Connect with us

Hi, what are you looking for?


Incident Response

VeriSign Attackers Swiped Data from Servers, Management Left in the Dark

Verisign Hacked

VeriSign has admitted to falling victim to several attacks in 2010 that resulted in information being swiped from their servers.

Verisign Hacked

VeriSign has admitted to falling victim to several attacks in 2010 that resulted in information being swiped from their servers.

The revelations came courtesy of the company’s quarterly U.S. Securities and Exchange Commission (SEC) filing from October 2011. Just what information was accessed and how the attacks took place were not revealed in the document, and VeriSign has not responded to a request for comment. But the admission, which was first reported by Reuters, has some questioning why the company did not disclose the attacks when they occurred.

“It’s not fair to sit on this information and not disclose the details to their customers and the public,” opined Gartner analyst Avivah Litan.

According to the SEC filing, the attacks were “not sufficiently reported to the Company’s management at the time they occurred,” leaving management in the dark about the situation until September 2011. After management was informed, the company has instituted better reporting and disclosure requirements for such incidents, according to the company.

The SEC document states that the attacks against VeriSign’s corporate network enabled attackers to access information “on a small portion” of the company’s computers and servers.

“We have investigated and do not believe these attacks breached the servers that support our Domain Name System (“DNS”) network,” the document continues. “Information stored on the compromised corporate systems was exfiltrated.

The Company’s information security group was aware of the attacks shortly after the time of their occurrence and the group implemented remedial measures designed to mitigate the attacks and to detect and thwart similar additional attacks. However, given the nature of such attacks, we cannot assure that our remedial actions will be sufficient to thwart future attacks or prevent the future loss of information.” The company said it was unaware of the stolen data being used, but added that it could not be sure if it had been.

Advertisement. Scroll to continue reading.

In an interview with Reuters, former VeriSign Chief Technology Officer Ken Silva speculated that given both the time elapsed since the attacks and the vague language in the SEC filing, the company “probably can’t draw an accurate assessment” of the damage.

Even if its DNS network was unaffected, VeriSign has a number of other services that might be attractive targets for attackers – including its iDefense Security Intelligence Services and offerings for fighting distributed denial-of-service attacks. As for the SSL (secure sockets layer) business purchased from VeriSign by Symantec in 2010, officials at Symantec say their products are unaffected.

“Symantec takes the security and proper functionality of its solutions very seriously,” spokesperson Nicole Kenyon told SecurityWeek. “The Trust Services (SSL), User Authentication (VIP) and other production systems acquired by Symantec were not compromised by the corporate network security breach mentioned in the VeriSign, Inc. quarterly filing.”

Litan speculated that the attacks may have been part of the larger cyber-assault attributed to the people behind the attack on EMC’s RSA security division disclosed last March. Though RSA was the only company to talk about the attack publicly, some 760 other companies are suspected to have been hit – with the first victims communicating with the attacker’s control networks in November 2010.

“This was probably part of that crime wave against security companies,” Litan said. “We don’t necessarily know if all the hacks were perpetrated by the same bad actors, but it would appear to be the case.”

“If we learned one thing from 2011, it is that we must understand that all organizations (government and private sector) are at risk for compromise by determined adversaries,” said Anup Ghosh, chief scientist at Invincea. “The adversarial picture relevant to most government and private organizations now includes three primary groups – nation states, organized cyber-crime and hacktivists. This problem is everyone’s and no one is immune…Unfortunately, you can’t recover the crown jewels after they have been stolen as RSA discovered, nor can you undo the brand damage from cyber forensics.”

“What’s scary of this revelation is that not only was VeriSign repeatedly breached, but that the whole process broke down,” said Mandeep Khera, CMO at LogLogic. “Senior management wasn’t notified for a long time and the breach wasn’t disclosed publicly. What’s also interesting is that breach notification regulations are bypassed in these cases, because senior management weren’t in the loop.”

Written By

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

SecurityWeek’s Threat Detection and Incident Response Summit brings together security practitioners from around the world to share war stories on breaches, APT attacks and threat intelligence.


Securityweek’s CISO Forum will address issues and challenges that are top of mind for today’s security leaders and what the future looks like as chief defenders of the enterprise.


Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.


A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...

Risk Management

The supply chain threat is directly linked to attack surface management, but the supply chain must be known and understood before it can be...

Data Breaches

LastPass DevOp engineer's home computer hacked and implanted with keylogging malware as part of a sustained cyberattack that exfiltrated corporate data from the cloud...

Artificial Intelligence

ChatGPT is increasingly integrated into cybersecurity products and services as the industry is testing its capabilities and limitations.

Identity & Access

Hackers rarely hack in anymore. They log in using stolen, weak, default, or otherwise compromised credentials. That’s why it’s so critical to break the...

Network Security

Attack surface management is nothing short of a complete methodology for providing effective cybersecurity. It doesn’t seek to protect everything, but concentrates on areas...

Application Security

GitHub this week announced the revocation of three certificates used for the GitHub Desktop and Atom applications.