It had been suggested that, because many of the bogus DigiNotar certificates were issued to users in Iran, that authorities in there may have initiated the CA hack as a tool for spying on dissidents.
Cyber security researcher Robert David Graham found the published file from the Stratfor hack and used password-cracking tool oclHashtcat to crack the password over the weekend.