cryptogon.com

news – analysis – conspiracies

• Home
• About
• Archives
• Contact
• Support Cryptogon
• Story Suggestions

2010 Attack on VeriSign Just Recently Disclosed

February 2nd, 2012

Via: Reuters:

VeriSign Inc, the company in charge of delivering people safely to more than half the world’s websites, has been hacked repeatedly by outsiders who stole undisclosed information from the leading Internet infrastructure company.

The previously unreported breaches occurred in 2010 at the Reston, Virginia-based company, which is ultimately responsible for the integrity of Web addresses ending in .com, .net and .gov.

VeriSign said its executives “do not believe these attacks breached the servers that support our Domain Name System network,” which ensures people land at the right numeric Internet Protocol address when they type in a name such as Google.com, but it did not rule anything out.

VeriSign’s domain-name system processes as many as 50 billion queries daily. Pilfered information from it could let hackers direct people to faked sites and intercept email from federal employees or corporate executives, though classified government data moves through more secure channels.

“Oh my God,” said Stewart Baker, former assistant secretary of the Department of Homeland Security and before that the top lawyer at the National Security Agency. “That could allow people to imitate almost any company on the Net.”

The VeriSign attacks were revealed in a quarterly U.S. Securities and Exchange Commission filing in October that followed new guidelines on reporting security breaches to investors. It was the most striking disclosure to emerge in a review by Reuters of more than 2,000 documents mentioning breach risks since the SEC guidance was published.

Even if the name system is safe, VeriSign offers a number of other services where security is paramount. The company defends customers’ websites from attacks and manages their traffic, and it researches international cybercrime groups.

VeriSign would possess sensitive information on customers, and its registry services that dispense website addresses would also be a natural target.

Ken Silva, who was VeriSign’s chief technology officer for three years until November 2010, said he had not learned of the intrusion until contacted by Reuters. Given the time elapsed since the attack and the vague language in the SEC filing, he said VeriSign “probably can’t draw an accurate assessment” of the damage.

One Response to “2010 Attack on VeriSign Just Recently Disclosed”

1. alvinroast says:

   February 3, 2012 at 5:31 am

   I’m pretty sure I’ve visited some faked sites (visiting from another computer would show a slightly different site, etc.). I wasn’t sure how it was being done, but now I think I get it.

   @Kevin – Thanks for highlighting some key info. That often helps for those of us prone to skimming.

Sign in | Register

The New Zealand Copyright Act 1994 specifies certain circumstances where all or a substantial part of a copyright work may be used without the copyright owner's permission. A "fair dealing" with copyright material does not infringe copyright if it is for the following purposes: research or private study; criticism or review; or reporting current events. If you are a legal copyright holder, or a designated agent for such, and you believe a post on this website falls outside the boundaries of "fair dealing," and legitimately infringes on your or your client's copyright, please contact Kevin Flaherty. Cryptogon contains both original material and material from external sources. Original material: Copyright Kevin Flaherty. Material from external sources: Copyright the respective owners / authors.

Design by Andreas Viklund | Ported by Matteo Turchetto