ICANN gets hacked after employees hand out private data in phishing scam

by
in security on (#2W4M)
ICANN has reported a major security breach. The organization, which is responsible for managing IP addresses (among other things) for the internet, was hacked late last month. Using basic spear phishing attacks, hackers managed to trick ICANN employees into giving up private credentials upon receiving emails that appeared to come from the organization itself. As a result, several internal systems have been breached.

ICANN reports that not only were internal emails accessed, but also a number of other things including an employee only wiki-page with public data, as well as the database to see who has registered a certain domain. Hackers also accessed the Centralized Zone Data System (CZDS), which allows them access to user names, addresses, emails and other contact/personal data. While certainly the most troubling of them all, the passwords stolen in the CZDS breach were encrypted and not just sitting around as plain text entries.

The organization implemented improved security measures early this year, before the attack. The group now plans to implement additional security measures.

History


Deprecated: mb_convert_encoding(): Handling HTML entities via mbstring is deprecated; use htmlspecialchars, htmlentities, or mb_encode_numericentity/mb_decode_numericentity instead in /var/pipedot/include/diff.php on line 25

Deprecated: Creation of dynamic property FineDiff::$granularityStack is deprecated in /var/pipedot/lib/finediff/finediff.php on line 217

Deprecated: Creation of dynamic property FineDiff::$edits is deprecated in /var/pipedot/lib/finediff/finediff.php on line 218

Deprecated: Creation of dynamic property FineDiff::$from_text is deprecated in /var/pipedot/lib/finediff/finediff.php on line 219

Deprecated: Creation of dynamic property FineDiff::$last_edit is deprecated in /var/pipedot/lib/finediff/finediff.php on line 372

Deprecated: Creation of dynamic property FineDiff::$stackpointer is deprecated in /var/pipedot/lib/finediff/finediff.php on line 373

Deprecated: Creation of dynamic property FineDiff::$from_offset is deprecated in /var/pipedot/lib/finediff/finediff.php on line 375

Deprecated: Creation of dynamic property FineDiffReplaceOp::$fromLen is deprecated in /var/pipedot/lib/finediff/finediff.php on line 126

Deprecated: Creation of dynamic property FineDiffReplaceOp::$text is deprecated in /var/pipedot/lib/finediff/finediff.php on line 127

Deprecated: Creation of dynamic property FineDiffCopyOp::$len is deprecated in /var/pipedot/lib/finediff/finediff.php on line 155

Deprecated: Creation of dynamic property FineDiffInsertOp::$text is deprecated in /var/pipedot/lib/finediff/finediff.php on line 104
2014-12-19 10:05
ICANN gets hacked after employees hand out private data in phishing scam
evilviper@pipedot.org
ICANN has reported a major security breach. The organization, which is responsible for managing IP addresses (among other things) for the internet, was hacked late last month. Using basic spear phishing attacks, hackers managed to trick ICANN employees into giving up private credentials upon receiving emails that appeared to come from the organization itself. As a result, several internal systems have been breached.

ICANN reports that not only were internal emails accessed, but also a number of other things including an employee only wiki-page with public data, as well as the database to see who has registered a certain domain. Hackers also accessed the Centralized Zone Data System (CZDS), which allows them access to user names, addresses, emails and other contact/personal data. While certainly the most troubling of them all, the passwords stolen in the CZDS breach were encrypted and not just sitting around as plain text entries.

The organization implemented improved security measures early this year, before the attack. The group now plans to implement additional security measures.

U.S. officials previously announced plans to relinquish the federal government's control over managing the Internet to a "multistakeholder community" in March, following backlash over revelations about the National Security Agency's surveillance program. The cyber attack could fuel those wary of ICANN's transition to an international authority, who argue the move would compromise the safety of the Internet. Some opponents doubt the organization's ability to manage the Internet for the entire globe.
Reply 0 comments