After breach, DigiNotar folds into voluntary bankruptcy

Share this article:

Embattled SSL certificate authority DigiNotar, responsible for issuing hundreds of counterfeit credentials after a hacker breached its infrastructure, apparently isn't too big to fail.

The Dutch-based company, owned by data security firm VASCO, was "declared bankrupt" on Tuesday by a District Court judge in The Netherlands.

DigiNotar's certificate services had been suspended since late August, when reports emerged that it had issued a phony SSL certificate for Google, which appeared in the wild, presumably so Iranian users could be spied on.

Initially, DigiNotar planned to soon return online and predicted the cost of the incident would be minimal. But in the days that followed, an investigation revealed just how widespread the damage was.

According to a report commissioned by the Dutch government, DigiNotar operated with glaring security weaknesses, including a lack of anti-virus software on certain servers, which permitted hackers to create and issue 531 counterfeit certificates for a myriad of high-profile websites.

Bogus certs create a false sense of security and permit the cert holder to launch man-in-the-middle attacks to spy on communications and steal credentials. According to Fox-IT, fraudulent certs were issued for a number of other highly trafficked sites, including Facebok and Twitter, but the Google cert appeared to be the only known one that actively affected internet users.

According to the report, nearly all of the 300,000 unique IP addresses that requested the phony certificate were based in Iran, leading experts to believe that the attack was orchestrated by the Iranian government to spy on dissidents. (DigiNotar ultimately rescinded the cert on Aug. 29).

“We are working to quantify the damages caused by the hacker's intrusion into DigiNotar's system and will provide an estimate of the range of losses as soon as possible, “ Cliff Bown, executive vice president and chief financial officer of Illinois-based VASCO, said in a statement Tuesday.

Executives, however, reiterated that the DigiNotar breach did not affect VASCO's primary line of business.

"The technological infrastructures of VASCO and DigiNotar remain completely separated, meaning that there is no risk for infection of VASCO's strong authentication business," T. Kendall Hunt, VASCO's chairman and CEO, said.

Share this article:
You must be a registered member of SC Magazine to post a comment.

Sign up to our newsletters

More in News

Researchers observe more than a hundred connections to 'Backoff' sinkhole

Researchers with Kaspersky Lab were able to sinkhole two command-and-control servers used by certain Backoff point-of-sale malware samples.

Judge lifts stay but Microsoft won't hand over emails during appeal

A judge has lifted a suspension of a previous order compelling Microsoft to hand over customer emails stored on a server in Ireland.

Home Depot investigates possible payment card breach

Home Depot investigates possible payment card breach

Home Depot said on Tuesday that it is working with its banking partners and law enforcement to investigate a possible data breach.