Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Management & Strategy

Hacker Forces DigiNotar Into Bankruptcy

Following the recent cyber attack that resulted in an intrusion into DigiNotar’s Certificate Authority (CA) infrastructure and the fraudulent issuance of SSL certificates for hundreds of domains, including Google.com, CIA.Gov and many others, DigiNotar officially will be closing its doors for good.

Following the recent cyber attack that resulted in an intrusion into DigiNotar’s Certificate Authority (CA) infrastructure and the fraudulent issuance of SSL certificates for hundreds of domains, including Google.com, CIA.Gov and many others, DigiNotar officially will be closing its doors for good.

VASCO Data Security, DigiNotar’s parent company, today said that DigiNotar had filed a voluntary bankruptcy petition on Monday, September 19, 2011 and was declared bankrupt by a Dutch Court today.

DigiNotar Forced Into BankruptcyThis announcement should come as no surprise. The company halted sales of its digital certificates following the incident, and the revenue generated for VASCO Data Security who acquired DigiNotar for $12.9 million in January 2011, was minimal. DigiNotar in the first six months of 2011 generated less than 100,000 Euro in revenue from its SSL and EVSSL business.

The Court appointed a bankruptcy trustee and a bankruptcy judge to manage the bankruptcy process. The trustee will work under the supervision of the judge and be responsible for the administration and liquidation of DigiNotar. The Trustee is required to report to the Judge and his reports are expected to be made available to the public and will serve as a source of information to the creditors and other stakeholders.

“Although we are saddened by this action and the circumstances that necessitated it,” said T. Kendall Hunt, VASCO’s Chairman and CEO. “We would like to remind our customers and investors that the incident at DigiNotar has no impact on VASCO’s core authentication technology. The technological infrastructures of VASCO and DigiNotar remain completely separated, meaning that there is no risk for infection of VASCO’s strong authentication business.”

“While we do not plan to re-enter the certificate authority business in the near future, we expect that we will be able to integrate the PKI/identity verification technology acquired from DigiNotar into our core authentication platform,” Hunt added.

“We are working to quantify the damages caused by the hacker’s intrusion into DigiNotar’s system and will provide an estimate of the range of losses as soon as possible, ” said Cliff Bown, VASCO’s Executive Vice President and CFO.

“The general lesson it is that we must understand that all organizations are at risk for compromise by determined adversaries,” said Anup Gosh, Founder & Chief Executive Officer at Invincea in a previous statement to SecurityWeek. “This problem is everyone’s and no one is immune given that our adversaries have continued to innovate while as an industry Information Security has largely remained stagnant.”

The hacker who claimed responsibility for the attack identifies himself as “Comodohacker”, a 21-year old hacker acting as an individual, has also hacked other CA’s, but this is the first that officially has been forced out of business as a result. Will ComodoHacker force other Certificate Authorities out of business?

Advertisement. Scroll to continue reading.

Systems at GlobalSign, one of the longest established Certification Authorities, were also recently compromised, though not to the extent as DigitNotar, which an investigation reported had very weak security practices in place. GlobalSign’s breach appears to be limited to only a Web server that hosted the company’s Web site. The company did temporarily halt sales of its digital certificates but has since resumed selling them.

The claimed hacker, reportedly an Iranian loyalist, says he has developed an “unbreakable” system for replacing SSL certificates. “If my country get equal right as USA in controlling emails, I may share my brilliant unbreakable encryption system for replacement of SSL and CA system,” he wrote in a previous statement. He also hints at his bright future as a hacker, writing: “P.S.S. never forget, I’m just 21, you have to see much more from me!”

Written By

For more than 15 years, Mike Lennon has been closely monitoring the threat landscape and analyzing trends in the National Security and enterprise cybersecurity space. In his role at SecurityWeek, he oversees the editorial direction of the publication and is the Director of several leading security industry conferences around the world.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Understand how to go beyond effectively communicating new security strategies and recommendations.

Register

Join us for an in depth exploration of the critical nature of software and vendor supply chain security issues with a focus on understanding how attacks against identity infrastructure come with major cascading effects.

Register

Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.

CISO Strategy

SecurityWeek spoke with more than 300 cybersecurity experts to see what is bubbling beneath the surface, and examine how those evolving threats will present...

CISO Conversations

Joanna Burkey, CISO at HP, and Kevin Cross, CISO at Dell, discuss how the role of a CISO is different for a multinational corporation...

CISO Conversations

In this issue of CISO Conversations we talk to two CISOs about solving the CISO/CIO conflict by combining the roles under one person.

CISO Strategy

Security professionals understand the need for resilience in their company’s security posture, but often fail to build their own psychological resilience to stress.

Management & Strategy

SecurityWeek examines how a layoff-induced influx of experienced professionals into the job seeker market is affecting or might affect, the skills gap and recruitment...

Malware & Threats

The NSA and FBI warn that a Chinese state-sponsored APT called BlackTech is hacking into network edge devices and using firmware implants to silently...