Website Security Insurer Verisign Itself Was Hacked Multiple Times In 2010

Must Read

Apple iPhone 12: Not For India And You Must Not Fall Prey To Apple’s Marketing Machine

The cat is out from the bag, finally! Apple iPhone 12 has launched in the most sophisticated...

Musk Slashes Tesla Car Price Twice in One Week, Served With A Side of His Wacko Humour

Time is witness that Elon Musk and eccentricities come along as a combo package.

Micromax is Back, Sets Eyes On Xiaomi’s Crown

A fallen pioneer, banished from its own motherland by collective foreign forces, has finally roused itself up!

VeriSign- the company behind the root DNS servers that provide the foundation for the Web and formerly the largest encryption certificate authority, which is ultimately responsible for the integrity of Web addresses ending in .com, .net and .gov – has revealed that it was repeatedly hacked in 2010. Details are spare thus far, but the revelation calls into question the security of the internet itself.

The company’s domain-name system processes as many as 50 billion queries daily. Stealing information from it could let hackers direct people to fake sites and intercept emails from federal employees or corporate executives, though classified government data moves through more secure channels.

Stewart Baker, former assistant secretary of the Department of Homeland Security said: ”Oh my god, that could allow people to imitate almost any company on the Net.”

The VeriSign attacks were revealed in a quarterly U.S. Securities and Exchange Commission filling in October that followed new guidelines on reporting security breaches to investors. It was the most striking disclosure to emerge in a review of more than 2,000 documents mentioning breach risks since the SEC guidance was published. The breach occurred sometime last year but has only been made publicly on reporting security breaches to investors.

Advertisements

IT staffs at VeriSign allegedly discovered the compromise in 2010, but hidden the incident from upper management until sometime in 2011. VeriSign itself may not be at fault for the initial delay in the disclosure, but it appears that a significant amount of time has passed since VeriSign executives learned of the breach, and yet the company still tried to sneak the information covertly in an SEC filing.

Until August 2010, VeriSign was one of the largest providers of Secure Sockets Layer (SSL) certificates – use to encrypt data to travel from website to server in secured mode, that begins with “https” – which was getting used by many internet properties including most financial sites and some email and other communications portals. The certificate authority business of VeriSign was acquired by Symantec in 2010; so depending on the timing of the attacks it seems feasible that the certificate encryption keys could have been exposed.

Symantec declined to comment directly on news of the VeriSign breach, but a spokesperson did assert, “The Trust Services (SSL), User Authentication and other production systems acquired by Symantec were not compromised by the corporate network security breach mentioned in the VeriSign, Inc. quarterly filing.”

VeriSign which is now owned by Symantec Inc, posted a message on its site that states the company is changing its name again in April 2012.

“In April 2012, all VeriSign seals will automatically update to the Norton Secured Seal, combining the power of the VeriSign checkmate with the value of the Norton name. The combination of these leading companies will help assure your customers that your website is safe from search to browse to buy and sign-in.”

VeriSign declined multiple interview requests, and senior employees said privately that they had not been given any more details than were in the filing. One said it was impossible to tell if the breach was the result of a concerted effort by a national power, though that was a possibility.

No network is impervious, and a company as high-profile as VeriSign is a prime target. The key is that organizations need to do more to foster an environment where honesty and disclosure are valued. If the fear of negative consequences is greater than the incentive for quick disclosure and response, you end up with a situation where IT staff would rather hide evidence of a breach.

Advertisements

LEAVE A REPLY

Please enter your comment!
Please enter your name here

Latest News

Tesla First Cancels Return Policy And Now Cuts Warranty Period

Just last week Elon Musk surprised everyone by cutting the price of Tesla Model S twice in...

Personalization Is The Secret Sauce Behind A Successful E-Commerce Business

E-commerce personalization offers an exclusive experience to consumers by showing them product recommendations, content catered to their interests, and offers based on...

Reliance Jio Set To Blitz The 5G Smartphone Market With Jaw-Dropping Price

Cometh the revolution, cometh Reliance. This time the price of 5G smartphones under the radar of Reliance. The trailblazer’s...

Micromax is Back, Sets Eyes On Xiaomi’s Crown

A fallen pioneer, banished from its own motherland by collective foreign forces, has finally roused itself up! Micromax has...

The Future of The Workplace And Retraining in 2020 And Beyond

The pandemic has upturned businesses, lives, and even the outlook of our future. It has caused millions to lose their jobs, and...

Musk Slashes Tesla Car Price Twice in One Week, Served With A Side of His Wacko Humour

Time is witness that Elon Musk and eccentricities come along as a combo package. Wednesday’s announcement was no different....

In-Depth: Dprime

Will ‘TikTok By Microsoft’ Be A Winner?

For the last two years, TikTok has been in the public eye for all sorts of reasons. First, it was the exploded...

Facebook Subscription Model: Looking Beyond Ad Dollars?

Seldom do job listings create a stir this gripping. However, when the job listing in question is a stealth post from Twitter,...

Will The Online Food Delivery Market in India End Up Becoming A Two-Horse Race?

It's pretty much evident that the food delivery space in India is all set to get riled up soon enough as one...

More Articles Like This