the jail the night before the election!

there's no sense in continuing this argument so i won't continue ;) :p :) :| O_@

@S A
i'm not totally disagree with you but as you know these polling companies and their activity is hardly forbidden in Iran, also 90% of the foreigner medias' reporters are already deported from Iran and even having an interview with most of the foreign medias means a BIG crime in here even they put a label on you and will name you an SPY then you'll be in jail then on TV for some sort of confession then you'll be alive and get into the jail again for tens of years or you'll get executed...

so none of the polls in Iran have real results! even i saw many people who are some of the most anti-government people but when they're getting asked for political surveys they worry about their family and their lives then they fill the survey with wrong information as they're hardly supporting the government!! lol :D

Unknown said...

Thanks for posting the interview. The hacker sounds real and I for one can see him being a quite non-religious but highly patriotic Iranian. He is not a basiji as in his responses he has not hinted at any Islamic inclination. The irrational hate we here against this kid by the "green" supporters is a tell tell sign of their intolerance for opposing views. Iranians, especially the young, are very educated and highly rational people. Which is why they did not come out in their millions once they realized the "green" movement was hijacked by those who have political links to outside forces. This kid is clearly one who got disgusted with the "green" leaders and their tactics and lies.

Unknown said...

It's very interesting that people come out here, publicly belittle the green movement and secretly admire the hackers when they know their only purpose was to rat out the same educated youngsters- this IPLstats claims "did not come out in millions". It's funny that S A guy earlier was quoting polls that attribute the loud online presence of the green movement to their young age and education. So which one is it? We understood you want to distance yourself from the religion and basij. That's quite an achievement for the green movement. Next step would be eradicating the state sponsored terrorism against the young and old, educated or illiterate.

H. R. Qarai said...

The most important question goes unanswered here: What is the motive for self-issuing of fake certificates: The most obvious answer is phishing and MITM attacks against Iranian dissidents. If the hacker is freelance as he claims, he would fine no use for those certificates without some fake DNS entries for those site like *.google.com. This strongly suggests a connection to Iranian intelligence, IRGC's criminal "cyber army" and Iran's telecom company as the nation-wide hub for external internet access.

Daisy Jones said...
This comment has been removed by a blog administrator.
Daisy Jones said...
This comment has been removed by a blog administrator.