Fox-IT

Although both active in IT security Fox-IT isn't related to the Chinese software company Foxit Corp.
Fox-IT
Founded 1999
Headquarters Delft, Netherlands
Website fox-it.com

Fox-IT is a Dutch consultancy company based in Delft. Fox-IT is active in the information technology security sector. Their mission-statement is: "Making technical and innovative contributions for a more secure society."[1]

Contents

History

Two Dutchmen with a background in forensic investigations and hacking the infrastructure of the Netherlands Forensic Institute, Ronald Prins and Menno van der Marel, formed the company in 1999. It was the first digital investigation agency in Western-Europe.[2]

In 2003 Fox-IT took over some of the activities of Philips Crypto when the electronics-firm saw the revenues of Philips Crypto going down.[3]

Later, in 2005, Fox-IT opened their first international offices in Great Britain and on Aruba (formerly part of the Netherlands Antilles). Other markets, such as the Middle East and the United States are served via local partners.

In December 2007 the company came out as most reliable security company in a survey from Emerce, which was performed by TNS Nipo. The survey was part of the Emerce 100: a survey in the image of e-commerce companies. Overall the company ended on place 11, behind Google but before companies as Ebay and the Boston Consultancy Group.[4][5]

The company has aprox. 130 staff who are all screened by the AIVD.[1]

Products and services

The main activity of Fox-IT is advising companies, governments and other organisations on IT security. Main customers are national governments and large organisations.

Consultancy services for the implementation of secure e-government systems and performing security-audits are the core-business of Fox-IT. Their audit into CA DigiNotar lead to the Dutch government revoking their trust in that company and certificates issued by Diginotar under the Dutch government root-certificate were no longer valid.[6] Also permanent security monitoring services and digital forensic investigation services are offered. They also developed complete IT solutions and products such as Fox Replay and encryption-systems.

Encryption systems

Fix DataDiode is a secure one-way communication system, eg. to secure datatransfer where no real-time authentication is possible. For example when copying data on a physical medium such as a disc or USB key but also other applications are possible. The DataDiode is also used in the lawful data interception solution from Fox-IT uses the data-diode to prevent any tampering of data from the point where the data is intercepted and the central storage/monitoring systems.[7]

Secure VPN: SINA VPN. Sina VPN solution was developed as the VPN solution to connect to State Secret networks in Germany and is also approved for use in The Netherlands for networks where state secrets are involved.[8]

RedFox Crypto Chip: Fox-IT was awarded a contract from the Dutch government to design a new hardware based encryption system. The clearance level of systems using this chip is still under consideration.[9]

Fox Random Card: hardware based Radom Number Generator: many cryptographic solutions depend on the use of true random numbers and this product offers a PCMCIA card to generate true random numbers.[10]

Fox Replay

Data that is intercepted from lawful interception needs to be analysed. There are two main types of intercepted data: the data from an individual internet-connection (for example the ADSL access-line of an internet subscriber) or the email-communication of an email-address. In both cases there will be a large amount of unstructured data. Lawful interception involves several steps: the actual intercepting of data, this is normally done by the internet service provider based on the IP address of the intercepted party of the (cable or DSL) modem of this party. Then all this data has to be securely sent to a central monitoring and storage system of the (government) agency responsible for this task and finally all this data needs to be monitored and analysed.

Fox Replay is a series of products to analyse data that is intercepted and also includes a covert version where the agency can do the interception themselves.

Fox Replay Covert: For the 'standard' interception there is clear legislation where the ISP needs to intercept traffic and send it to the central processing agency, but there are situation where there is no such friendly environment where the actual interception will be performed by the ISP. This can be the case when an agency wants to intercept traffic in another country or in a country where there is no reliable central government. The Fox Replay Covert is an all-in-one solution where both the actual interception, storage and the analysis is done in one system.[11]

Fox Replay Analyst is an application where the intercepted traffic can be followed in real-time or in streaming-mode where you analyse stored data-steams. All IP datastreams can be analysed, both IPv4 and IPv6 and it is possible to scan the actual content of the data, even if that in itself is sent in compressed form such as ZIP files etc. There are several 'search' options to analyse these datastreams. When not using the 'real-time' datastream you can reconstruct the stored data.

Fox Replay Personal Workstation is a laptop-version of the Replay products where the analysis can be done outside the central monitoring and storage centre.

The combination of above Replay Products and the Datadiode product provide a framework for lawful interception.

On the 26th of September 2011, it was announced[12] that the Replay division would be spun off to NetScout Systems, Inc.

External products

Fox-IT also delivers products from other companies. So is the company partner of the German company Secusmart.[13]

Clients and cases

Dutch government

Fox-IT is a regular partner of the Dutch government on data interception and IT-security. Most Dutch government-departments and security agencies do business with the company.[14] The audit at DigiNotar (see below) was performed on request of the Dutch government.

DigiNotar

Although already a relatively well established name in the sector, the company became a much heard name due to the security incident with the false certificates issued by DigiNotar. DigiNotar was one of the 4 Certificate Service Providers that could issue certificates under the PKIoverheid root-certificate (Overheid is the Dutch word for Government. National and local governments and their agencies can request certificates under this root-CA and use the Public Key Infrastructure to secure their electronic communications. PKIoverheid certificates are used by the Belastingdienst (tax-collector) and the authentication-platform DigiD. The Dutch government does not issue certificates themselves but have assigned a few companies to issue them in their behalf.

One of these companies was DigiNotar, but after a break-in into their systems false certificates were issued to unknown parties such as a wildcard certificate for *.google.com which were issued to someone in Iran. Although there were no clear indicarions that DigiNotar issued certificates under the PKIoverheid root the Dutch government asked Fox-IT to do an investigation in DigiNotar and audit their systems and procedures to guarantee that certificates under the PKIoverheid root were still 100% secure.[15][16] The outcome of this audit/investigation was that there was no proof that false certificates were issued under the PKIoverheid root, there was also no proof that the DigiNotar issued certificates were safe and the Dutch government decided to end their relationship with DigiNotar and all organisations that used certificates issued by DigiNotar were advised to request a new certificate by one of the remaining three CSP's.[6]

The DigiNotar hack was claimed by ComodoHacker, the hacker responsible for the security breach at Comodo Group. F-Secure has confirmed that ComodoHacker is indeed also responsible for the DigiNotar hack and warns that he targets other CA's as well.[17]

GlobalSign

ComodoHacker has claimed that he has also hacked the environment of CA GlobalSign;[18] GlobalSign takes this claim so serious that they have stopped the signing or issuing of certificates.

They also hired Fox-IT to audit and investigate their environment because Fox-IT have a lot of knowledge on the matter and this particular hacker.[19][20]

References

  1. ^ a b (secure)Website Fox-IT: https://www.fox-it.com/en/about-fox-it About Fox-IT], visited 5 September, 2011.
  2. ^ Fox-IT history, visited 5 September, 2011.
  3. ^ Website Crypto Museum on Philips Crypto, visited 5 September, 2011.
  4. ^ EmerceTop10 Security 2008, 17 December 2007, visited 6 September, 2011.
  5. ^ Emerce 100 - 2008, 17 December 2007, visited 6 September, 2011.
  6. ^ a b Newsrelease Dutch Government: Government revokes trust DigiNotar certificates, 3 September, 2011. Visited 5 September, 2011.
  7. ^ Website Dadadiode, visited 6 September, 2011.
  8. ^ Product description Sina VPN, visited 6 September, 2011.
  9. ^ Redfox Cryptochip, PDF document, retrieved 5 September, 2011.
  10. ^ Fox-IT website on FOX Randomcard, visited 5 September, 2011.
  11. ^ Product folder Fox Replay Covert, retrieved 6 September, 2011.
  12. ^ Press release announcing spin off of Fox Replay BV
  13. ^ Website Secusmart over Partner Fox-IT, visited 5 September, 2011.
  14. ^ Nieuwsarchief juni 2009, retrieved 5 September, 2011.
  15. ^ ZDNet UK: False SSL certificates issued for spy-agencies, 5 September, 2011.
  16. ^ DigiNotar website Interim audit report Fox-IT, 5 September, 2011. Visited 6 September, 2011.
  17. ^ F-Secure websiteDiginotar hacker comes out, 6 September, 2011.
  18. ^ PasteBin statement of ComodoHacker, 5 September, 2011
  19. ^ GlobalSign statement: Security Response, 6 September, 2011.
  20. ^ Tweakers.net website GlobalSign stops issueing SSL certificates and hires Fox-IT, 7 September, 2011.

External links