As a company responsible for a wide range of network infrastructure and security systems, VeriSign is a hot target for potential hackers who might do some severe reputation damage and pursue a veritable gold mine of private info ranging from site certificates to DNS systems. In 2010, however, an attack did occur, and it was kept under wraps for nearly 2 years before the public was made aware. This article will take a closer look at what happened in this data breach and how it impacted VeriSign.
Because the breach was kept out of the public eye until February 2012, the specific details about the loss of data are not fully known. What is known is that VeriSign was victim to repeated data breaches throughout 2010, though administrators did not alert higher management until September 2011. Even still, it is evident that administrators were aware of the breaches and responded shortly after they took place. VeriSign did report that that they believed the attacks did not penetrate servers supporting their Domain Name System (DNS) Network.
VeriSign was under big scrutiny following the release of breach information, because they did not disclose the hack sooner and attempted to hide the details in a 2011 SEC filing. One of the biggest controversies that arose from the late reveal of the breach was a lack of clarity in regards to the Certificate Signing business that VeriSign sold to Symantec in late 2010. Because there was no certainty of whether or not SSL systems were impacted by the breach, significant distrust was of existing certificates associated with VeriSign, and subsequently, Symantec. The VeriSign breach was actually one of multiple hacks involving a certificate authority in 2010-2011, as DigiNotar was hacked in July of 2011. This resulted in the development of the super worm, Stuxnet, which utilized stolen certificates.