Internet infrastructure company VeriSign says hackers made off with unspecified information in 2010. The company didn’t report the breach until 2011. See here a video report from Newsy:
Embedded Video Source by Newsy.com
Transcript by Newsy
BY EVAN THOMAS
ANCHOR LAUREN GORES
If you’re an Internet company, when do you tell your users you were hacked? Internet infrastructure company VeriSign reported in a quarterly SEC filing that hackers breached its security and made off with unspecified information multiple times– back in 2010.
The biggest concern is that hackers could have compromised the domain name system, or DNS. The DNS directs Internet traffic to the correct IP addresses — so when you enter Google.com, you go to Google’s website, and not Amazon’s or Facebook’s.
Verisign maintains two of thirteen DNS servers for .com and .net web domains — more than 100 million addresses. Wired explains — a hacker could reroute the DNS, and users wouldn’t know a thing.
“A breach of the DNS network could allow attackers to redirect users to malicious web pages or redirect and intercept e-mail communications.”
PC Magazine says Verisign’s security team knew about the breaches, and didn’t say anything.
“…while the hacks occurred in 2010, VeriSign’s information security group did not tell management about the attacks until September 2011. VeriSign said it has since changed its reporting policies to make sure the same thing doesn’t happen again.”
But those changes came too late. The IT community is condemning VeriSign’s lack of immediate action, saying it put individual web users and entire companies at risk. PCWorld elaborates.
“The million dollar question right now is ‘at risk of what?,’ or perhaps ‘how much risk?’ … The risks involved are a function of exactly what was hacked, or what information was compromised, and we don’t have those details.”
In its SEC filing, VeriSign says there’s no indication the DNS was compromised. But it also says a hack like this could happen again.
“…given the nature of such attacks, we cannot assure that our remedial actions will be sufficient to thwart future attacks or prevent the future loss of information.”
Despite that, MSNBC says we probably shouldn’t panic.
“That’s terrible, but it’s not new. Virus writers have been compromising certificate issuers with abandon for the past 18 months. … structures are in place to deal with fraudulent certificates.”
Structures like the other eleven DNS servers. MSNBC notes the companies that maintain them would likely work together to restore control and stop any attack.
Transcript by Newsy.
(Image source: newsy.com