VeriSign Was Hacked Multiple Times in 2010

The Internet security company VeriSign (News - Alert) announced that it was hacked repeatedly in 2010.

The company disclosed the security breaches in a filing with the Securities and Exchange Commission.

“The disclosure did not happen as a result of VeriSign discovering the breach and taking responsible, proactive action to alert customers and address the situation. No, VeriSign buried the information in a quarterly Securities and Exchange Commission (SEC (News - Alert)) filing as if it was just another mundane tidbit,” PC Magazine said of the company’s revealing of the hacking which occurred nearly two years ago.

VeriSign released astatement concerning the multiple hacks. The company said that the breaches occurred in non-production servers that were not part of their core business of securing domain names and DNS servers.

VeriSign is best known for its DNS authentication, which makes sure a that when Internet users sign a .com, .net or .org address, that the Web site it points to actually belongs to the person or organization who owns it.

Even if the DNS information was not breached, other sensitive information could have been, the article in Reuters that broke the news reports.

The repeated and persistent attacks may be evidence that the hacks are not the work of groups like Anonymous, but instead evidence that VeriSign is possibly being targeted for its data by a nation-state.

Ken Silva, who was Verisign’s former chief technology officer, said he didn’t know about the attacks until they were reported in the media.

“All DNS zone files were and are protected by a series of integrity checks including real-time monitoring and validation. Verisign places the highest priority on security and the reliable operation of the DNS,” Verisign’s press release said.

In addition to DNS security, Verisign also provides Secure Sockets Layer (SSL) ceritificates, which Web browsers users to authenticate secure Web sites using the HTTPS protocol.

If that data was breached, any person stealing the certificates would be able to impersonate institutions dealing with sensitive data, including banks.

"You could create a Bank of America certificate or Google (News - Alert) certificate that is trusted by every browser in the world,” security expert Dmitri Alperovich, president of Asymmetric Cyber Operations said in the Reuters article.

VeriSign sold its authentication services to Symantec (News - Alert) in 2010, though Symantec chose to keep operating them under the VeriSign name.

Want to learn more about the latest in communications and technology? Then be sure to attend ITEXPO East 2012, happening NOW in Miami, FL. ITEXPO (News - Alert) offers an educational program to help corporate decision makers select the right IP-based voice, video, fax and unified communications solutions to improve their operations. It's also where service providers learn how to profitably roll out the services their subscribers are clamoring for – and where resellers can learn about new growth opportunities. For more information on registering for ITEXPO registration click here.

Stay in touch with everything happening at ITEXPO. Follow us on Twitter.