DigiNotar attacker says he will release additional SSL certificate information
The hacker behind the recent data security breach at Dutch SSL certificate authority DigiNotar said that he is planning to put out fake certificates for four more CAs.
In a rambling note on Pastebin, the hacker boasted of his own skill and belittled the technical savvy of LulzSec and Anonymous. He nevertheless declined to provide full details of the technique he used to compromise DigiNotar's security.
The note was written in stilted and frequently incorrect English, which could easily mean that it is not the attacker's first language.
He asserted that his actions are related to the Dutch government's role in the Srebrenica massacre, which took place 16 years ago. Misguided actions taken by peacekeepers from the Netherlands are thought by some to have contributed to the bloodshed.
According to CNET, the DigiNotar security breach allowed the attacker to trick the company's systems into issuing numerous bogus certificates for a number of websites, including Google.com. "Such faked certificates are especially alarming as they can redirect internet users to the wrong websites," the publication said.