Unknown hackers have in 2010 broken into with VeriSign and have obtained access to a part of the systems. Also there would not be further specified information are captured. Is unknown or the dns and certificaatsystemen are affected.
This is evident from the information provided by the registrar is submitted to the regulator, Securities and Exchange Commission (SEC) and has fallen into the hands of Reuters. VeriSign says in vague terms the attacks on its systems to have been investigated and that no evidence has found that his dns system – the company manages two root name servers – immediate danger has gone. The company does not exclude, however, that information about the dns system is captured: in the notification with the SEC reports VeriSign that there is no further detailed information is captured. Also, it is not made clear or it comes to sensitive information.
VeriSign, now owned by Symantec, provides as registrar not only the domain names .com, .just, .gov, .cc and .tv, but is also one of the main parties to the issuance of ssl certificates. Symantec, however, has let know that the attackers have no access to critical systems for the issuance and management of ssl certificates.
It is striking that the hackersaanvallen already in 2010 have occurred, but that the top of VeriSign only in september 2011 to hear received from his security team. A month later, the SEC informed. The reason for this delay is not yet clear and that the supervisor states in his kwartaalreportage that the incident faster when the managers of VeriSign known had to be made.
The news about the attacks on VeriSign can have major consequences; in particular, by the hack of the Dutch ssl authority DigiNotar, a hacker made it possible to forge ssl certificates to generate, and the fake ssl certificates, where Stuxnet was, is the entire system of certificaatverstrekking many security researchers in the verdachtenbankje come. In addition, VeriSign is one of the most important managers of the global dns system. Attackers would, by manipulations on the dns system may attempt to register with a fake website to pretend to be a legitimate website.