Attackers repeatedly hacked VeriSign's network and stole information in 2010, the company revealed in a quarterly regulatory filing.
The internet infrastructure provider did not disclose what information was stolen or other details of the attacks in its 10-Q report filed in October with the US Securities and Exchange Commission that was reported by Reuters on Thursday.
"In 2010, the company faced several successful attacks against its corporate network in which access was gained to information on a small portion of our computers and servers," the company wrote. "Information stored on the compromised corporate systems was exfiltrated."
The company said it did not believe attackers had breached the servers that run the domain name system (DNS) network, a key piece of infrastructure that directs people to the correct site when they type in a web address. A compromise of the DNS system could allow attackers to redirect web surfers to malicious sites or to intercept government or important email communications.
The disclosure was in the "Risk factors" section of the filing, under a heading titled: "We experienced security breaches in the corporate network in 2010, which were not sufficiently reported to management."
VeriSign's information security group was aware of the attacks shortly after they occurred, sometime in 2010, the filing said. Meanwhile, management was not informed until September 2011.
"Given the nature of such attacks, we cannot assure that our remedial actions will be sufficient to thwart future attacks or prevent the future loss of information," the filing said. "In addition, although the company is unaware of any situation in which possibly exfiltrated information has been used, we are unable to assure that such information was not or could not be used in the future."
It's unclear if the breach affected a previous VeriSign business selling Secure Sockets Layer (SSL) certificates to websites that are used to indicate encrypted connections. Symantec bought VeriSign's certificate business in mid-2010. Symantec spokesperson Nicole Kenyon told Reuters that "there is no indication that the 2010 corporate network security breach mentioned by VeriSign Inc was related to the acquired SSL product production systems".
Asked for comment, VeriSign provided ZDNet Australia's sister site CNET this statement: "We cannot provide any further information than what is included in the 10-Q document VeriSign filed on 28 October 2011."
Reuters discovered the VeriSign disclosure during an examination of more than 2000 corporate documents that were filed since the SEC published new guidelines for reporting security breaches.
The disclosure is reminiscent of a public announcement RSA made last year of a "sophisticated" targeted cyber attack that led to data theft that put millions of customers of its SecurID authentication tokens at risk. There also were breaches at other certificate authorities, including GlobalSign, DigiNotar and Comodo reported last year. And in 2010, Google went public with news that it had been the victim of a targeted attack, likely from China.
Via CNET
Linkedin 
RSS Feeds 
Newsletters 
Alerts
VeriSign Authentication Services provides solutions that allow companies & consumers to engage in communications & commerce online with confidence.Now a days hackers are the main reason for this types