Reuters has discovered that Internet infrastructure company VeriSign was successfully attacked numerous times by hackers in 2010, with the full extent of the compromise still unknown. Of particular concern are the company's DNS servers — VeriSign operates the authoritative registry for the .com and .net domains, amongst others — and though executives stated that they "do not believe these attacks breached the servers that support our Domain Name System network," they couldn't definitely stated that they had remained secure. The attacks came to light thanks to a US Securities and Exchange Commission filing this past October, which was following stricter guidelines that compel companies to report security breaches to their shareholders.
It was also revealed that while VeriSign's security staff responded to the attacks, the company's top management themselves weren't informed until September of the following year. VeriSign's former CTO Ken Silva spoke with Reuters about the breaches — he hadn't been previously aware of them, either — and stated that based off VeriSign's description that many would "assume it was a nation-state attack," but that VeriSign "probably can't draw an accurate assessment" at this time. VeriSign was also a dominant player in Secure Sockets Layer certificates before selling that business to Symantec in 2010, but things appear to be clear on that front: Symantec's Nicole Kenyon stated that "there is no indication that the 2010 corporate network security breach mentioned by VeriSign Inc. was related to the acquired SSL product production systems."