After breach, DigiNotar folds into voluntary bankruptcy

Share this article:

Embattled SSL certificate authority DigiNotar, responsible for issuing hundreds of counterfeit credentials after a hacker breached its infrastructure, apparently isn't too big to fail.

The Dutch-based company, owned by data security firm VASCO, was "declared bankrupt" on Tuesday by a District Court judge in The Netherlands.

DigiNotar's certificate services had been suspended since late August, when reports emerged that it had issued a phony SSL certificate for Google, which appeared in the wild, presumably so Iranian users could be spied on.

Initially, DigiNotar planned to soon return online and predicted the cost of the incident would be minimal. But in the days that followed, an investigation revealed just how widespread the damage was.

According to a report commissioned by the Dutch government, DigiNotar operated with glaring security weaknesses, including a lack of anti-virus software on certain servers, which permitted hackers to create and issue 531 counterfeit certificates for a myriad of high-profile websites.

Bogus certs create a false sense of security and permit the cert holder to launch man-in-the-middle attacks to spy on communications and steal credentials. According to Fox-IT, fraudulent certs were issued for a number of other highly trafficked sites, including Facebok and Twitter, but the Google cert appeared to be the only known one that actively affected internet users.

According to the report, nearly all of the 300,000 unique IP addresses that requested the phony certificate were based in Iran, leading experts to believe that the attack was orchestrated by the Iranian government to spy on dissidents. (DigiNotar ultimately rescinded the cert on Aug. 29).

“We are working to quantify the damages caused by the hacker's intrusion into DigiNotar's system and will provide an estimate of the range of losses as soon as possible, “ Cliff Bown, executive vice president and chief financial officer of Illinois-based VASCO, said in a statement Tuesday.

Executives, however, reiterated that the DigiNotar breach did not affect VASCO's primary line of business.

"The technological infrastructures of VASCO and DigiNotar remain completely separated, meaning that there is no risk for infection of VASCO's strong authentication business," T. Kendall Hunt, VASCO's chairman and CEO, said.

Share this article:

Sign up to our newsletters

More in News

Five schools earn NSA's excellence in cyber ops distinction

The schools earned NSA's Centers for Academic Excellence designation for their cyber offerings.

With RATs at their disposal, 419 scammers target businesses

With RATs at their disposal, 419 scammers target ...

A new report reveals how Nigeria's 419 scammers are spreading malware to pocket business funds.

InfoSec pros worried BYOD ushers in security exploits, survey says

InfoSec pros worried BYOD ushers in security exploits, ...

A study by the Information Security Community on LinkedIn found most organizations don't have proper polices and support for BYOD.