Verisign Breached Several Times in 2010

Company: Data Accessed, But Net Root Name Servers Unaffected
Verisign Breached Several Times in 2010
Verisign, which operates two of the 13 root name servers that route traffic on the Internet, has revealed that its computer network had been hacked several times in 2010, but top management did not learn of the incidents until September 2011.

See Also: Hunt Cloud Threats or Be Hunted | CISO Guide to Cloud Compromise Assessments

"We have investigated and do not believe these attacks breached the servers that support our Domain Name System network," Versign stated in a 10-Q quarterly report dated Oct. 28 and filed with the Securities and Exchange Commission, but not previously publicized.

Still, Verisign in the filing acknowledged that attackers had exfiltrated information stored on the compromised corporate system. The filing neither specified the type of information accessed nor how it might have been used by hackers. "The company's information security group was aware of the attacks shortly after the time of their occurrence, and the group implemented remedial measures designed to mitigate the attacks and to detect and thwart similar additional attacks," the filing said. "However, given the nature of such attacks, we cannot assure that our remedial actions will be sufficient to thwart future attacks or prevent the future loss of information."

Thursday night Eastern time, Verisign issued a statement reiterating that the servers that route Internet traffic were not affected by the breach:

"We have a number of security mechanisms deployed in our network to ensure the integrity of the zone files we publish. In 2005, Verisign engineered real-time validation systems that were designed to detect and mitigate both internal and external attacks that might attempt to compromise the integrity of the DNS. All DNS zone files were and are protected by a series of integrity checks including real-time monitoring and validation. Verisign places the highest priority on security and the reliable operation of the DNS."

In its SEC filing, Verisign characterized as effective its processes for the IT group to report breaches to top management, though it did change them after an investigation. "Management was informed of the incident in September 2011 and, following the review, the company's management concluded that our disclosure controls and procedures are effective," the filing said. "However, the company has implemented reporting line and escalation organization changes, procedures and processes to strengthen the company's disclosure controls and procedures in this area."

Verisign, in response to an e-mail query, did not provide further clarification of its IT security governance process.

Verisign did not mention the breach in the earnings call held Oct. 27 or in other materials released at the time, including a press release and a document summarizing third quarter performance.

About the Author

Eric Chabrow

Eric Chabrow

Retired Executive Editor, GovInfoSecurity

Chabrow, who retired at the end of 2017, hosted and produced the semi-weekly podcast ISMG Security Report and oversaw ISMG's GovInfoSecurity and InfoRiskToday. He's a veteran multimedia journalist who has covered information technology, government and business.

Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing, you agree to our use of cookies.