Fox-IT
Encyclopedia
Fox-IT is a Dutch consultancy company based in Delft
. Fox-IT is active in the information technology
security
sector. Their mission-statement is: "Making technical and innovative contributions for a more secure society."
, Ronald Prins and Menno van der Marel, formed the company in 1999. It was the first digital investigation agency in Western-Europe.
In 2003 Fox-IT took over some of the activities of Philips
Crypto when the electronics-firm saw the revenues of Philips Crypto going down.
Later, in 2005, Fox-IT opened their first international offices in Great Britain
and on Aruba
(formerly part of the Netherlands Antilles
). Other markets, such as the Middle East
and the United States
are served via local partners.
In December 2007 the company came out as most reliable security company in a survey from Emerce, which was performed by TNS Nipo. The survey was part of the Emerce 100: a survey in the image of e-commerce companies. Overall the company ended on place 11, behind Google
but before companies as Ebay
and the Boston Consultancy Group.
The company has aprox. 130 staff who are all screened by the AIVD
.
Consultancy services for the implementation of secure e-government systems and performing security-audits are the core-business of Fox-IT. Their audit into CA DigiNotar lead to the Dutch government revoking their trust in that company and certificates issued by Diginotar under the Dutch government root-certificate were no longer valid.
Also permanent security monitoring services and digital forensic investigation services are offered.
They also developed complete IT solutions and products such as Fox Replay and encryption-systems.
solution from Fox-IT uses the data-diode to prevent any tampering of data from the point where the data is intercepted and the central storage/monitoring systems.
Secure VPN: SINA VPN. Sina VPN solution was developed as the VPN solution to connect to State Secret networks in Germany and is also approved for use in The Netherlands for networks where state secret
s are involved.
RedFox Crypto Chip: Fox-IT was awarded a contract from the Dutch government to design a new hardware based encryption system. The clearance level of systems using this chip is still under consideration.
Fox Random Card: hardware based Radom Number Generator
: many cryptographic solutions depend on the use of true random numbers and this product offers a PCMCIA card to generate true random numbers.
needs to be analysed. There are two main types of intercepted data: the data from an individual internet-connection (for example the ADSL access-line of an internet subscriber) or the email-communication of an email-address. In both cases there will be a large amount of unstructured data.
Lawful interception involves several steps: the actual intercepting of data, this is normally done by the internet service provider based on the IP address of the intercepted party of the (cable or DSL) modem of this party. Then all this data has to be securely sent to a central monitoring and storage system of the (government) agency responsible for this task and finally all this data needs to be monitored and analysed.
Fox Replay is a series of products to analyse data that is intercepted and also includes a covert version where the agency can do the interception themselves.
Fox Replay Covert: For the 'standard' interception there is clear legislation where the ISP needs to intercept traffic and send it to the central processing agency, but there are situation where there is no such friendly environment where the actual interception will be performed by the ISP. This can be the case when an agency wants to intercept traffic in another country or in a country where there is no reliable central government. The Fox Replay Covert is an all-in-one solution where both the actual interception, storage and the analysis is done in one system.
Fox Replay Analyst is an application where the intercepted traffic can be followed in real-time or in streaming-mode where you analyse stored data-steams. All IP datastreams can be analysed, both IPv4 and IPv6 and it is possible to scan the actual content of the data, even if that in itself is sent in compressed form such as ZIP files etc. There are several 'search' options to analyse these datastreams. When not using the 'real-time' datastream you can reconstruct the stored data.
Fox Replay Personal Workstation is a laptop-version of the Replay products where the analysis can be done outside the central monitoring and storage centre.
The combination of above Replay Products and the Datadiode product provide a framework for lawful interception.
On the 26th of September 2011, it was announced that the Replay division would be spun off to NetScout Systems, Inc.
. DigiNotar was one of the 4 Certificate Service Providers that could issue certificates under the PKIoverheid root-certificate (Overheid is the Dutch word for Government
. National and local governments and their agencies can request certificates under this root-CA and use the Public Key Infrastructure
to secure their electronic communications. PKIoverheid certificates are used by the Belastingdienst (tax-collector) and the authentication-platform DigiD
. The Dutch government does not issue certificates themselves but have assigned a few companies to issue them in their behalf.
One of these companies was DigiNotar, but after a break-in into their systems false certificates were issued to unknown parties such as a wildcard certificate for *.google.com which were issued to someone in Iran
. Although there were no clear indicarions that DigiNotar issued certificates under the PKIoverheid root the Dutch government asked Fox-IT to do an investigation in DigiNotar and audit their systems and procedures to guarantee that certificates under the PKIoverheid root were still 100% secure.
The outcome of this audit/investigation was that there was no proof that false certificates were issued under the PKIoverheid root, there was also no proof that the DigiNotar issued certificates were safe and the Dutch government decided to end their relationship with DigiNotar and all organisations that used certificates issued by DigiNotar were advised to request a new certificate by one of the remaining three CSP's.
The DigiNotar hack was claimed by ComodoHacker, the hacker responsible for the security breach at Comodo Group. F-Secure has confirmed that ComodoHacker is indeed also responsible for the DigiNotar hack and warns that he targets other CA's as well.
; GlobalSign takes this claim so serious that they have stopped the signing or issuing of certificates.
They also hired Fox-IT to audit and investigate their environment because Fox-IT have a lot of knowledge on the matter and this particular hacker.
Delft
Delft is a city and municipality in the province of South Holland , the Netherlands. It is located between Rotterdam and The Hague....
. Fox-IT is active in the information technology
Information technology
Information technology is the acquisition, processing, storage and dissemination of vocal, pictorial, textual and numerical information by a microelectronics-based combination of computing and telecommunications...
security
Security
Security is the degree of protection against danger, damage, loss, and crime. Security as a form of protection are structures and processes that provide or improve security as a condition. The Institute for Security and Open Methodologies in the OSSTMM 3 defines security as "a form of protection...
sector. Their mission-statement is: "Making technical and innovative contributions for a more secure society."
History
Two Dutchmen with a background in forensic investigations and hacking the infrastructure of the Netherlands Forensic InstituteNetherlands Forensic Institute
The Netherlands Forensic Institute, is the national forensics institute of the Netherlands, located in the Ypenburg quarter of The Hague....
, Ronald Prins and Menno van der Marel, formed the company in 1999. It was the first digital investigation agency in Western-Europe.
In 2003 Fox-IT took over some of the activities of Philips
Philips
Koninklijke Philips Electronics N.V. , more commonly known as Philips, is a multinational Dutch electronics company....
Crypto when the electronics-firm saw the revenues of Philips Crypto going down.
Later, in 2005, Fox-IT opened their first international offices in Great Britain
Great Britain
Great Britain or Britain is an island situated to the northwest of Continental Europe. It is the ninth largest island in the world, and the largest European island, as well as the largest of the British Isles...
and on Aruba
Aruba
Aruba is a 33 km-long island of the Lesser Antilles in the southern Caribbean Sea, located 27 km north of the coast of Venezuela and 130 km east of Guajira Peninsula...
(formerly part of the Netherlands Antilles
Netherlands Antilles
The Netherlands Antilles , also referred to informally as the Dutch Antilles, was an autonomous Caribbean country within the Kingdom of the Netherlands, consisting of two groups of islands in the Lesser Antilles: Aruba, Bonaire and Curaçao , in Leeward Antilles just off the Venezuelan coast; and Sint...
). Other markets, such as the Middle East
Middle East
The Middle East is a region that encompasses Western Asia and Northern Africa. It is often used as a synonym for Near East, in opposition to Far East...
and the United States
United States
The United States of America is a federal constitutional republic comprising fifty states and a federal district...
are served via local partners.
In December 2007 the company came out as most reliable security company in a survey from Emerce, which was performed by TNS Nipo. The survey was part of the Emerce 100: a survey in the image of e-commerce companies. Overall the company ended on place 11, behind Google
Google
Google Inc. is an American multinational public corporation invested in Internet search, cloud computing, and advertising technologies. Google hosts and develops a number of Internet-based services and products, and generates profit primarily from advertising through its AdWords program...
but before companies as Ebay
EBay
eBay Inc. is an American internet consumer-to-consumer corporation that manages eBay.com, an online auction and shopping website in which people and businesses buy and sell a broad variety of goods and services worldwide...
and the Boston Consultancy Group.
The company has aprox. 130 staff who are all screened by the AIVD
General Intelligence and Security Service
Algemene Inlichtingen- en Veiligheidsdienst , formerly known as the BVD is the General Intelligence and Security Service or The Secret service of the Netherlands. The office is in Zoetermeer...
.
Products and services
The main activity of Fox-IT is advising companies, governments and other organisations on IT security. Main customers are national governments and large organisations.Consultancy services for the implementation of secure e-government systems and performing security-audits are the core-business of Fox-IT. Their audit into CA DigiNotar lead to the Dutch government revoking their trust in that company and certificates issued by Diginotar under the Dutch government root-certificate were no longer valid.
Also permanent security monitoring services and digital forensic investigation services are offered.
They also developed complete IT solutions and products such as Fox Replay and encryption-systems.
Encryption systems
Fix DataDiode is a secure one-way communication system, eg. to secure datatransfer where no real-time authentication is possible. For example when copying data on a physical medium such as a disc or USB key but also other applications are possible. The DataDiode is also used in the lawful data interceptionLawful interception
Lawful interception is obtaining communications network data pursuant to lawful authority for the purpose of analysis or evidence. Such data generally consist of signalling or network management information or, in fewer instances, the content of the communications...
solution from Fox-IT uses the data-diode to prevent any tampering of data from the point where the data is intercepted and the central storage/monitoring systems.
Secure VPN: SINA VPN. Sina VPN solution was developed as the VPN solution to connect to State Secret networks in Germany and is also approved for use in The Netherlands for networks where state secret
State Secret
State Secret is a 1950 British drama film directed by Sidney Gilliat and starring Douglas Fairbanks Jr., Jack Hawkins, Glynis Johns and Herbert Lom. It was released in the United States under the title The Great Manhunt.-Cast:...
s are involved.
RedFox Crypto Chip: Fox-IT was awarded a contract from the Dutch government to design a new hardware based encryption system. The clearance level of systems using this chip is still under consideration.
Fox Random Card: hardware based Radom Number Generator
Random number generation
A random number generator ) is a computational or physical device designed to generate a sequence of numbers or symbols that lack any pattern, i.e. appear random....
: many cryptographic solutions depend on the use of true random numbers and this product offers a PCMCIA card to generate true random numbers.
Fox Replay
Data that is intercepted from lawful interceptionLawful interception
Lawful interception is obtaining communications network data pursuant to lawful authority for the purpose of analysis or evidence. Such data generally consist of signalling or network management information or, in fewer instances, the content of the communications...
needs to be analysed. There are two main types of intercepted data: the data from an individual internet-connection (for example the ADSL access-line of an internet subscriber) or the email-communication of an email-address. In both cases there will be a large amount of unstructured data.
Lawful interception involves several steps: the actual intercepting of data, this is normally done by the internet service provider based on the IP address of the intercepted party of the (cable or DSL) modem of this party. Then all this data has to be securely sent to a central monitoring and storage system of the (government) agency responsible for this task and finally all this data needs to be monitored and analysed.
Fox Replay is a series of products to analyse data that is intercepted and also includes a covert version where the agency can do the interception themselves.
Fox Replay Covert: For the 'standard' interception there is clear legislation where the ISP needs to intercept traffic and send it to the central processing agency, but there are situation where there is no such friendly environment where the actual interception will be performed by the ISP. This can be the case when an agency wants to intercept traffic in another country or in a country where there is no reliable central government. The Fox Replay Covert is an all-in-one solution where both the actual interception, storage and the analysis is done in one system.
Fox Replay Analyst is an application where the intercepted traffic can be followed in real-time or in streaming-mode where you analyse stored data-steams. All IP datastreams can be analysed, both IPv4 and IPv6 and it is possible to scan the actual content of the data, even if that in itself is sent in compressed form such as ZIP files etc. There are several 'search' options to analyse these datastreams. When not using the 'real-time' datastream you can reconstruct the stored data.
Fox Replay Personal Workstation is a laptop-version of the Replay products where the analysis can be done outside the central monitoring and storage centre.
The combination of above Replay Products and the Datadiode product provide a framework for lawful interception.
On the 26th of September 2011, it was announced that the Replay division would be spun off to NetScout Systems, Inc.
External products
Fox-IT also delivers products from other companies. So is the company partner of the German company Secusmart.Dutch government
Fox-IT is a regular partner of the Dutch government on data interception and IT-security. Most Dutch government-departments and security agencies do business with the company. The audit at DigiNotar (see below) was performed on request of the Dutch government.DigiNotar
Although already a relatively well established name in the sector, the company became a much heard name due to the security incident with the false certificates issued by DigiNotarDigiNotar
DigiNotar was a Dutch certificate authority owned by VASCO Data Security International. On September 3, 2011, after it had become clear that a security breach had resulted in the fraudulent issuing of certificates, the Dutch government took over operational management of DigiNotar's systems...
. DigiNotar was one of the 4 Certificate Service Providers that could issue certificates under the PKIoverheid root-certificate (Overheid is the Dutch word for Government
Government
Government refers to the legislators, administrators, and arbitrators in the administrative bureaucracy who control a state at a given time, and to the system of government by which they are organized...
. National and local governments and their agencies can request certificates under this root-CA and use the Public Key Infrastructure
Public key infrastructure
Public Key Infrastructure is a set of hardware, software, people, policies, and procedures needed to create, manage, distribute, use, store, and revoke digital certificates. In cryptography, a PKI is an arrangement that binds public keys with respective user identities by means of a certificate...
to secure their electronic communications. PKIoverheid certificates are used by the Belastingdienst (tax-collector) and the authentication-platform DigiD
DigiD
DigiD is an identity management platform which government agencies of the Netherlands, including the Tax and Customs Administration and Dienst Uitvoering Onderwijs, can use to verify the identity of Dutch citizens on the Internet. As of 2010 it is being used by 8 million citizens. The system is...
. The Dutch government does not issue certificates themselves but have assigned a few companies to issue them in their behalf.
One of these companies was DigiNotar, but after a break-in into their systems false certificates were issued to unknown parties such as a wildcard certificate for *.google.com which were issued to someone in Iran
Iran
Iran , officially the Islamic Republic of Iran , is a country in Southern and Western Asia. The name "Iran" has been in use natively since the Sassanian era and came into use internationally in 1935, before which the country was known to the Western world as Persia...
. Although there were no clear indicarions that DigiNotar issued certificates under the PKIoverheid root the Dutch government asked Fox-IT to do an investigation in DigiNotar and audit their systems and procedures to guarantee that certificates under the PKIoverheid root were still 100% secure.
The outcome of this audit/investigation was that there was no proof that false certificates were issued under the PKIoverheid root, there was also no proof that the DigiNotar issued certificates were safe and the Dutch government decided to end their relationship with DigiNotar and all organisations that used certificates issued by DigiNotar were advised to request a new certificate by one of the remaining three CSP's.
The DigiNotar hack was claimed by ComodoHacker, the hacker responsible for the security breach at Comodo Group. F-Secure has confirmed that ComodoHacker is indeed also responsible for the DigiNotar hack and warns that he targets other CA's as well.
GlobalSign
ComodoHacker has claimed that he has also hacked the environment of CA GlobalSignGlobalSign
GlobalSign is a WebTrust certified certificate authority that provides publicly trusted X.509 compliant SSL, including the new EV SSL Extended Validation Certificate, S/MIME and code signing certificates for use on all popular platforms including Mobile...
; GlobalSign takes this claim so serious that they have stopped the signing or issuing of certificates.
They also hired Fox-IT to audit and investigate their environment because Fox-IT have a lot of knowledge on the matter and this particular hacker.