Please help improve this article by adding citations to reliable sources. This section needs additional citations for verification. Effective immediately the court appointed a receiver, a court-appointed trustee who takes over the management of all of DigiNotar's affairs as it proceeds through the bankruptcy process to liquidation.
On September 20, 2011, Vasco announced that its subsidiary DigiNotar was declared bankrupt after filing for voluntary bankruptcy at the Haarlem court. In a VASCO press release dated June 20, 2011, one day after DigiNotar first detected an incident on their systems VASCO's president and COO Jan Valcke is quoted as stating "We believe that DigiNotar's certificates are among the most reliable in the field." Bankruptcy On January 10, 2011, the company was sold to VASCO Data Security International. Īlthough DigiNotar had been a general-purpose CA for several years, they still targeted the market for notaries and other professionals. If they comply with additional rules on training and work procedures, they can become an accredited TTP Notary. A notary can become a member of TTP Notarissen if they comply with certain rules.
The KNB offered advisory services to their members on how to implement electronic services in their business one of these activities was offering secure certificates.ĭick Batenburg and the KNB formed the group TTP Notarissen (TTP Notaries), where TTP stands for trusted third party. The KNB offers all kind of central services to the notaries, and because many of the services that notaries offer are official legal procedures, security in communications is important. However, they have since been revoked.ĭigiNotar was originally set up in 1998 by the Dutch notary Dick Batenburg from Beverwijk and the Koninklijke Notariële Beroepsorganisatie, the national body for Dutch civil law notaries. Examples were the authentication infrastructure DigiD and the central car-registration organisation Netherlands Vehicle Authority (RDW).ĭigiNotar's root certificates were removed from the trusted-root lists of all major web browsers and consumer operating systems on or around Augthe "Staat der Nederlanden" roots were initially kept because they were not believed to be compromised. Some of the most-used electronic services offered by Dutch governments used certificates from DigiNotar. National and local Dutch authorities and organisations offering services for the government who want to use certificates for secure internet communication can request such a certificate. This issuance was via two intermediate certificates, each of which chained up to one of the two "Staat der Nederlanden" root CAs. Secondly, they issued certificates for the Dutch government's PKIoverheid ("PKIgovernment") program. Entrust certificates were not issued since July 2010, but some were still valid up to July 2013. First, they issued certificates under their own name (where the root CA was "DigiNotar Root CA").
Īfter more than 500 fake DigiNotar certificates were found, major web browser makers reacted by blacklisting all DigiNotar certificates. The hack has also been claimed by the so-called Comodohacker, allegedly a 21-year-old Iranian student, who also claimed to have hacked four other certificate authorities, including Comodo, a claim found plausible by F-Secure, although not fully explaining how it led to the subsequent "widescale interception of Iranian citizens". While nobody has been charged with the break-in and compromise of the certificates (as of 2013 ), cryptographer Bruce Schneier says the attack may have been "either the work of the NSA, or exploited by the NSA." However, this has been disputed, with others saying the NSA had only detected a foreign intelligence service using the fake certificates. Īn investigation into the hacking by Dutch-government appointed Fox-IT consultancy identified 300,000 Iranian Gmail users as the main target of the hack (targeted subsequently using man-in-the-middle attacks), and suspected that the Iranian government was behind the hack. That same month, the company was declared bankrupt. On September 3, 2011, after it had become clear that a security breach had resulted in the fraudulent issuing of certificates, the Dutch government took over operational management of DigiNotar's systems. DigiNotar was a Dutch certificate authority owned by VASCO Data Security International, Inc.