• Home
  • Cyber Crime
  • Cyber warfare
  • APT
  • Data Breach
  • Deep Web
  • Digital ID
  • Hacking
  • Hacktivism
  • Intelligence
  • Internet of Things
  • Laws and regulations
  • Malware
  • Mobile
  • Reports
  • Security
  • Social Networks
  • Terrorism
  • ICS-SCADA
  • POLICIES
  • Contact me
MUST READ

Kelly Benefits data breach has impacted 550,000 people, and the situation continues to worsen as the investigation progresses

 | 

Cisco removed the backdoor account from its Unified Communications Manager

 | 

U.S. Sanctions Russia's Aeza Group for aiding crooks with bulletproof hosting

 | 

Qantas confirms customer data breach amid Scattered Spider attacks

 | 

CVE-2025-6554 is the fourth Chrome zero-day patched by Google in 2025

 | 

U.S. CISA adds TeleMessage TM SGNL flaws to its Known Exploited Vulnerabilities catalog

 | 

A sophisticated cyberattack hit the International Criminal Court

 | 

Esse Health data breach impacted 263,000 individuals

 | 

Europol dismantles €460M crypto scam targeting 5,000 victims worldwide

 | 

CISA and U.S. Agencies warn of ongoing Iranian cyber threats to critical infrastructure

 | 

U.S. CISA adds Citrix NetScaler flaw to its Known Exploited Vulnerabilities catalog

 | 

Canada bans Hikvision over national security concerns

 | 

Denmark moves to protect personal identity from deepfakes with new copyright law

 | 

Ahold Delhaize data breach affected over 2.2 Million individuals

 | 

Facebook wants access to your camera roll for AI photo edits

 | 

SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 51

 | 

Security Affairs newsletter Round 530 by Pierluigi Paganini – INTERNATIONAL EDITION

 | 

The FBI warns that Scattered Spider is now targeting the airline sector

 | 

LapDogs: China-nexus hackers Hijack 1,000+ SOHO devices for espionage

 | 

Taking over millions of developers exploiting an Open VSX Registry flaw

 | 
  • Home
  • Cyber Crime
  • Cyber warfare
  • APT
  • Data Breach
  • Deep Web
  • Digital ID
  • Hacking
  • Hacktivism
  • Intelligence
  • Internet of Things
  • Laws and regulations
  • Malware
  • Mobile
  • Reports
  • Security
  • Social Networks
  • Terrorism
  • ICS-SCADA
  • POLICIES
  • Contact me
  • Home
  • Hacking
  • VeriSign Hacked. Why?

VeriSign Hacked. Why?

Pierluigi Paganini February 03, 2012

No peace in the cyber space, day after day we read that the computer systems for major corporations and governments are compromised due repeated cyber attacks. This time it was the prestigious Verisign, a name that is our mind we link to the concept of “strong security”, but we are learning that the total security is just an utopia.

The company should defend user’s websites from attacks and form intercepting and hijacking of their traffic.

Once more the situation is really serious, a company that offers security services for authentication has been hacked repeatedly by hackers who stole undisclosed information from the internal infrastructure. After the Symantec case, another company that lives of security is victim of its business, that is the demonstration of how are dangerous the new cyber threats and how burdensome is their impact under an economic profile. The news of VeriSign attacks has been revealed in a quarterly U.S. Securities and Exchange Commission filing in October, but what is puzzling, in my opinion,  is that the ex CIO Ken Silva, in charge during last three years until November 2010, said he had not learned of the intrusion until contacted by Reuters. Securities and Exchange Commission Form 10-Q has clarified that security staff has immediately responded to the attacks but has failed to alert top management until September 2011.

In written Senate testimony on Tuesday, U.S. Director of National Intelligence James Clapper called the known certificate breaches of 2011 “a threat to one of the most fundamental technologies used to secure online communications and sensitive transactions, such as online banking.” Others have said SSL as a whole is no longer trustworthy and effective.

Since Q2 2010 Verisign Inc., the company who issued the SEC filing, is no longer associated with authentication or SSL certificates infact going through the product rebranding, Symantec actually owns and runs the authentication business. 

Symantec Corp, which has kept the brand name on VeriSign products, immediately took the distances through a statement by the pokesman Nicole Kenyon :

“there is no indication that the 2010 corporate network security breach mentioned by VeriSign Inc was related to the acquired SSL product production systems.”

“Trust Services (SSL), User Authentication (VIP, PKI, FDS) and other production systems acquired by Symantec were NOT compromised by the corporate network security breach mentioned in the VeriSign, Inc. quarterly filing. Also, Verisign Inc., the company who issued the SEC filing, is no longer associated with authentication or SSL certificates.”

In the specific case several attacks have been successfully conducted against the Verisign, the first one occurred in 2010 according to a report by Reuters, at the Reston, Virginia based firm. The structure is responsible to reverifies the integrity of top-level domains including all .gov, .com and .net addresses and also it is one of the main provider for Secure Sockets Layer (SSL) authentication certificates, used by most financial sites to ensure the their legitimacy. VeriSign hold sensitive information of a huge quantity of customers, and also its registry services that dispense website addresses would also be a desirable target.

By now we’ve made ​​a clear idea of how important are the certificates within a PKI infrastructure and why the Certification Authorities have been subject to constant attacks, at stake is more than the survival of a protocol like or a technology company, on these services infact is based most of the infrastructures of governments and worldwide leading institutions.

VeriSign’s official have declare “do not believe these attacks breached the servers that support our Domain Name System network”, but in light of what happened recently is normal to feed a lot of doubts about the statements provided.

The situation is embarrassing and dangerous, the systems of Verisign receive more than 50 billion queries daily and their responses are used by users to be addressed to sites that interest them, including government web site. The impairment of these mechanisms could lead to the redirection of requests to bogus sites with serious conseguences and not just this, the compromise of the model itself raises the risk of interception of emails and confidential documents that pass through channels of communication theory, sure.

Eloquent commentary by Stewart Baker, former assistant secretary of the Department of Homeland Security and before that the top lawyer at the National Security Agency.
“Oh my God” “That Could Allow people to imitate Almost any company on the Net”

“assume that it was a nation-state attack that is persistent, very difficult to eradicate and very difficult to put your hands around, so you can’t tell where they went undetected.”

Why steal a certificate or attack a Certification Authority?
Let’s try to answer:

Malware production – Installation for certain types of software could needs that its code is digitally signed with a trusted certificate. By stealing the certificate of a trusted vendor reduces the possibility that the malicious software being detected as quickly. That is exactly what happend for Stuxnet virus.

Economic Frauds – digital signature give a warranty on who signed a document and you can decide if you trust the person or company who signed the file and if you trust the organization who issued the certificate. If a digital certificate is stolen we will suffer of an identity theft, let’s imagine which could be the implication.

Some bot, like happened for the banking with Zeus malware, could be deployed to steal steal site certificates so that they can fool web browsers into thinking that a phishing site is a legitimate bank web site.

Cyber warfare – Criminals or governments could use the stolen certificates to conduct “man-in-the-middle” attacks, tricking users into thinking they were at a legitimate site when in fact their communications were being secretly tampered and intercepted. That is for example what occurred in the DigiNotar case … companies like Facebook, Google and also agencies like CIA, MI6 were targeted in Dutch government certificate hack.

We expect hard times …

Pierluigi Paganini

References

http://www.huffingtonpost.com/2012/02/02/verisign-hack_n_1249275.html

http://securityaffairs.co/wordpress/647/cyber-crime/2011-cas-are-under-attack-why-steal-a-certificate.html

 


facebook linkedin twitter

authentication systems CA Certificate Critical infrastructures Cyber Crime cyber threats cyber weapon duqu Espionage Hackers Hacking Intelligence Internet Large scale infiltration malware stuxnet Trojan Verisign

you might also like

Pierluigi Paganini July 02, 2025
Qantas confirms customer data breach amid Scattered Spider attacks
Read more
Pierluigi Paganini July 02, 2025
CVE-2025-6554 is the fourth Chrome zero-day patched by Google in 2025
Read more

leave a comment

newsletter

Subscribe to my email list and stay
up-to-date!

    recent articles

    Kelly Benefits data breach has impacted 550,000 people, and the situation continues to worsen as the investigation progresses

    Uncategorized / July 03, 2025

    Cisco removed the backdoor account from its Unified Communications Manager

    Security / July 02, 2025

    U.S. Sanctions Russia's Aeza Group for aiding crooks with bulletproof hosting

    Cyber Crime / July 02, 2025

    Qantas confirms customer data breach amid Scattered Spider attacks

    Cyber Crime / July 02, 2025

    CVE-2025-6554 is the fourth Chrome zero-day patched by Google in 2025

    Hacking / July 02, 2025

    To contact me write an email to:

    Pierluigi Paganini :
    pierluigi.paganini@securityaffairs.co

    LEARN MORE

    QUICK LINKS

    • Home
    • Cyber Crime
    • Cyber warfare
    • APT
    • Data Breach
    • Deep Web
    • Digital ID
    • Hacking
    • Hacktivism
    • Intelligence
    • Internet of Things
    • Laws and regulations
    • Malware
    • Mobile
    • Reports
    • Security
    • Social Networks
    • Terrorism
    • ICS-SCADA
    • POLICIES
    • Contact me

    Copyright@securityaffairs 2024

    We use cookies on our website to give you the most relevant experience by remembering your preferences and repeat visits. By clicking “Accept All”, you consent to the use of ALL the cookies. However, you may visit "Cookie Settings" to provide a controlled consent.
    Cookie SettingsAccept All
    Manage consent

    Privacy Overview

    This website uses cookies to improve your experience while you navigate through the website. Out of these cookies, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities...
    Necessary
    Always Enabled
    Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.
    Non-necessary
    Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. It is mandatory to procure user consent prior to running these cookies on your website.
    SAVE & ACCEPT