September 21, 2011, 4:24 PM — The Dutch company that was hacked earlier this summer by certificate thieves has gone bust and shut down, its U.S.-based owner said Tuesday.
DigiNotar filed for bankruptcy in a Netherland court on Monday, and its assets will be liquidated by a court-appointed trustee, said Vasco Data Security International, the Chicago company that purchased DigiNotar last January for $13.1 million.
"Effective as of the beginning of business today, the Trustee has taken over the management of DigiNotar's business activities," Vasco said in a statement on Tuesday.
In late August, DigiNotar admitted that hackers had illegally generated numerous SSL (secure socket layer) certificates, including one for google.com that was later found to have been used to spy on some 300,000 Iranians through their Gmail accounts.
DigiNotar confirmed that it had first discovered the intrusion on July 19, but had not disclosed the breach to browser makers, the Dutch government -- which used DigiNotar certificates to validate the identities of many of its websites -- or other customers until more than a month later.
An investigation sponsored by the Dutch government revealed that the hacker or hackers first compromised DigiNotar's servers in mid-June and made off with more than 500 certificates.
After DigiNotar went public, all five of the major browser makers -- Apple, Google, Microsoft , Mozilla and Opera -- issued updates that barred users from reaching sites secured with DigiNotar-issued certificates.
DigiNotar's filing for bankruptcy was not unexpected.
On Sept. 15, Vasco filed a statement with the U.S. Securities and Exchange Commission (SEC) that noted the company's investment in DigiNotar had been "materially impaired," and added that it was "not able to determine the amount of impairment loss Vasco may incur or estimate the amount of future cash expenditures that the Company may incur in connection with the impairment."
Vasco credited the loss to a Sept. 14 decision by the Dutch Independent Post and Telecommunications Authority (OPTA) to terminate DigiNotar as a certificate authority (CA), preventing it from issuing any further certificates.
But the browser makers' moves to block, then bar, DigiNotar certificates also played a part, said a security expert.