How Was ICANN Hacked & What Information Did The Hackers Managed To Steal?

While the entire world is focused on uncovering data from the notorious Hackers Shutdown Computers At Sony Pictures & Release Filenames of Stolen Data, ICANN has admitted that its systems were breached last month. As you all know ICANN or Internet Corporation for Assigned Names and Numbers is responsible for maintaining records of domain names and IP addresses and a security breach in its systems could have major impact on the internet. Unlike Sony Pictures who tried to sweep things under the rug by addressing the hack as an IT issue at first and later prohibiting media houses to report on the matter, ICANN has provided a #-Link-Snipped-# on the issue. In this article we shall be answering two major questions, starting with.

How Was ICANN Hacked?

You are very familiar with the phrase “to err is human” and in the ICANN hacking case is holds true. Several ICANN employees fell prey to a #-Link-Snipped-#. During late November, the attackers sent them e-mails that appeared to have been generated from ICANN domain. These employees were then tricked to disclose their log-in credentials such as username and passwords. By the beginning of December, ICANN cyber security staff found that the stolen credentials were used to infiltrate some ICANN systems.

ICANN Logo

What Information Did The Hackers Managed To Steal?

According to the organisation, the stolen credentials were used to access the Centralized Zone Data System (CZDS) of ICANN. The CZDS stores website owner information such as names, postal addresses, email addresses, telephone numbers and email addresses as well as the obligatory username and password. Even though the attacker/attackers obtained administrative access to the website they would not have been able to do much harm as the passwords were stored as Salted Password Hashing - Doing it Right - CodeProject. As a precaution ICANN has disabled all CZDS passwords and users will have to request a new one from the organisation. They have also asked users take appropriate action if they are using the same password as they use on ICANN CZDS on other websites. ICANN will be alerting the users whose personal information it thinks have been compromised in the attack.

Another ICANN website that was affected in the attack was the ICANN GAC Wiki website and as you might have guessed from the name it is a public website and the attackers viewed just one members-only index page and user profile. Two other websites, the ICANN blog and lookup directory ICANN WHOIS were accessed but ICANN says there was no impact on both. ICANN is currently investigating this issue and will be employing additional security measures to prevent such malicious attacks in the future.

Source: #-Link-Snipped-# via Global internet authority ICANN has been hacked - The Verge

Replies

  • Dhananjay Harkare
    Dhananjay Harkare
    How unfortunate that an organization like ICANN was manipulated just by phishing!
  • Piyush Dangre
    Piyush Dangre
    Dhananjay Harkare
    How unfortunate that an organization like ICANN was manipulated just by phishing!
    A proof that Spear Phishing works beyond levels unimaginable.

You are reading an archived discussion.

Related Posts

Raghuram Rajan, the Governerof RBI forcasted about the recession in IT in the year 2008. At that time, his statement went un-noticed. 2014, August I guess, a random article in...
Along with the iPhone 6, Apple had announced their innovative payment solution - called Apple Pay. The good news is that the service is coming soon to India. Apple Inc....
I had the great fortune to be initiated into this by JK on a one on one lonely meeting on the IIT Madras campus way back in the early sixties....
Material Design is not just for Android device anymore. Quantum OS is using Material design guidelines to design the Quantum OS. The desktop is written using QML & QT5, the...
Swedish automaker Volvo, protective gravity sports gear manufacturer POC and Ericsson have collaborated to develop a wearable technology concept that aims to prevent accidents between cars and cyclists. According to...