Monday 17 January 2022

DigiNotar hack made possible as 30 software updates were ignored

Last year’s hack of Dutch digital security company DigiNotar was due to aging software which was at least 30 updates out of date, website reported on Sunday.

In addition, news of the hack only became public knowledge a month after the site had been disabled, documents obtained by using freedom of information show.
The information comes from research carried out by internet security firm ITsec on behalf of DigiNotar before the hack was in the public domain.
Security certificates
DigiNotar’s systems were hacked in mid-July 2011 and over 500 website security certificates were stolen, including ones for intelligence services like the CIA, Mossad and MI6. Experts said at the time they thought Iran was behind the attack and that Iranian dissidents were the main target.
A preliminary report for the government by internet research group Fox-IT into DigiNotar also revealed the company used old software and did not have sufficient security measures in place.
The ITsec report said DigiNotar was using a content management system made by DotNetNuke dating from March 2008 and that the company had warned of a serious leak in May that year. This is the leak that hackers were able to use because 30 updates had been ignored.

Thank you for donating to

The team would like to thank all the generous readers who have made a donation in recent weeks. Your financial support has helped us to expand our coverage of the coronavirus crisis into the evenings and weekends and make sure you are kept up to date with the latest developments. has been free for 14 years, but without the financial backing of our readers, we would not be able to provide you with fair and accurate news and features about all things Dutch. Your contributions make this possible.

If you have not yet made a donation, but would like to, you can do so via Ideal, credit card or Paypal.