| Title | ICANN Compromised via "Spear-Phishing" Attack | |
| Date | Friday December 19 2014, @12:22AM | |
| Author | Blackmoore | |
| Topic | ||
| from the constant-vigilance dept. | ||
The Internet Corporation for Assigned Names and Numbers (ICANN), one of the core entities for Internet governance and operations, announced that it had been compromied in late November via a "Spear-Phishing" attack.
They state that the compromised credentials were used to access more sensitive systems. Specifically, they mention:
The attacker obtained administrative access to all files in the CZDS [Centralized Zone Data System]. This included copies of the zone files in the system, as well as information entered by users such as name, postal address, email address, fax and telephone numbers, username, and password. Although the passwords were stored as salted cryptographic hashes, we have deactivated all CZDS passwords as a precaution. Users may request a new password at czds.icann.org. We suggest that CZDS users take appropriate steps to protect any other online accounts for which they might have used the same username and/or password. ICANN is providing notices to the CZDS users whose personal information may have been compromised.
They also identified unauthorized access to (ostensibly innocuous parts of) the ICANN GAC [Governmental Advisory Committee] Wiki as well as user-level accounts on the ICANN Blog and the ICANN WHOIS information portal.
While they're not terribly specific about how the attack happened aside from mentioning that the "email credentials of several ICANN staff members" were compromised, it doesn't take much imagination to figure out where it probably went from there. The impact seems rather minimal, but given the level of control that ICANN has over DNS, it does make one wonder how close we came to a major incident.
| Links |
printed from SoylentNews, ICANN Compromised via "Spear-Phishing" Attack on 2024-04-24 11:45:24