Malware Munches on Mitsubishi, and Certificates Can Lie

After numerous attacks on United States defense contractors, Mitsubishi, Japans largest defense contractor, has been breached.  Mitsubishi’s submarine, missile and nuclear power plant factories were reportedly targeted by the attackers.

My last post was about SSL being hacked and possibly untrusted for the time being because an SSL certificate organization, DigiNotar, has been breached.  An iranian hacker named “ComodoHacker” compromised several certificates of DigiNotar and has been using them for his advantage.

Some security experts are now expressing concern that the widely used public key infrastructure, which lies at the heart of digital certificates, may not be secure enough.

About 80 computers were reportedly infected with at least eight different kinds of malware in the attack on Mitsubishi.  The infected computers are reportedly located at the company’s headquarters in Tokyo and manufacturing and research and development sites in Kobe, Nagasaki and Nagoya.

The Kobe site reportedly builds submarines and makes components for nuclear power stations, the Nagasaki site makes escort ships, and the Nagoya plant makes guided missiles and rocket engines.  Recently Mitsubishi has been working with Boeing, but it is not certain that that organization was the root of the attack.

After the result of the the DigiNotar attack, Iranian hacker ComodoHacker has claimed that he owns about 300 code signing certificates and “a lot” of SSL certificates with code-signing permission. As crazy as it sounds, he also claimed to be able to issue fake Windows updates.  However, those claims are false, Jerry Bryant, group manager of trustworthy computing at Microsoft, told TechNewsWorld.  Bryant explained “Windows Update is not at risk from fraudulent certificates, as the update client will only install binaries signed by our own root certificate authority certificate.”

That’s backed up by Don DeBolt, director of threat research at “Total Defense.”  Based on publicly available information, I believe ComodoHacker can issue fraudulent certificates, but not manipulate the Windows Update process as he claims,” DeBolt told TechNewsWorld.  However, in security, “there is no such thing as 100 percent secure,” DeBolt warned.


2 thoughts on “Malware Munches on Mitsubishi, and Certificates Can Lie

    • The claim was strongly denied by a Microsoft affiliate so I think ComodoHacker was just bluffing.

Comments are closed.