Amazing story from Reuters.

Note how the breach was reported:

The VeriSign attacks were revealed in a quarterly U.S. Securities and Exchange Commission filing in October that followed new guidelines on reporting security breaches to investors. It was the most striking disclosure to emerge in a review by Reuters of more than 2,000 documents mentioning breach risks since the SEC guidance was published.

The article speculates that penetrating SSL certificates may have been a key target of the attack.  

Until August 2010, VeriSign was one of the largest providers of Secure Sockets Layer certificates, which Web browsers look for when connecting users to sites that begin "https," including most financial sites and some email and other communications portals.

If the SSL process were corrupted, "you could create a Bank of America certificate or Google certificate that is trusted by every browser in the world," said prominent security consultant Dmitri Alperovich, president of Asymmetric Cyber Operations.

This shouldn't surprise anyone.  As we wrote late in 2011, while a growing number of web applications are delivered over the HTTPS protocol (HTTP over SSL), attackers are increasingly focusing their attacks against the various components of SSL. We are seeing a rise in attacks which target the worldwide infrastructure that supports SSL. We expect these attacks to reach a tipping point in 2012 which, in turn, will invoke a serious discussion about real alternatives for secure web communications. The VeriSign attack highlights that the tipping point may have actually arrived in 2011.

So who did it?

The Reuters piece suggests government-sponsored hackers.  Possible.  Another possibility:  private hackers who resell the booty to the governments and enterprises who may want it.