After breach, DigiNotar folds into voluntary bankruptcy

Share this article:

Embattled SSL certificate authority DigiNotar, responsible for issuing hundreds of counterfeit credentials after a hacker breached its infrastructure, apparently isn't too big to fail.

The Dutch-based company, owned by data security firm VASCO, was "declared bankrupt" on Tuesday by a District Court judge in The Netherlands.

DigiNotar's certificate services had been suspended since late August, when reports emerged that it had issued a phony SSL certificate for Google, which appeared in the wild, presumably so Iranian users could be spied on.

Initially, DigiNotar planned to soon return online and predicted the cost of the incident would be minimal. But in the days that followed, an investigation revealed just how widespread the damage was.

According to a report commissioned by the Dutch government, DigiNotar operated with glaring security weaknesses, including a lack of anti-virus software on certain servers, which permitted hackers to create and issue 531 counterfeit certificates for a myriad of high-profile websites.

Bogus certs create a false sense of security and permit the cert holder to launch man-in-the-middle attacks to spy on communications and steal credentials. According to Fox-IT, fraudulent certs were issued for a number of other highly trafficked sites, including Facebok and Twitter, but the Google cert appeared to be the only known one that actively affected internet users.

According to the report, nearly all of the 300,000 unique IP addresses that requested the phony Google.com certificate were based in Iran, leading experts to believe that the attack was orchestrated by the Iranian government to spy on dissidents. (DigiNotar ultimately rescinded the cert on Aug. 29).

“We are working to quantify the damages caused by the hacker's intrusion into DigiNotar's system and will provide an estimate of the range of losses as soon as possible, “ Cliff Bown, executive vice president and chief financial officer of Illinois-based VASCO, said in a statement Tuesday.

Executives, however, reiterated that the DigiNotar breach did not affect VASCO's primary line of business.

"The technological infrastructures of VASCO and DigiNotar remain completely separated, meaning that there is no risk for infection of VASCO's strong authentication business," T. Kendall Hunt, VASCO's chairman and CEO, said.

Share this article:

Sign up to our newsletters

More in News

Oracle fixes 104 flaws in quarterly update, addresses Heartbleed bug

Oracle fixes 104 flaws in quarterly update, addresses ...

Oracle's Critical Patch Update (CPU) plugged 37 holes in the popular Java browser plug-in.

Two plead guilty for roles in separate Android app piracy groups

Two members of different Android app piracy groups pleaded guilty this week to conspiracy to commit criminal copyright infringement.

Study: Eighteen percent of online adults have had personal info stolen

About 18 percent of online adults have had personal information stolen, and more than 20 percent had an email or social networking account compromised.