VeriSign Inc, the company in charge of delivering people safely to more than half the world's websites, has been hacked repeatedly by outsiders who stole undisclosed information from the leading Internet infrastructure company.
The previously unreported breaches occurred in 2010 at the Reston, Virginia-based company, which is ultimately responsible for the integrity of Web addresses ending in .com, .net and .gov.
VeriSign said its executives "do not believe these attacks breached the servers that support our Domain Name System network," which ensures people land at the right numeric Internet Protocol address when they type in a name such as Google.com, but it did not rule anything out.
VeriSign's domain-name system processes as many as 50 billion queries daily. Pilfered information from it could let hackers direct people to faked sites and intercept email from federal employees or corporate executives, though classified government data moves through more secure channels.
"Oh my God," said Stewart Baker, former assistant secretary of the Department of Homeland Security and before that the top lawyer at the National Security Agency. "That could allow people to imitate almost any company on the Net."
The VeriSign attacks were revealed in a quarterly U.S. Securities and Exchange Commission filing in October that followed new guidelines on reporting security breaches to investors. It was the most striking disclosure to emerge in a review by Reuters of more than 2,000 documents mentioning breach risks since the SEC guidance was published.
[...]