Verisign 2010 Hack: DNS Data Theft A Possibility
Last week, Information Week reported that VeriSign filings with the U.S. Securities & Exchange Commission (SEC) revealed several hacking attacks into VeriSign’s network that “might have compromised critical information relating to the Internet’s domain name system (DNS).” These attacks occurred in 2010 but were not reported to the SEC until October 2011. Symantec acquired much of the assets that may have been compromised in 2010. The breach, however, occurred before their acquisition. Both VeriSign and Symantec deny that any critical systems were hacked. But according to Information week, no one is denying that “information relating to the DNS network wasn’t stolen in the attacks.”
VeriSign operates two of the Internet’s thirteen root nameservers, a critical part of the Internet’s backbone, and is the authoritative registry for .com and .net the two most used TLDs. Putting aside why it took VeriSign so long to disclose the breach, the problem is yet another example of ICANN ignoring serious systemic problems with existing security in current TLD management before it lets loose a yet undetermined number new registries operating what could be more than a thousand new TLDs. It’s a very dangerous game ICANN is playing and the ultimate loser is the everyday Internet user.
For a full report, read the Information Week article here.
Doug Wood, We Expert