VeriSign Admits it Was Hacked in SEC Filing
Posted on February 2, 2012
Reuters is reporting that VeriSign revealed it was hacked in an SEC filing. VeriSign does many extremely important things involving the Internet. They are in charge of some of the Internet's DNS infrastructure. They are the authoritative registry for .com and .net. They are also a leading provider of SSL certificates.
PC World reports that the hack took place in 2010, but was not disclosed by VeriSign IT staff to its upper management until last year. Then the hack still wasn't shared with the world until last October, when it revealed it was hacked several times.
Reuters says VeriSign believes the servers supporting its Domain Name System network was not breached. VeriSign's SSL products were acquired by Symantec in 2010. PC World says a Symantec spokesperson says the Trust Services (SSL), User Authentication (VIP) were not compromised by the hack mentioned in the VeriSign quarterly filing, so hopefully Verisign SSL certificates can all be trusted.
If the SSL technology was breached it could potentially allow criminals to create a fake SSL certificate for a major bank (or any other company) that browsers would automatically accept. Dmitri Alperovich, president of Asymmetric Cyber Operations, told Reuters, "you could create a Bank of America certificate or Google certificate that is trusted by every browser in the world."