Inside the Mind of an Iranian Hacker

By Solmaz Sharif

November 30, 2011

On September 8, 2011, Google warned Iranian users to “secure their accounts” after DigiNotar, a Dutch certificate authority outfit, was likely hacked by Iranian government. Around 300,000 Iranian accounts may have been monitored by the Iranian state as a result of that attack.

The hacker produced fake certificates not only for Google, but also for other communications sites, such as Skype and Facebook. The point was, in part, to spy on Iranian Internet users, using the forged Google SSL certificate. Fox-IT, the security consultancy hired to examine the breach against DigiNotar, found that the vast majority of queries against DigiNotar's OCSP servers (which browsers check to see if a certificate has been revoked) came from Iran during the attack period, unlike periods before and after the attack when the volume of such queries from Iran was negligible.

Many requests not originating from Iran appear to have originated via Tor exit nodes or other proxies used by Iranians in a bid to circumvent net censorship controls.

A Deutsche Welle Persian journalist interviewed the hacker. In the interview, the hacker claims to be a 21-year-old male college student. He currently lives in Iran and studies computer software. He also claims that he works individually, is not supported by the government and taught himself how to hack.

But he doesn’t hide his love for Iran’s Supreme Leader, Ali Khamenei, and insists that his intention was to prove to the world that Iranians have talent and are as powerful technolagically as the West.

It appears that he is trying to attract the government’s attention toward his “talent” via his first interview, conducted by Ehsan Norouzi. Norouzi is a techno-political journalist at Deutsche Welle Persian and left Iran after the presidential election in 2009. He is unsure when he will be able to return to Iran but he is positive about one thing: “So long as the Islamic Republic is in power, I can’t go back to my country, my exploited country.”

He exchanged four rounds of emails with the hacker for the interview. Norouzi now shares the surrounding details with CyberDissidents.org.

- Why did you decide to interview a hacker?

I think what he did was simply outstanding and unprecedented. He claims that he’s the “Comodohacker” and, given what we’re doing at Deutsche Welle as techno-politics journalists in a project that is focused on political and social impacts of new technologies, it was interesting to have a closer look at the person who did the whole project, one of the most media-buzzed cyber-attacks of all time, with huge consequences on CAs (Certificate Authorities) which is kind of a core for trust and security in cyberspace.

- Was it easy to convince him to be interviewed?

I hadn’t imagined it could be that easy. You know this case was surrounded by doubts and skepticism, but he accepted the invitation to interview quickly and replied to messages so damn fast. We had four rounds of emails with long questions and answers, and I was trying to investigate the case during that email conversations. He had put his email address in his notes in Pastebin [According to Wikipedia, “A pastebin is a type of web application that allows its users to upload snippets of text, usually samples of source code, for public viewing”].

- Did you know before interviewing him that he is supported by the government?

This was a presumption. Everybody said it couldn’t be a personal attack since this complicated and multi-layered attack would need huge resources, server farms and enormous bandwidth, for instance, and using those stolen certificates requires access to infrastructure.

Although he was really keen on supporting the regime and was very much anti-American, I still can’t say that he’s connected to the regime and instead is doing all this stuff as a project. He said in that interview that “I devote all my knowledge and outcomes of the attacks to the Supreme Leader”, but I thought he might be a lonely genius. Anyway, even if he was not really working for the regime, he said that he is open to any signal for cooperation from them. Before and after interviewing him, I couldn’t say that I’m sure he’s supported by the regime.

- Are you satisfied with the interview?

Yes. I mean it’s not so easy in totally ambiguous cases like this to judge, but I think this interview could help our audience and Iranian users have a better understanding of his mindset and also about what he actually did. He also leaked some details of his sophisticated attack on the DigiNotar servers for the first time in that interview that made it more interesting.

- What type of feedback did you receive?

It was very hard to convince our editor-in-chief to publish the interview like an interview (I mean only questions and answers) because he believed that the hacker’s narrative and what he said was very much pro-regime, and we’re not Iranian regime’s propaganda machine. At the end, he said it should be published like a report, including the comments of a security expert on what the hacker was claiming, so that we could balance the interview. The feedback was awesome! It was the most-visited item in our website for a week.

- When did Iran first get involved in the professional hacking game?

The Iranian government started to hire lots of security experts and hackers 4-5 years ago. What we hear about the cyber-army of Iran that mostly consists of these folks that usually do not support the regime ideologically, but IRGC, Islamic Revolutionary Guards Corps, pay them very well, and they do some penetration projects for them in what they call a “soft war.”

They have yet to really take advantage of these groups. Instead, most of the very famous attacks are done by individuals, but the regime has tried to exploit them and use them as a means for propaganda. Now they know that this field is becoming more and more important and they’re trying to organize it in a better way.

- Why do you think Iran is trying hard to break into this field?

It’s just a matter of power. They want to show that they have enough power to stand against super-powers and hacking is a good means of doing so because it usually gets huge media coverage. That’s what they want: “soft war” is nothing but psy/ops (psychological operations) and media coverage.