Website Security Insurer Verisign Itself Was Hacked Multiple Times In 2010

Must Read

Looking For A Job At Amazon? Jeff Bezos Is Willing To Hire Everyone If……

The global pandemic Covid-19 has thrown the whole world into complete chaos. Amid this perilous situation, one...

Facebook To Invest In Reliance Jio To Redefine The Market Equations in India?

Since the launch of Reliance Jio in the year 2016, Reliance Industries, owned by Mukesh Ambani, the...

Pay Hike In India Indian IT Firms: It’s All About Cutting Bonuses And Freezing Hikes This Year

The pay hike in Indian IT firms is most likely to disappoint employees very much this year.

VeriSign- the company behind the root DNS servers that provide the foundation for the Web and formerly the largest encryption certificate authority, which is ultimately responsible for the integrity of Web addresses ending in .com, .net and .gov – has revealed that it was repeatedly hacked in 2010. Details are spare thus far, but the revelation calls into question the security of the internet itself.

The company’s domain-name system processes as many as 50 billion queries daily. Stealing information from it could let hackers direct people to fake sites and intercept emails from federal employees or corporate executives, though classified government data moves through more secure channels.

Stewart Baker, former assistant secretary of the Department of Homeland Security said: ”Oh my god, that could allow people to imitate almost any company on the Net.”

Advertisements

The VeriSign attacks were revealed in a quarterly U.S. Securities and Exchange Commission filling in October that followed new guidelines on reporting security breaches to investors. It was the most striking disclosure to emerge in a review of more than 2,000 documents mentioning breach risks since the SEC guidance was published. The breach occurred sometime last year but has only been made publicly on reporting security breaches to investors.

IT staffs at VeriSign allegedly discovered the compromise in 2010, but hidden the incident from upper management until sometime in 2011. VeriSign itself may not be at fault for the initial delay in the disclosure, but it appears that a significant amount of time has passed since VeriSign executives learned of the breach, and yet the company still tried to sneak the information covertly in an SEC filing.

Until August 2010, VeriSign was one of the largest providers of Secure Sockets Layer (SSL) certificates – use to encrypt data to travel from website to server in secured mode, that begins with “https” – which was getting used by many internet properties including most financial sites and some email and other communications portals. The certificate authority business of VeriSign was acquired by Symantec in 2010; so depending on the timing of the attacks it seems feasible that the certificate encryption keys could have been exposed.

Symantec declined to comment directly on news of the VeriSign breach, but a spokesperson did assert, “The Trust Services (SSL), User Authentication and other production systems acquired by Symantec were not compromised by the corporate network security breach mentioned in the VeriSign, Inc. quarterly filing.”

VeriSign which is now owned by Symantec Inc, posted a message on its site that states the company is changing its name again in April 2012.

Advertisements

“In April 2012, all VeriSign seals will automatically update to the Norton Secured Seal, combining the power of the VeriSign checkmate with the value of the Norton name. The combination of these leading companies will help assure your customers that your website is safe from search to browse to buy and sign-in.”

VeriSign declined multiple interview requests, and senior employees said privately that they had not been given any more details than were in the filing. One said it was impossible to tell if the breach was the result of a concerted effort by a national power, though that was a possibility.

No network is impervious, and a company as high-profile as VeriSign is a prime target. The key is that organizations need to do more to foster an environment where honesty and disclosure are valued. If the fear of negative consequences is greater than the incentive for quick disclosure and response, you end up with a situation where IT staff would rather hide evidence of a breach.

LEAVE A REPLY

Please enter your comment!
Please enter your name here

Latest News

The Coronavirus Outbreak Will Change the Business Landscape Permanently!

Make no mistake, the events of the next few days, weeks, and months will have a lasting...

Facebook To Revamp Their Live Streaming Feature By Adding More Functionality. Know Why!

With the Covid-19 outbreak forcing people to stay indoors worldwide, many people have taken to social media platforms to showcase their lives...

Facebook Users Who Dumped It Earlier Are Returning Back To The Platform!

Facebook Inc. (NASDAQ:FB) is gaining ground and it's no less than a surprise to know who is leading the growth this time!

Zoom iOS App Caught Sharing User Data With Facebook! Are You Using It?

With the growing number of people worldwide now trying to adapt to the ‘work-from-home’ situation amid the Covid-19 outbreak, Zoom which is...

A New WhatsApp Scam Is So Lucrative That You May Find Difficult To Resist

As the usage of social media and mobile messaging apps has surged tremendously worldwide due to the social distancing and lockdowns to...

Switch Off Your Amazon Alexa If You Are Working From Home!

Weeks after the widespread of the coronavirus, countries continue to go into lockdown mode for more weeks to come. People are advised...

In-Depth: Dprime

YouTube Should Have Bid Adieu To Dislike Button Much Earlier?

Online video sharing platform YouTube can be a ruthless place for content creators targeted by 'dislike mobs'. And the site owners totally understand that...

Facebook Has Pulled Off A Masterstroke By Integrating Its ‘Family Of Apps’?

It’s indeed hard to believe that ONE man sitting at Menlo Park, oversees how nearly a third of the world’s population interacts with each...

Facebook’s Crunch Conquest: By Relying Largely On The US Market, Is Facebook Running a Risk?

Two billion! That's Facebook, Inc. (NASDAQ: FB) for you - Right when you thought that this social-media giant has already connected the entire world, it's...

More Articles Like This