Top Tech News HOME LATEST NEWS NEWSLETTERS SEARCH Search
  LATEST NEWS FOR SATURDAY MARCH 25

Close Search Box
Top Tech News
NETWORK SECURITY
Just How Bad Was the ICANN Database Breach?
Posted December 18, 2014
Just How Bad Was the ICANN Database Breach?
Next Story
EARLIER
Rivals Support Microsoft in Privacy Battle
THIS STORY
Just How Bad Was the ICANN Database Breach?
Next Story
LATER
Special Report: How Sony Systems Were Hacked
YOU ARE HERE:   HOME arrow NETWORK SECURITY arrow THIS STORY
NEWS OPS

By Jennifer LeClaire. Updated December 18, 2014 12:12PM

SHARE

ALSO SEE

The Internet Corp. for Assigned Names and Numbers (ICANN) has been hacked. The nonprofit organization that manages several databases of domain names is investigating a system intrusion that compromised its domain name servers.

ICANN described what it classified as a spear phishing attack that started in late November. Norton defines spear phishing as e-mail that appears to be from an individual or business that you know, but it's really from criminal hackers who want to steal your credit card or bank account numbers, passwords, and financial information.

"It involved e-mail messages that were crafted to appear to come from our own domain being sent to members of our staff," ICANN said. "The attack resulted in the compromise of the e-mail credentials of several ICANN staff members."

What Was Compromised?

ICANN said it discovered early this month that the compromised credentials were used to access other ICANN systems besides e-mail. Specifically, hackers infiltrated the Centralized Zone Data System (CZDS), which provides a centralized access point for interested parties to request access to the Zone Files provided by participating Top Level Domains. Zone files contain data describing a portion of the domain name space for specific top-level domains.

"The attacker obtained administrative access to all files in the CZDS. This included copies of the zone files in the system, as well as information entered by users such as name, postal address, email address, fax and telephone numbers, username, and password," ICANN said.

"Although the passwords were stored as salted cryptographic hashes, we have deactivated all CZDS passwords as a precaution. Users may request a new password at czds.icann.org. We suggest that CZDS users take appropriate steps to protect any other online accounts for which they might have used the same username and/or password. ICANN is providing notices to the CZDS users whose personal information may have been compromised."

Hackers also found a way into the ICANN Governmental Advisory Committee Wiki, which provides advice to ICANN on issues of public policy, and especially where there may be an interaction between ICANN's activities or policies and national laws or international agreements. Finally, ICANN reported unauthorized access to user accounts on two other systems, the ICANN Blog and the ICANN WHOIS (whois.icann.org) information portal.

Could Have Been Worse

We caught up with Tyler Reguly, manager of security research at Tripwire, to get his thoughts on the attack. He told us it's a great reminder that spear-phishing is a serious issue and targeted attacks are quite common. With the holidays upon and more e-mail spam, tracking and delivery notifications, and invoices appearing in our mailboxes due to increases in online shopping, he said we need to be hyper-vigilant about what we click.

"While any breach should be considered serious, the breach at ICANN is not as bad as it could have been. All user passwords have been reset, and should the attackers act on the stolen salted hashes, hopefully users will not have reused passwords from other Web sites," Reguly said.

"It is, of course, advisable that users of the Centralized Zone Data System reset their passwords if they were reused elsewhere. While the zone file copies contain useful information, much of that information will be available via other means, limiting the impact that any data exfiltration may have."

Tell Us What You Think
Comment:

Name:

MORE IN NETWORK SECURITY

Next Article >

INSIDE TOP TECH NEWS NETWORK SITES SERVICES BENEFITS