Categories: Channel NewsIT Trends

Report Reveals Hackers Attacked Verisign Repeatedly In 2010

Ex Homeland Security chief Stewart Baker says any company on the Internet could now be imitated

Confidence in the security industry has been rocked by reports of multiple breaches in the world’s flagship infrastructure protector.

VeriSign, the company charged with safeguarding more than half the world’s web sites, has admitted it was hacked repeatedly in 2010. The infrastructure services giant attempted to bury its guilty secret in its quarterly Securities and Exchange Commission (SEC) filing in October, but the revelation has found a wider audience after a Reuters report yesterday.

The damaging news has rocked confidence across the world as the integrity of Web addresses ending in .com, .net and .gov is under question.

VeriSign Didn’t Give It to Us Straight – Gov

VeriSign executives deny the attacks breached the servers supporting its Domain Name System (DNS) network, but could rule out that breaches might affect any of the 50 billion queries it processes daily.

Now there are fears in the security channel that hackers will use stolen data to direct victims to faked sites and intercept email.  “That could allow people to imitate almost any company on the Net,” said Stewart Baker, former assistant secretary of the Department of Homeland Security.

The VeriSign attacks were only recently discovered in a review by Reuters of more than 2,000 documents mentioning breach risks since the SEC guidance was published.

It’s Very Serious Indeed Says Ex Verisign CTO

Ken Silva, who was VeriSign’s chief technology officer for three years until November 2010, said the vague language in the SEC filing indicated that VeriSign “probably can’t draw an accurate assessment” of the damage.

If Verisign’s SSL processes were corrupted, the implications wold be very serious indeed, said security consultant Dmitri Alperovich, president of Asymmetric Cyber Operations. “You could create a Bank of America certificate or Google certificate that is trusted by every browser in the world,” he said.

Symantec, which now owns Verisign’s certification business, played down these fears. “There is no indication that the breach was related to the acquired SSL product production systems,” said spokeswoman Nicole Kenyon.

Nick Booth

Recent Posts

Flashpoint enters new chapter with global partner programme

Security vendor Flashpoint debuts partner programme following $28m funding

7 years ago

Channel partner “disconnect” hindering growth

Complex buying journeys and sprawling partner networks hampering customer experience, says Accenture

7 years ago

Cyxtera launches global channel partner programme

Datacentre provider Cyxtera says launch is “milestone in our go-to-market strategy”

7 years ago

US IT provider brings mainframe services to UK

Ensono highlights importance of mainframes still to major industries

7 years ago

VASCO and Nuvias expand distribution across EMEA

Security vendor VASCO looks to replicate UK and German set up across EMEA

7 years ago

Splunk says channel investments driving growth

Splunk details investment in Partner+ programme at .conf2017

7 years ago