The Dutch government has asked DigiNotar, the Dutch certificate authority that was broken into last summer, for €8.7 million ($11M USD) to recoup money it spent buying new certificates, according to several Dutch news reports. The Dutch interior ministry asked for €1 million in January, yet the number “has now risen to €8.7 million,” according to the company’s curator Rocco Mulder in an interview with Dutch news site nu.nl.
Mulder stressed however that there’s very little of the company left to seize after it was forced to declare bankruptcy late last fall. Diginotar ceased operations, suspended its certificate business and since then, has been managed by a court-appointed trustee and bankruptcy judge.
Mulder argues that it was the decision of the Independent Post and Telecommunications Authority of the Netherlands (OPTA) that led to the downfall of Diginotar. Mulder claims OPTA acted too fast in suspending the company’s certificates and was heavily swayed by Fox-IT, a consultancy whose audit report on Diginotar detailed the attack and its effects.
Diginotar first made headlines in August after it had falsely issued an SSL certificate for Google to a third party. Additional forged certificates for Mozilla, Yahoo, WordPress and the Tor Project later surfaced, making it clear the authority had been breached earlier that summer.
Diginotar’s parent company, VASCO Data Security International, eventually admitted its CA infrastructure had been compromised that July and the company halted issuing SSL certificates soon after.