SleepyEgg

The hack that resulted in Comodo creating certificates for popular e-mail providers including Google Gmail, Yahoo Mail, and Microsoft Hotmail has been claimed as the work of an independent Iranian patriot. A post made to data sharing site pastebin.com by a person going by the handle "comodohacker" claimed responsibility for the hack and described details of the attack. A second post provided source code apparently reverse-engineered as one of the parts of the attack.

Whether the postings are authentic and accurate is, at present at least, a matter of conjecture. The post specifies a number of details that appear authentic. The writer fingers Italian Registration Authority GlobalTrust.it/InstantSSL.it (the same company operating under multiple names) as the weak link. A Registration Authority (RA) is essentially a local reseller for a Certification Authority (CA); in principle, the RA performs the validation of identity that would be too difficult or expensive for the root CA to do, and then sends a request to the root CA to generate an appropriate certificate. Comodo's systems trust that the RA has done its job appropriately, and issues the certificate. This is consistent with Comodo's statement that it was a Southern European company that was compromised.