Skip to main content

Breached CA DigiNotar files for bankruptcy

The attacker known as 'ComodoHacker' appears to have succeeded in his aim, as beleaguered Dutch certificate authority DigiNotar has filed for bankruptcy.

DigiNotar shot to infamy when it was discovered that an attacker had gained access to the company's signing servers, creating over 500 seemingly valid certificates for high-profile domains included and to be used in 'man-in-the-middle' attacks. Some 300,000 Iranian dissidents are believed to have had their communications monitored thanks to the attacker's falsified certificates.

An individual known as 'ComodoHacker' claimed responsibility for the attack, stating that it was in delayed retaliation for the Srebrenica massacre during the Bosnian War sixteen years ago. As the handle suggests, 'ComodoHacker' also claimed to have the same access to several other certificate authorities, including Comodo and GlobalSign.

While DigiNotar attempted to repair the damage, cooperating with software publishers to ensure that the invalid certificates were revoked and that new, secure versions were put in place, it is too little to save the company.

As a result, a regional court in Haarlem has appointed a bankruptcy trustee to manage the liquidation of DigiNotar and its assets, parent company Vasco Data Security has confirmed. The company's staff, which number around 50 individuals, are expected to be laid off.

"We are working to quantify the damages caused by the hacker's intrusion into DigiNotar's system," Vasco's executive vice president Cliff Brown claimed, "and will provide an estimate of the range of losses as soon as possible."

Vasco originally acquired DigiNotar in order to integrate identity verification technology the company had developed into its own products - something which Vasco has vowed will continue, despite the sad fate of DigiNotar itself.