After breach, DigiNotar folds into voluntary bankruptcy

Share this article:

Embattled SSL certificate authority DigiNotar, responsible for issuing hundreds of counterfeit credentials after a hacker breached its infrastructure, apparently isn't too big to fail.

The Dutch-based company, owned by data security firm VASCO, was "declared bankrupt" on Tuesday by a District Court judge in The Netherlands.

DigiNotar's certificate services had been suspended since late August, when reports emerged that it had issued a phony SSL certificate for Google, which appeared in the wild, presumably so Iranian users could be spied on.

Initially, DigiNotar planned to soon return online and predicted the cost of the incident would be minimal. But in the days that followed, an investigation revealed just how widespread the damage was.

According to a report commissioned by the Dutch government, DigiNotar operated with glaring security weaknesses, including a lack of anti-virus software on certain servers, which permitted hackers to create and issue 531 counterfeit certificates for a myriad of high-profile websites.

Bogus certs create a false sense of security and permit the cert holder to launch man-in-the-middle attacks to spy on communications and steal credentials. According to Fox-IT, fraudulent certs were issued for a number of other highly trafficked sites, including Facebok and Twitter, but the Google cert appeared to be the only known one that actively affected internet users.

According to the report, nearly all of the 300,000 unique IP addresses that requested the phony certificate were based in Iran, leading experts to believe that the attack was orchestrated by the Iranian government to spy on dissidents. (DigiNotar ultimately rescinded the cert on Aug. 29).

“We are working to quantify the damages caused by the hacker's intrusion into DigiNotar's system and will provide an estimate of the range of losses as soon as possible, “ Cliff Bown, executive vice president and chief financial officer of Illinois-based VASCO, said in a statement Tuesday.

Executives, however, reiterated that the DigiNotar breach did not affect VASCO's primary line of business.

"The technological infrastructures of VASCO and DigiNotar remain completely separated, meaning that there is no risk for infection of VASCO's strong authentication business," T. Kendall Hunt, VASCO's chairman and CEO, said.

Share this article:
You must be a registered member of SC Magazine to post a comment.

Sign up to our newsletters


More in News

Millenials improve security habits, more interested in cyber careers, still need guidance

Millenials improve security habits, more interested in cyber ...

Raytheon's second annual survey on the online and security behavior of Millennials shows improvement but still a long way to go.

Pakistani man indicted over spyware app creation

Hammad Akbar created StealthGenie, which allowed the purchaser to secretly monitor a cell phone's communications.

FDA finalizes guidelines on medical device, patient data security

The recommendations are aimed at providing better protecting patient health and data, as well as hoping device manufacturers take into account cybersecurity risks in the early stages of development.