Quite a holiday season hackers are having this year making us crazy following their seemingly never ending saga of hacking international organizations and web services. In the latest and quite surprising news, ICANN, the global internet authority has been hacked as attackers impersonated employees to gain access to confidential internal data.
Internet authority ICANN hacked:
The Internet Corporation for Assigned Names and Numbers (ICANN) is a US-administered nonprofit organization responsible for allocating IP addresses and domain names. In a spear phishing hacking attempt, ICANN employees were tricked into giving up their credentials as hackers forged trusted communication to access private data. According to the organization, its internal communications, ICANN's Centralized Zone Data System (CZDS) member-only Wiki page, and the WHOIS portal (portal for looking up who registered what domain) was accessed.
CZDS is a central database storing and managing millions of websites containing files mapping the path between IP address, identifying the computers hosting data, and the name of the domains. ICANN reports that the breaching of CZDS is the most troubling as intruders accessed a wide range of user information including usernames, emails, real names, and addresses among other personal information. While passwords were also accessed, ICANN claimed that these were encrypted and not in plain text.
The attacker obtained administrative access to all files in the CZDS. This included copies of the zone files in the system, as well as information entered by users such as name, postal address, email address, fax and telephone numbers, username, and password. Although the passwords were stored as salted cryptographic hashes, we have deactivated all CZDS passwords as a precaution.
The authoritative and autonomous role of ICANN has long remained a subject of debate as President Obama tried to transition ICANN into a more international organization. While it's yet to be seen who is behind this intrusion, spear phishing has popularly been used by the Syrian Electronic Army to hijack into media accounts of global organizations. The technique is also suggested to have been used in the latest Sony Pictures Entertainment hack last month.
- Source: The Verge