DigiNotar goes bankrupt after hack

News 20 Sep, 2011

The Dutch CA goes into bankruptcy following the significant hacks claimed by ComodoHacker.

DigiNotar, the Dutch certificate authority (CA) which was recently at the centre of a significant hacking case, has been declared bankrupt.

The CA discovered it was compromised on 19 July, leading to 531 rogue certificates being issued. It was only in August that the attacks became public knowledge.

Such fake certificates can be used by hackers to intercept web communications and in this case had allegedly been used to watch over Gmail accounts. A fraudulent certificate for an MI6 website was also seen.

Parent company VASCO Data Security International confirmed today DigiNotar had filed for bankruptcy yesterday and processes have already been put in place to see it through bankruptcy.

A ‘trustee’ appointed by the Haarlem District Court has taken over management of the company.

What we think...

"We all knew DigiNotar was in trouble when the hacks went public, but such a quick demise was not so expected.

It just goes to show how quickly a breach can damage a company. Of course, this was a special case given the compromised firm was in the business of security itself.

As for whether the CA system can survive following the attacks, that debate will rumble on for some time to come."

Tom Brewster, Senior Staff Writer

T Kendall Hunt, VASCO’s chairman and CEO, pointed to the events which had led to DigiNotar’s troubles in distancing the parent company from its Dutch subsidiary.

“Although we are saddened by this action and the circumstances that necessitated it, we would like to remind our customers and investors that the incident at DigiNotar has no impact on VASCO's core authentication technology,” Hunt said.

“The technological infrastructures of VASCO and DigiNotar remain completely separated, meaning that there is no risk for infection of VASCO’s strong authentication business.”

He said VASCO would continue to work with the trustee and the judge presiding over the case “to bring the affairs of DigiNotar to an appropriate conclusion for its employees and customers.”

Jan Valcke, VASCO’s president and chief operating officer, said the company was not planning to re-enter the CA business “in the near future.”

Cliff Bown, VASCO’s executive vice president and chief financial officer, admitted the financial losses associated with the demise of DigiNotar would be “significant.”

VASCO claimed it would still be able to get value out of DigiNotar’s technology.

“We expect that a significant portion of the value assigned to the intellectual property acquired from DigiNotar to continue to have value as we incorporate the technology into our existing product line,” Brown added.

Responsibility for the attacks was claimed by a hacker going by the name of ComodoHacker. The compromise again raised doubts over the CA system and its security failings.

Others in the industry claimed the DigiNotar hack would prove more significant than the hugely sophisticated piece of malware Stuxnet, which was seen targeting Iranian nuclear facilities last year.