VeriSign has acknowledged that it was hacked “repeatedly” by external entities who stole undisclosed information.
According to Reuters, the previously unconfirmed breaches occurred in 2010 at the Virginia-based company, which is responsible for ensuring the integrity of Web addresses ending in .com, .net and .gov.
Although VeriSign said it did not believe the attacks had breached the servers responsible for supporting the company’s Domain Name System (DNS) network, the corporation refused to rule anything out.
“Given the nature of such attacks, we cannot assure that our remedial actions will be sufficient to thwart future attacks or prevent the future loss of information,” VeriSign wrote in a recent report filed with the US Securities and Exchange Commission
“In addition, although the Company is unaware of any situation in which possibly exfiltrated information has been used, we are unable to assure that such information was not or could not be used in the future.”
VeriSign’s domain-name system typically processes up to 50 billion queries on a daily basis. Stolen data could allow hackers to direct Internet surfers to spoofed sites and even intercept email from federal employees or corporate executives.
“Oh my God,” said Stewart Baker, the former assistant secretary of the Department of Homeland Security. ”[This] could allow people to imitate almost any company on the Net.”
Former US intelligence official Melissa Hathaway expressed similar sentiments.
“This breach, along with the RSA breach, puts the authentication mechanisms that are currently being used by businesses at risk… There [really] appears to be a structured process of hunting those who provide authentication services.”