From Wikipedia, the free encyclopedia
Jump to: navigation, search
Although both active in IT security Fox-IT isn't related to the Chinese software company Foxit Corp.
Industry Computer security
information security
security testing
digital forensics
Founded 1999
Founder Ronald Prins
Menno van der Marel
Headquarters Delft, Netherlands

Fox-IT is a Dutch consultancy company based in Delft. Fox-IT is active in the information technology security sector. Fox-IT is engaged in consulting, IT products and training. Their main customers are governments, financial institutions and companies in the field of critical infrastructure . Their mission-statement is: "Making technical and innovative contributions for a more secure society."[1]


Two Dutchmen with a background in forensic investigations and hacking the infrastructure of the Netherlands Forensic Institute, Ronald Prins and Menno van der Marel, formed the company in 1999. It was one of the first digital investigation agencies in western Europe.[2]

In 2003 Fox-IT took over some of the activities of Philips Crypto when the electronics-firm saw the revenues of Philips Crypto going down.[3]

Later, in 2005, Fox-IT opened their first international offices in Great Britain and on Aruba (formerly part of the Netherlands Antilles). Other markets, such as the Middle East and the United States are served through local partners.

In December 2007 the company came out as most reliable security company in a survey from Emerce, which was performed by TNS Nipo. The survey was part of the Emerce 100: a survey of the image of e-commerce companies. Overall the company ended on place 11, behind Google but before companies as eBay and the Boston Consultancy Group.[4][5]

Within the first few years of operations, Fox-IT was asked by a large telecommunications operator to deliver a service based on network monitoring. This led to the first Cyber Security Operations Center in the Netherlands and one of an initial handful in Europe. From these beginnings, Fox-IT has developed into Europe’s largest specialized cyber security company.

The company has approximately 200 staff who are all screened by the AIVD.[1]

Products and services[edit]

The main activity of Fox-IT is advising companies, governments and other organisations on IT security. Its main customers are national authorities and large organisations.

Fox-IT operates in three business areas:

1. Cyber Threat Management
This is a solution portfolio aimed at reducing the risks of cyber threats, and includes: professional services, managed security services and technology

2. Web/Mobile event analytics
This is a solution portfolio that is aimed at reducing financial risks in (online) payment transactions

3. High Assurance
These are solutions that make trusted communication possible at the highest classification levels

Fox-IT has been involved in many high-profile Incident Response cases. Most of the high profile cases worked on are secret, but DigiNotar and KPN are public examples. Their audit into the Certificate Authority DigiNotar lead to the Dutch government revoking their trust in that company and declaring that certificates issued by DigiNotar under the Dutch government root-certificate were no longer valid.[6] Also permanent security monitoring services and digital forensic investigation services are offered and they also develop complete IT solutions and products.

Encryption systems[edit]

Fox DataDiode is a secure one-way communication system, e.g. to secure data transfer where no real-time authentication is possible (for example when copying data on a physical medium such as a disc or USB key) but also other applications are possible. The DataDiode is also used in the lawful data interception solution from Fox-IT that prevents any tampering of data from the point where the data is intercepted and the central storage/monitoring systems.

Secure VPN: SINA VPN. Sina VPN solution was developed as the VPN solution to connect to State Secret networks in Germany and is also approved for use in the Netherlands for networks where state secrets are involved.[7]

RedFox Crypto Chip: Fox-IT was awarded a contract from the Dutch government to design a new hardware based encryption system. The clearance level of systems using this chip is still under consideration.[8]

External products[edit]

Fox-IT also delivers products from other companies. It is the company partner of the German company Secusmart.[9]

Clients and cases[edit]

Dutch government[edit]

Fox-IT is a regular partner of the Dutch government on data interception and IT-security. Most Dutch government-departments and security agencies do business with the company.[10] The audit at DigiNotar (see below) was performed on request of the Dutch government.


Main article: DigiNotar

Although already a relatively well established name in the sector, the company became well known due to the security incident involving fake certificates issued by DigiNotar. DigiNotar was one of the 4 Certificate Service Providers that could issue certificates under the PKIoverheid root-certificate (Overheid is the Dutch word for Government). National and local authorities and their agencies can request certificates under this root-CA and use the Public Key Infrastructure to secure their electronic communications. PKIoverheid certificates are used by the Belastingdienst (tax-office) and the authentication-platform DigiD. The Dutch government itself does not issue certificates but has authorised a few companies to issue them on their behalf.

One of these companies was DigiNotar, but after a break-in into their systems fake certificates were issued to unknown parties such as a wildcard certificate for * which was issued to someone in Iran. Although there were no clear indications that DigiNotar issued fake certificates under the PKIoverheid root, the Dutch government asked Fox-IT to do an investigation into DigiNotar and audit their systems and procedures to guarantee that certificates under the PKIoverheid root were still 100% secure.[11][12] The outcome of this audit/investigation was that there was no proof that fake certificates were issued under the PKIoverheid root but there was also no proof that the DigiNotar issued certificates were safe and the Dutch government decided to end their relationship with DigiNotar and all organisations that used certificates issued by DigiNotar were advised to request a new certificate from one of the remaining three CSP's.[6]

The DigiNotar hack was claimed by ComodoHacker, the hacker responsible for the security breach at Comodo Group. F-Secure has confirmed that ComodoHacker is indeed also responsible for the DigiNotar hack and warns that he targets other CA's as well.[13]


ComodoHacker has claimed that he has also hacked the environment of CA GlobalSign;[14][non-primary source needed] GlobalSign took this claim seriously and temporarily stopped the signing or issuance of certificates to investigate.

They also hired Fox-IT to audit and investigate their environment due to their knowledge and experience of this particular hacker.[15][16]

Yahoo malware attack[edit]

On January 5, 2014 Fox IT reported that some visitors to Yahoo! sites were infected with malware. The cause was reported to be ads that redirect to sites with malicious exploits. Maarten van Dantzig said that the redirection took place even when the ad was not clicked. It was estimated that 50,000 infections per hour happened as a result.

Yahoo said in a statement that European users were affected. Surfright, another Dutch security firm estimated more than 5 million computers were infected. The damage was more than $9.5 million. Who the person was is unknown. [17][18]


  1. ^ a b (secure)Website Fox-IT: About Fox-IT, visited 24 may 2014.
  2. ^ Fox-IT history, visited 24 May 2014.
  3. ^ Website Crypto Museum on Philips Crypto, visited 5 September 2011.
  4. ^ Emerce Top10 Security 2008, 17 December 2007, visited 6 September 2011.
  5. ^ Emerce 100 - 2008, 17 December 2007, visited 6 September 2011.
  6. ^ a b Newsrelease Dutch Government: Government revokes trust DigiNotar certificates, 3 September 2011. Visited 5 September 2011.
  7. ^ Product description Sina VPN, visited 6 September 2011.
  8. ^ Redfox Cryptochip, PDF document, retrieved 5 September 2011.
  9. ^ Website Secusmart over Partner Fox-IT, visited 5 September 2011.
  10. ^ Nieuwsarchief juni 2009, retrieved 5 September 2011.
  11. ^ ZDNet UK: False SSL certificates issued for spy-agencies, 5 September 2011.
  12. ^ DigiNotar website Interim audit report Fox-IT, 5 September 2011. Visited 6 September 2011.
  13. ^ F-Secure website Diginotar hacker comes out, 6 September 2011.
  14. ^ PasteBin statement of ComodoHacker, 5 September 2011
  15. ^ GlobalSign statement: Security Response, 6 September 2011.
  16. ^ website GlobalSign stops issuing SSL certificates and hires Fox-IT, 7 September 2011.
  17. ^
  18. ^

External links[edit]