VeriSign Servers Hacked, Very Few Details Reviewed In SEC Filing

VeriSign Inc. is responsible for the integrity of web addresses ending in .com, .net and .gov, directing traffic for half the world’s internet users and on Thursday it revealed that company systems were hacked towards the end of 2011 with hackers gaining access to several servers inside the company’s network.

In responding to the attack VeriSign executives said they “do not believe these attacks breached the servers that support our Domain Name System network.”

It’s that DNS network that ensures users land at the right numeric Internet Protocol when typing in a url such as Facebook.com.

Taking down VeriSign would deal a critical blow to internet companies, the organization currently serves more than 50 billion queries daily and gaining access to its DNS server could allow hackers to redirect users to any website they choose. For example typing Google.com could take users to a scam survey. Access could also allow hackers to steal government and corporate emails and potentially steal government data through secure channels.

In hearing the new Stewart Baker, former assistant secretary of the Department of Homeland Security exclaimed to Reuters:

“Oh my God. That could allow people to imitate almost any company on the Net.”

News of the successful hack arrived in the company’s quarterly filing with the U.S. Securities and Exchange Commission in October in which the agency promised to deliver better reporting of security breaches to investors.

While the DNS side of the company’s business appeared to remain untouched VeriSign is also known for protecting customer sites and managing their traffic. It’s hard to take a “Protected by VeriSign” logo seriously when they can’t protect their own servers.

Along with DNS and customer protection the company also houses the information for thousands of small, medium and large scale customers.

At this time VeriSign executives are denying interview requests and employees have been given almost no information pertaining to the data breach.

Luckily in August 2010 VeriSign sold it’s Secure Sockets Layer certificates business to Symantec. If hackers had figured out how to crack that system they could gain access to https accounts, for example they could break a banks certificates and gain access to bank accounts around the world. The VeriSign brand name is still connected to those certificates but they are no longer managed by the company.

Symantec spokeswoman Nicole Kenyon revealed:

“There is no indication that the 2010 corporate network security breach mentioned by VeriSign Inc was related to the acquired SSL product production systems.”

In the meantime VeriSign admitted in their filing that they are often the subject of “the most sophisticated form of attacks” that are “virtually impossible to anticipate and defend against.”

Do you think VeriSign is doing a good job of protecting website and user data the best they can in a market full of new and sophisticated attacks?