So another hack has been exposed, this time on ICANN – which is pretty bad. They are the database of the Internet basically, including the root zone system which is the highest authority for DNS requests.
“The Internet Corporation for Assigned Names and Numbers (ICANN) is a non-profit organization that is responsible for the coordination of maintenance and methodology of several databases of unique identifiers related to the namespaces of the Internet, and ensuring the network’s stable and secure operation.”
Pretty serious business, and this time nothing high-tech went on at all – just some very targeted ‘spear-phishing‘ against employees of ICANN which did eventually yield valid credentials.
Domain-name overseer ICANN has been hacked and its root zone system compromised, the organization has announced.
Attackers sent staff spoofed emails appearing to coming from icann.org. The organization notes it was a “spear phishing” attack, suggesting employees clicked on a link in the messages, and then typed their usernames and passwords into a bogus webpage, providing hackers with the keys to their accounts.
“The attack resulted in the compromise of the email credentials of several ICANN staff members,” the announcement reads, noting that the attack happened in late November and was discovered a week later.
With those details, the hackers then managed to access a number of systems within ICANN, including the Centralized Zone Data System (CZDS), the wiki pages of the Governmental Advisory Committee (GAC), the domain registration Whois portal, and the organization’s blog.
The CZDS provides authorized parties with access to all the zone files of the world’s generic top-level domains. It is not possible to alter those zone files from within the system, but the hackers did manage to obtain all the information of those who are registered with the system, which include many of the administrators of the world’s registries and registrars.
In an email sent to every CZDS user, ICANN has warned that “the attacker obtained administrative access to all files in the CZDS including copies of the zone files in the system. The information you provided as a CZDS user might have been downloaded by the attacker. This may have included your name, postal address, email address, fax and telephone numbers, and your username and password.”
This is by no means a Sony level hack, but well honestly – nothing else is and probably will be for quite some time.
While the hack is nowhere near the same level as the hack on, say, Sony that has seen gigabytes of information leaked onto the internet, it will prove extremely embarrassing to ICANN, which hopes to be handed control of the critical IANA contract next year.
It also comes as the US government revealed yesterday the process by which updates to the internet’s root zone files are done through ICANN. When changing the network addresses for the world’s top-level nameservers, the process relies on a secure email from ICANN, or a request sent through a secure web portal, a standard format change request and self-certification that ICANN has followed its own processes.
With the email addresses of staff with access to root zone records having been compromised and the hack only noticed a week later, there will be significant concern that had the hackers been luckier or if an IANA staffer – who also use icann.org email addresses – had logged in to the fake site the hackers may have gained access to the system used to make changes at the very top of the internet.
ICANN seeks to assure people that it is on top of the situation: “Earlier this year, ICANN began a program of security enhancements in order to strengthen information security for all ICANN systems. We believe these enhancements helped limit the unauthorized access obtained in the attack. Since discovering the attack, we have implemented additional security measures.”
That security program began when ICANN suffered a problem with CZDS system in April. In that case a number of users were wrongly given admin access to the system.
It’s good to see ICANN being a bit more grown up about this as well, disclosing that it happened, what was leaked and how they think the intruders got access to the system – a definite move in the right direction.
ICANN has also stated that disclosed passwords were stored as salted hash values, rather than in plaintext, although the algorithm used is not known. They also confirmed that this hadn’t effected any IANA-related systems and that no other systems have been impacted.
Source: The Register