This morning I wrote a story about the roughly 300,000 Iranian citizens who may have had their Gmail emails accounts monitored by the Iranian government using one of the bogus security certificates that came from the DigiNotar hack. I also briefly mentioned that the same hacker that attacked Comodo earlier this year had claimed responsibility.
F-secure has been keeping an eye on the Pastebin account of the hacker and the hacker has now posted a message to the account titled striking back. The hacker claims that he did in fact infiltrate Comodo and DigiNotar. He also claims in the message to have control of four other high-profile certificate authorities.
As proof that he hacked the DigiNotar account the hacker offered up the domain administrator password for DigiNotar’s network. Whether or not that password is legitimate, only DigiNotar knows. What do you think authorities should do to this hacker once the person is caught?