DigiNotar declares bankruptcy after major security breach

By Lee Kaelin on September 21, 2011, 9:17 AM

The disgraced Dutch certificate authority DigiNotar, recently at the center of a hacking scandal, has declared itself bankrupt. The firm first realized it had been compromised July 19 but failed to make any public announcement until the end of August when Iranian users began to notice their Gmail accounts were using fake SSL certificates.

Theses certificates are used by hackers to intercept people's login details and private information when visiting secure sites like Google's Gmail service. In the subsequent investigation that followed, DigiNotar was found to have issued over 500 fake certificates during the period of its breach, with many high profile companies compromised, including Microsoft and its Windows Update service.

DigiNotar's parent company, VASCO Data Security International confirmed yesterday that the embattled company had filed for bankruptcy. A trustee for the Haarlem District Court in the Netherlands has been appointed to manage the company during this process.

"Although we are saddened by this action and the circumstances that necessitated it, we would like to remind our customers and investors that the incident at DigiNotar has no impact on VASCO's core authentication technology," commented T Kendall Hunt, VASCO's chairman and CEO when making a statement regarding DigiNotar.

Hunt was also very keen to point out that "The technological infrastructures of VASCO and DigiNotar remain completely separated, meaning that there is no risk for infection of VASCO's strong authentication business." He said he would cooperate fully with the Haarlem District Court during this process to conclude the matter for its customers and staff.

Jan Valcke, VASCO's chief operating officer made it clear that the group had no plans to re-enter the certificate authority business any time in the near future, with the chief financial officer, Cliff Bown further pointing out that DigiNotar's demise would have a significant impact financially on the group.

An Iranian hacker known only as ComodoHacker claimed responsibility for the attack using his Pastebin account. He later claimed responsibility for breaches to GlobalSign and said to have access to two more certificate authorities, but as of yet no further information has been revealed on the latter.




User Comments: 5

Got something to say? Post a comment
Guest said:

when is some government going to have the balls to finally come out and point the finger at China, instead of just playing silly bugger politics and walking around it by claiming that ' it appears that these attacks are out of China.." you bloody well know they are, say it.. and do something about it.

Burty117 Burty117, TechSpot Chancellor, said:

You do realise that this particular attck came from Iran right? By supposedly one guy? do you ever click on the links in the article?

Guest said:

Sounds about right...You're in the business of information security and your own security was easily breached and then on top of that you chose to not address the issue publicly....fail.

What do you do with turds like this comodohacker guy?

Guest said:

Before a recent trip to my home country in September 2011 for a shirt casual family and friends visit I made a simple search on the BBC.co.uk site for Iran and stumbled on the article "Fake DigiNotar web certificate risk to Iranians" see http://www.bbc.co.uk/news/technology-14789763.

I went through the article and understood that I should perhaps be a bit cautious reading mail and using internet while being in Iran, since the article mentioned that hundreds of bogus SSL certificates were generated from the Netherlands-based DigiNotar to be used for authentication purposes.The article also mentioned that the DigiNotar was owned by US firm Vasco Data Security.

While being in Iran I noticed that a friend of mine uses also hardware devices as we do in UK to enter into his internet banking site of Bank Melli Iran (http://en.wikipedia.org/wiki/Bank_Melli_Iran) .

When I asked if I could have a look at the hardware device I was amused to find out that the device was manufactured by Vasco Data Security as well....

[image link]

Load all comments...

Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...
Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.