Attackers successfully penetrated the network defenses of network infrastructure vendor VeriSign Inc. several times in 2010, potentially obtaining data from a “small portion” of the company’s computers and servers.
We have investigated and do not believe these attacks breached the servers that support our Domain Name System (DNS) network
The company disclosed the data security breach in an October 2011 Securities and Exchange Commission filing and said it believes the scope of the breach was limited.
“In 2010, the company faced several successful attacks against its corporate network in which access was gained to information on a small portion of our computers and servers. Information stored on the compromised corporate systems was exfiltrated,” VeriSign said in the SEC filing. “We have investigated and do not believe these attacks breached the servers that support our Domain Name System (DNS) network.”
If attackers gained access to servers supporting the DNS network, they could, for starters, potentially redirect Internet traffic to malicious domains or intercept email messages.
A VeriSign spokesperson did not respond to a request for additional information about the breach. The VeriSign security breach disclosure was reported today by Reuters. Public companies are required under SEC rules to disclose to shareholders how the stock could be negatively affected. VeriSign explained the 2010 breach of its systems as part of that disclosure process. It followed new guidelines issued by the SEC clarifying breach disclosure.
VeriSign said it is unaware of any stolen data being used in subsequent attacks. Attackers have been targeting certificate authorities (CAs) to attempt to create fraudulent digital certificates. At the time of the breach, VeriSign still had its SSL and authentication business. VeriSign sold its authentication unit to Symantec Corp. in August 2010. A Symantec spokesperson told Reuters that there is no indication that the breach was related to the acquisition.
The company said it deployed additional security controls to thwart additional attacks. VeriSign said the attacks were not reported to the company’s management until September 2011. Ken Silva, who was VeriSign's chief technology officer for three years until November 2010, told Reuters that he did not know about the intrusion. The company has implemented new reporting procedures to escalate breach disclosure through the organization.
While the significance of the VeriSign intrusion remains unclear, it’s a reflection of what is going on in the entire industry, said Anup K. Ghosh, a noted security expert and founder and chief scientist at secure browser maker Invincea. The security industry, Ghosh said, is failing at architecting systems and technologies that can prevent breaches.
“They clearly have intellectual property and certificates that would be of interest to nation state types and other cybercriminals,” Ghosh said of VeriSign. “There are nation state adversaries like China and Eastern Europe going after corporate data, hacktivists and cybercriminals attacking to make money; corporations are under threat from all three of these actors and our security systems are currently failing.”
VeriSign issues statement; non-production systems breached
VeriSign Inc. is reaffirming its stance that its Domain Name System (DNS) was not compromised as a result of a 2010 breach of its systems.In a statement issued Thursday, VeriSign said that attackers penetrated parts of its non-production corporate network. The company said it conducted a thorough analysis of the attacks and echoed its October Securities and Exchange Commission filing that the operational integrity of the DNS remains intact.
The company said it has multiple security mechanisms in place to ensure the integrity of the zone files it publishes. Many of those security controls, including real-time monitoring and validation, were put in place in 2005, well before its 2010 breach, the company said.
“VeriSign engineered real-time validation systems that were designed to detect and mitigate both internal and external attacks that might attempt to compromise the integrity of the DNS,” a company spokesperson said in a statement.
VeriSign maintains two of about a dozen root name servers, which ensure that domain names are properly resolved.