The Internet Corporation for Assigned Names and Numbers (ICANN), one of the core entities for Internet governance and operations, announced that it had been compromied in late November via a "Spear-Phishing" attack.
They state that the compromised credentials were used to access more sensitive systems. Specifically, they mention:
The attacker obtained administrative access to all files in the CZDS [Centralized Zone Data System]. This included copies of the zone files in the system, as well as information entered by users such as name, postal address, email address, fax and telephone numbers, username, and password. Although the passwords were stored as salted cryptographic hashes, we have deactivated all CZDS passwords as a precaution. Users may request a new password at czds.icann.org. We suggest that CZDS users take appropriate steps to protect any other online accounts for which they might have used the same username and/or password. ICANN is providing notices to the CZDS users whose personal information may have been compromised.
They also identified unauthorized access to (ostensibly innocuous parts of) the ICANN GAC [Governmental Advisory Committee] Wiki as well as user-level accounts on the ICANN Blog and the ICANN WHOIS information portal.
While they're not terribly specific about how the attack happened aside from mentioning that the "email credentials of several ICANN staff members" were compromised, it doesn't take much imagination to figure out where it probably went from there. The impact seems rather minimal, but given the level of control that ICANN has over DNS, it does make one wonder how close we came to a major incident.
(Score: 0) by Anonymous Coward on Friday December 19 2014, @01:05AM
Imagine the worst and be afraid?
(Score: 1) by Anonymous Coward on Friday December 19 2014, @01:22AM
Why is ICANN using Windows anyway? You'd expect them to be more responsible than that.
(Score: 1) by anubi on Friday December 19 2014, @02:18AM
Good question.. especially since you can't even open a Microsoft document to read without the chance it infects your system with malware.
It seems only fools and businesses use this format. Fools because they don't know any better, and Business because no one has the guts to stand up to the boss and tell him to fix his own system.
I show below the last two spearphishing attempts at me...
attempt #1 :
( sent from admin@genealogyalongtherockies.com )
I looked up the sender and am convinced someone hijacked his name and email to send it.
I have no reason to believe the sender even knew about this.
I have sent him an email with the contents of what was sent me and advised him to check out his system or have a trusted friend look it over. Someone is doing a "joe job" on him.
attempt #2 :
( sent from: hhgreene79@centurylink.net )
I looked up the sender and appears to be another innocent guy getting a joe job.
Some of you may well be getting these same phishes, so I list them word for word so you can compare to yours.
Unfortunately, I still live in a business environment where businesses still feel they have to use Microsoft formats - even knowing they are frequently laced with malware - for business communication. Businessmen will spend thousands of dollars on a business suit to "make a good first impression", then send their customer .doc files. For me, the impression they make is quite similar to watching a businessman eat his spaghetti with his hands, as well as serving himself out of the dish with his hands. But you tolerate it, because you must give him the leeway that he doesn't know any better. He may look good, but he doesn't know a thing about hygiene and handles filthy things and hands them to his customer.
Now, we have all pontificated a lot on NSA's snooping on perfectly innocent folks. For once, I wish they would open up a honeypot service so that anyone receiving these phishing mails can forward them to, and have our own law enforcement officials take the role of patsy to fall for the ruse, follow the money, and snare the perp.
Question to fellow Soylenters: Anyone know of anyone collecting this kind of stuff for the purpose of honeypotting?
"Prove all things; hold fast that which is good." [KJV: I Thessalonians 5:21]
(Score: 2) by dlb on Friday December 19 2014, @02:46AM
(Score: 2) by Leebert on Friday December 19 2014, @03:21AM
If it really WAS a Joe job, you're not doing him any favors. A Joe job is, by definition, using a spoofed sender. So all you're doing is just adding to the backscatter. The bounces and replies are exactly the PROBLEM in a Joe job.
Really, the best thing to do in such a situation is ignore it, unless it appears to be from someone you know. In that case, a heads-up text message or phone call might be reasonable.
Sure. Spam honeypots are a dime a dozen.
(Score: 1) by anubi on Friday December 19 2014, @03:41AM
I considered that as well, however I also felt he would be getting a lot of unjustified hate mail. At least I wanted him to know there are a few of us who know the dilemma he in the middle of.
As far as that honeypot goes... this one not just for spam but for these dedicated fraud attempts. As much as we have given the NSA powers to snoop on everything, I would sure like to see some government authority we could forward these deliberate fraud attempts to, then they would play the patsy, make the perp think he found a pushover, then nail him in the act.
Once word spreads around that trying to phish people is likely to get one nailed the instant they try to collect their ill-gotten gain, sending a phish email will be just as risky as opening up a the attached Microsoft document. One helluva surprise awaits.
Spam is one thing, but phishing like this is fraud... plain and simple fraud.
"Prove all things; hold fast that which is good." [KJV: I Thessalonians 5:21]
(Score: 2) by epitaxial on Friday December 19 2014, @03:22AM
Oh yeah nothing on Linux could ever have a 0 day exploit or nobody could ever be running an out of date distro.
(Score: 1) by Anonymous Coward on Friday December 19 2014, @04:06AM
What does Linux have to do with this?
(Score: 2) by HiThere on Friday December 19 2014, @08:46PM
Nothing is perfect, but when they were designing MSWind the first thing they did was rip out all the security from the system they were modeling. (To be fair, at that time MSWind systems weren't networked, and the processor was underpowered for what they were trying to do. It was still a bad move.)
Javascript is what you use to allow unknown third parties to run software you have no idea about on your computer.
(Score: 0) by Anonymous Coward on Friday December 19 2014, @10:25AM
...A 1% in the USA loses $1 million+ THEN they will take action because a 'big fish' got hurt BIG TIME by a scammer. They might do this if as little as $100K is lost. Any less than that and they probably won't lift a finger as the loss is not large enough to try to recover and if successful, blast it all over 'lamestream media'.
Otherwise, just delete the email without 'touching' it otherwise you have to waste time saving your data, and wiping and re-installing Windows, and putting it back.
You MIGHT avoid all this by checking your email inside a virtual PC session but why take the chance. :P
I wrote my own email client to avoid the 'bells and whistles' of Outlook that can extract file attachments to 'text files' so they load in Notepad if they are clicked on (accidentally). The attachments can be safely scanned for malware and deleted, quarantined, or forwarded to online antivirus services for analysis to update their antivirus scanners.