Hidden Secret: VeriSign Hacked

Friday, February 3, 2012 @ 10:02 AM gHale

The company in charge of delivering people safely to more than half the world’s Web sites, VeriSign Inc., suffered repeated hacks by outsiders who accessed undisclosed information from the Internet infrastructure company.

VeriSign said it repeatedly suffered hacks in 2010. But that information did not come freely. In October 2011, VeriSign released its usual quarterly report. Buried in the 50-page filing to the SEC was the revelation the company suffered multiple breaches the previous year.

Upstate NY Utility Breached
Symantec Breach: Vulnerability Victims
Motivated Hacker Always Gets In
Steel Giant Hacked; Info Leaked

The incidents came to light only today, when news service Reuters found the information during an investigation of whether public companies were disclosing breach incidents in their financial statements. VeriSign’s account of the incidents carried few details, and the company refused additional comment.

In the filing, VeriSign stated, “In 2010, the company faced several successful attacks against its corporate network in which access was gained to information on a small portion of our computers and servers. We have investigated and do not believe these attacks breached the servers that support our DNS (Domain Name System) network.”

VeriSign manages the Domain Name System for the .com and .net top-level domains, as well as the .name, .cc, and .tv domains. In addition, at the time of the attacks, the company sold and managed a large digital signature service, selling SSL and EV (extended validation) signatures used to secure websites and email and to sign code. The company sold the Internet security business unit to Symantec in 2010.

Although the announcement comes after the revelation of breaches in 2011 of other Internet infrastructure firms — such as the now-defunct DigiNotar, Comodo, and security giant RSA — the VeriSign hacks occurred months before those breaches. If VeriSign had disclosed the attacks in 2010, Comodo and other hacked firms might have been able to improve their own security in time to detect the attacks they experienced in 2011, said Melih Abdulhayoglu, Comodo’s chief executive.

“We would have been on a higher alert, it would have changed a lot of things,” Abdulhayoglu noted. “I’m sure that other CAs [certificate authorities] would have taken the hint and done something about it.”

With the breach of DigiNotar and Comodo, attackers gained the ability to issue valid digital signatures, undermining the security used to authenticate code, websites, and email. In the Comodo breach, the attackers issued fewer than a dozen signatures for major domains and officials caught it fairly quickly. In the DigiNotar incident, attackers issued many more signatures and no one caught on for quite a while.

Leave a Reply

You must be logged in to post a comment.