On Feb. 2nd, 2012, Joseph Menn reported for Reuters on another attack on an internet authentication company. Reuters reported that that hackers broke in and "stole undisclosed information" from VeriSign, the "leading Internet infrastructure company." VeriSign basically makes sure that people go to the right website on their browser. The concern is that hackers could use information stolen from authenticators like VeriSign to create fake web sites. Then, instead of going to the real website, a user would go to the fake website and potentially give away confidential information to hackers.
The article noted that VeriSign executives don't believe the cyberattacks would affect that direction capability, but they can't be completely sure. It's unclear as to what information the hackers actually stole. Moreover, it's still unclear as to who did it, but it sounds like a nation-state.
The Reuters article had another interesting point: all of this information came out in a SEC filing. If you don't remember, the SEC issued guidelines that said companies should start disclosing cyberattacks in their quarterly filings. Up until this point, the best disclosure we've had was ConEd acknowledging the possibility of a cyberattack. Here, VeriSign disclosed news of a pretty significant cyberattack. Reuters noted that this disclosure "was the most striking disclosure to emerge in a review by Reuters of more than 2,000 documents mentioning breach risks since the SEC guidance was published."
You can find the Reuters source article here.
Leave a Reply