Two leading domain name companies have been subject to hacking. Verisign, responsible for the .COM and .NET top level domains and other internet infrastructure, has been hacked repeatedly by outsiders who stole undisclosed information, Reuters reports.
The Reuters report notes that the previously unreported breaches occurred in 2010 at the Reston, Virginia-based company.
“VeriSign said its executives ‘do not believe these attacks breached the servers that support our Domain Name System network,’ which ensures people land at the right numeric Internet Protocol address when they type in a name such as Google.com, but it did not rule anything out.”
Potentially the “pilfered information from it could let hackers direct people to faked sites and intercept email from federal employees or corporate executives, though classified government data moves through more secure channels.”
The hacks “could allow people to imitate almost any company on the Net,” Stewart Baker, former assistant secretary of the Department of Homeland Security and before that the top lawyer at the National Security Agency told Reuters.
Baker further told Reuters that VeriSign’s description will lead people to “assume that it was a nation-state attack that is persistent, very difficult to eradicate and very difficult to put your hands around, so you can’t tell where they went undetected.”
However Ken Silva, formerly VeriSign’s chief technology officer, was a little more cautious, noting that “given the time elapsed since the attack and the vague language in the SEC filing, he said VeriSign ‘probably can’t draw an accurate assessment’ of the damage.”
In the SEC filing “in a section of its filing devoted to risk factors, VeriSign said it was a frequent subject of ‘the most sophisticated form of attacks,’ including some that are ‘virtually impossible to anticipate and defend against.'”
Meanwhile the Irish registrar and hosting company Blacknight was prompt in alerting clients about a security breach on 31 January where up to 40,000 customers may have had their contact details such as email addresses and telephone numbers compromised. The company notes that no financial data has been compromised and the damages are minimal.
Blacknight is investigating the issue further and taking appropriate steps to prevent a re-occurrence of the issue. Blacknight have already been in touch with Dataprotection.ie and Iriss.ie in regard to this matter. Blacknight will also be in contact with Gardai (Irish police) for a further investigation.
“We take our responsibilities to our customers very seriously and have already been in touch with the Data Protection Commissioner and have informed them of the breach,” said Blacknight’s Michele Neylon. “Blacknight is a secure company, however data breaches are a reality that almost every online company must face. We are taking this opportunity to increase our security even further and apologize to our customers for any inconvenience this may cause.”