In an email exchange with The New York Times, Comodohacker was clear about his motives, writing, “My country should have control over Google, Skype, Yahoo, etc.,” He goes on to write, “I’m breaking all encryption algorithms and giving power to my country to control all of them.”
According to the Times report, Comodohacker claims to be 21 years old, male and a software engineering student who reveres Iranian fundamentalist leader Ayatollah Ali Khamenei and hates Iranian dissidents. “I’m totally independent,” he wrote in his email to the Times, “I just share my findings with some people in Iran. They are free to do anything they want with my findings and things I share with them, but I’m not responsible.”
Comodohacker’s motivations make him not only dangerous, but an anomaly — at least, so far. Unlike other individual black-hat hackers or hacker groups, he swears allegiance to a dictatorship that has a record of severe crackdowns on anti-government activists. In early June, Comodohacker successfully generated 531 fake certificates for high-profile and trusted Web sites, including Google, Facebook and Skype in addition to a handful of foreign intelligence Web sites. Many protesters in the Middle East, including dissenters in Iran, use these trusted Web sites. As many as 300,000 Iranians may have had their online communications tapped into as a result of Comodohacker’s work.
However, there is some doubt as to whether Comodohacker operates out of Iran. According to an independent security analysis done on his correspondence with the Times, Comodohacker’s correspondence came from a computer in Russia. Either the computer was being used remotely, or, as the Times’ Somini Sengupta writes, “he may not be an Iranian software engineer at all.”
Read more on Innovations: