DigiNotar files for bankruptcy

Stung by a cyberattack that caused it to issue fake online security certificates for hundreds of companies, the Dutch certificate authority is closing for business.

Lance Whitney Contributing Writer

Lance Whitney is a freelance technology writer and trainer and a former IT professional. He's written for Time, CNET, PCMag, and several other publications. He's the author of two tech books--one on Windows and another on LinkedIn.

See full bio

Lance Whitney

Sept. 21, 2011 9:42 a.m. PT

2 min read

Dutch certificate authority DigiNotar is closing up shop following a recent hacking attack that caused it to issue a series of phony online security certifcates.

Parent company Vasco announced the bankruptcy filing yesterday, explaining that a trustee will work with the court as DigiNotar goes through the bankruptcy process.

Vasco is also currently analyzing the extent of the damage caused by the cyberattack.

"We are working to quantify the damages caused by the hacker's intrusion into DigiNotar's system and will provide an estimate of the range of losses as soon as possible, "Cliff Bown, Vasco's executive vice president and CFO, said in a statement. But Bown added that the losses are expected to be "significant."

Related stories:
• Fraudulent Google certificate points to Internet attack
• Google users in Iran targeted in SSL spoof
• Dutch firm linked to many more fraudulent Net certificates
• Comodohacker returns in DigiNotar incident
• Microsoft issue fixes, blacklists more DigiNotar certificates

Responsible for granting Secure Sockets Layer (SSL) certificates to online companies to prove their authenticity, DigiNotar was recently attacked by a hacker who was able to breach security and generate fake certificates capable of pointing users to other Web sites. Initially affecting Google.com users in Iran, the false certificates were soon discovered to have targeted other organizations, including Microsoft, Skype, Twitter, Facebook, WordPress, the CIA, and MI6.

After the incident became public knowledge, the Dutch government revoked trust for DigiNotar's security certificates and took over management of the company. Microsoft, Mozilla, Google, Opera, and Apple blacklisted the certificates for their respective browsers, while Microsoft and Adobe were forced to issue security updates to resolve the problem.

A hacker dubbed Comodohacker after a March cyberattack against a Comodo reseller soon claimed responsibility for the breach of DigiNotar. Trying to explain the reason behind his attack, Comodohacker blamed the Dutch government for failing to prevent the Srebrenica genocide, a massacre that occurred 16 years ago in which up to 8,000 men and boys were killed by Bosnian Serb forces.

Writing about the end of DigiNotar, Sophos technology consultant Graham Cluley expressed little in the way of tears. Asserting that there "aren't many who will be mourning its loss," Cluley blamed DigiNotar for failing to reveal the security breach to the public until several weeks after its discovery.