Security Experts:

Connect with us

Hi, what are you looking for?


Management & Strategy

Hacker Forces DigiNotar Into Bankruptcy

Following the recent cyber attack that resulted in an intrusion into DigiNotar’s Certificate Authority (CA) infrastructure and the fraudulent issuance of SSL certificates for hundreds of domains, including, CIA.Gov and many others, DigiNotar officially will be closing its doors for good.

Following the recent cyber attack that resulted in an intrusion into DigiNotar’s Certificate Authority (CA) infrastructure and the fraudulent issuance of SSL certificates for hundreds of domains, including, CIA.Gov and many others, DigiNotar officially will be closing its doors for good.

VASCO Data Security, DigiNotar’s parent company, today said that DigiNotar had filed a voluntary bankruptcy petition on Monday, September 19, 2011 and was declared bankrupt by a Dutch Court today.

DigiNotar Forced Into BankruptcyThis announcement should come as no surprise. The company halted sales of its digital certificates following the incident, and the revenue generated for VASCO Data Security who acquired DigiNotar for $12.9 million in January 2011, was minimal. DigiNotar in the first six months of 2011 generated less than 100,000 Euro in revenue from its SSL and EVSSL business.

The Court appointed a bankruptcy trustee and a bankruptcy judge to manage the bankruptcy process. The trustee will work under the supervision of the judge and be responsible for the administration and liquidation of DigiNotar. The Trustee is required to report to the Judge and his reports are expected to be made available to the public and will serve as a source of information to the creditors and other stakeholders.

“Although we are saddened by this action and the circumstances that necessitated it,” said T. Kendall Hunt, VASCO’s Chairman and CEO. “We would like to remind our customers and investors that the incident at DigiNotar has no impact on VASCO’s core authentication technology. The technological infrastructures of VASCO and DigiNotar remain completely separated, meaning that there is no risk for infection of VASCO’s strong authentication business.”

“While we do not plan to re-enter the certificate authority business in the near future, we expect that we will be able to integrate the PKI/identity verification technology acquired from DigiNotar into our core authentication platform,” Hunt added.

“We are working to quantify the damages caused by the hacker’s intrusion into DigiNotar’s system and will provide an estimate of the range of losses as soon as possible, ” said Cliff Bown, VASCO’s Executive Vice President and CFO.

“The general lesson it is that we must understand that all organizations are at risk for compromise by determined adversaries,” said Anup Gosh, Founder & Chief Executive Officer at Invincea in a previous statement to SecurityWeek. “This problem is everyone’s and no one is immune given that our adversaries have continued to innovate while as an industry Information Security has largely remained stagnant.”

The hacker who claimed responsibility for the attack identifies himself as “Comodohacker”, a 21-year old hacker acting as an individual, has also hacked other CA’s, but this is the first that officially has been forced out of business as a result. Will ComodoHacker force other Certificate Authorities out of business?

Systems at GlobalSign, one of the longest established Certification Authorities, were also recently compromised, though not to the extent as DigitNotar, which an investigation reported had very weak security practices in place. GlobalSign’s breach appears to be limited to only a Web server that hosted the company’s Web site. The company did temporarily halt sales of its digital certificates but has since resumed selling them.

The claimed hacker, reportedly an Iranian loyalist, says he has developed an “unbreakable” system for replacing SSL certificates. “If my country get equal right as USA in controlling emails, I may share my brilliant unbreakable encryption system for replacement of SSL and CA system,” he wrote in a previous statement. He also hints at his bright future as a hacker, writing: “P.S.S. never forget, I’m just 21, you have to see much more from me!”

Written By

For more than 10 years, Mike Lennon has been closely monitoring the threat landscape and analyzing trends in the National Security and enterprise cybersecurity space. In his role at SecurityWeek, he oversees the editorial direction of the publication and is the Director of several leading security industry conferences around the world.

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join this webinar to learn best practices that organizations can use to improve both their resilience to new threats and their response times to incidents.


Join this live webinar as we explore the potential security threats that can arise when third parties are granted access to a sensitive data or systems.


Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.

Management & Strategy

SecurityWeek examines how a layoff-induced influx of experienced professionals into the job seeker market is affecting or might affect, the skills gap and recruitment...


Twenty-one cybersecurity-related M&A deals were announced in December 2022.

Management & Strategy

Industry professionals comment on the recent disruption of the Hive ransomware operation and its hacking by law enforcement.

CISO Strategy

SecurityWeek spoke with more than 300 cybersecurity experts to see what is bubbling beneath the surface, and examine how those evolving threats will present...

Management & Strategy

Tens of cybersecurity companies have announced cutting staff over the past year, in some cases significant portions of their global workforce.

CISO Conversations

SecurityWeek speaks with two leading CISOs in the aviation industry – Mitch Cyrus of Honda Aircraft, and Mark Ferguson of Bombardier.