The disgraced Dutch certificate authority DigiNotar, recently at the center of a hacking scandal, has declared itself bankrupt. The firm first realized it had been compromised July 19 but failed to make any public announcement until the end of August when Iranian users began to notice their Gmail accounts were using fake SSL certificates.
Theses certificates are used by hackers to intercept people's login details and private information when visiting secure sites like Google's Gmail service. In the subsequent investigation that followed, DigiNotar was found to have issued over 500 fake certificates during the period of its breach, with many high profile companies compromised, including Microsoft and its Windows Update service.
DigiNotar's parent company, VASCO Data Security International confirmed yesterday that the embattled company had filed for bankruptcy. A trustee for the Haarlem District Court in the Netherlands has been appointed to manage the company during this process.
"Although we are saddened by this action and the circumstances that necessitated it, we would like to remind our customers and investors that the incident at DigiNotar has no impact on VASCO's core authentication technology," commented T Kendall Hunt, VASCO's chairman and CEO when making a statement regarding DigiNotar.
Hunt was also very keen to point out that "The technological infrastructures of VASCO and DigiNotar remain completely separated, meaning that there is no risk for infection of VASCO's strong authentication business." He said he would cooperate fully with the Haarlem District Court during this process to conclude the matter for its customers and staff.
Jan Valcke, VASCO's chief operating officer made it clear that the group had no plans to re-enter the certificate authority business any time in the near future, with the chief financial officer, Cliff Bown further pointing out that DigiNotar's demise would have a significant impact financially on the group.
An Iranian hacker known only as ComodoHacker claimed responsibility for the attack using his Pastebin account. He later claimed responsibility for breaches to GlobalSign and said to have access to two more certificate authorities, but as of yet no further information has been revealed on the latter.