Hacked security firm closes its doors

DigiNotar head office, AP A report into the DigiNotar hack found a "severe breach" of the firm's network

Related Stories

Dutch security firm DigiNotar has filed for voluntary bankruptcy following a series of attacks by a hacker.

The attackers penetrated DigiNotar's internal systems and then issued fake security certificates so they could impersonate web firms.

The certificates are believed to have been used to eavesdrop on the Google email accounts of about 300,000 people.

The hacker behind the attacks claims to have penetrated four other firms that issue security certificates.

No tears

DigiNotar's parent company Vasco Data Security said the firm had been put into voluntary bankruptcy. A trustee for the business has been appointed who will oversee the winding up of DigiNotar.

The scale of the attack on DigiNotar began to be uncovered on 19 July when the firm said it first found evidence of an intrusion. It started to revoke certificates and an investigation was carried out to find out how much damage had been done.

An initial report found that hundreds of fake certificates had been issued and hackers had almost total access to DigiNotar's network.

The security certificates it and many other firms issue act as a guarantee of identity so people can be sure they are connecting to the site they think they are.

The fake certificates DigiNotar revoked were for some of the biggest net firms including Google, Facebook, Twitter and Skype.

It is thought the fake certificates for Google were used in Iran to peep at the email accounts of about 300,000 people.

Soon after discovering the attack, DigiNotar stopped issuing certificates altogether. Once wound up, its business and assets will be folded into Vasco.

"We are working to quantify the damages caused by the hacker's intrusion into DigiNotar's system and will provide an estimate of the range of losses as soon as possible, " said Vasco in a statement.

It added that its network and systems remained separate from DigiNotar and, as a result, "there is no risk for infection of Vasco's strong authentication business".

Writing on the Sophos blog, Graham Cluley said few people would shed tears over the closure.

"The firm lost all trust when it was discovered that it had known that it had suffered a security breach weeks before coming clean about the problem," he said.

More on This Story

Related Stories

The BBC is not responsible for the content of external Internet sites

More Technology stories

RSS

Features

  • Alana Saarinen at pianoMum, Dad and Mum

    The girl with three biological parents


  • Polish and British flags alongside British roadsideWar debt

    Does the UK still feel a sense of obligation towards Poles?


  • Islamic State fighters parade in Raqqa, Syria (30 June 2014)Who backs IS?

    Where Islamic State finds support to become a formidable force


  • Bride and groom-to-be photographed underwaterWetted bliss

    Chinese couples told to smile, but please hold your breath


  • A ship is dismantled for scrap in the port city of Chittagong, BangladeshDangerous work

    Bangladesh's ship breakers face economic challenge


BBC © 2014 The BBC is not responsible for the content of external sites. Read more.

This page is best viewed in an up-to-date web browser with style sheets (CSS) enabled. While you will be able to view the content of this page in your current browser, you will not be able to get the full visual experience. Please consider upgrading your browser software or enabling style sheets (CSS) if you are able to do so.