Dear Visitor,

Our system has found that you are using an ad-blocking browser add-on.

We just wanted to let you know that our site content is, of course, available to you absolutely free of charge.

Our ads are the only way we have to be able to bring you the latest high-quality content, which is written by professional journalists, with the help of editors, graphic designers, and our site production and I.T. staff, as well as many other talented people who work around the clock for this site.

So, we ask you to add this site to your Ad Blocker’s "white list" or to simply disable your Ad Blocker while visiting this site.

Continue on this site freely
  HOME     MENU     SEARCH     NEWSLETTER    
CUSTOMER RELATIONSHIP MANAGEMENT NEWS. UPDATED 2 MINUTES AGO.
You are here: Home / Network Security / Just How Bad Was the ICANN Breach?
Just How Bad Was the ICANN Database Breach?
Just How Bad Was the ICANN Database Breach?
By Jennifer LeClaire / CRM Daily Like this on Facebook Tweet this Link thison Linkedin Link this on Google Plus
PUBLISHED:
DECEMBER
18
2014
The Internet Corp. for Assigned Names and Numbers (ICANN) has been hacked. The nonprofit organization that manages several databases of domain names is investigating a system intrusion that compromised its domain name servers.

ICANN described what it classified as a spear phishing attack that started in late November. Norton defines spear phishing as e-mail that appears to be from an individual or business that you know, but it's really from criminal hackers who want to steal your credit card or bank account numbers, passwords, and financial information.

"It involved e-mail messages that were crafted to appear to come from our own domain being sent to members of our staff," ICANN said. "The attack resulted in the compromise of the e-mail credentials of several ICANN staff members."

What Was Compromised?

ICANN said it discovered early this month that the compromised credentials were used to access other ICANN systems besides e-mail. Specifically, hackers infiltrated the Centralized Zone Data System (CZDS), which provides a centralized access point for interested parties to request access to the Zone Files provided by participating Top Level Domains. Zone files contain data describing a portion of the domain name space for specific top-level domains.

"The attacker obtained administrative access to all files in the CZDS. This included copies of the zone files in the system, as well as information entered by users such as name, postal address, email address, fax and telephone numbers, username, and password," ICANN said.

"Although the passwords were stored as salted cryptographic hashes, we have deactivated all CZDS passwords as a precaution. Users may request a new password at czds.icann.org. We suggest that CZDS users take appropriate steps to protect any other online accounts for which they might have used the same username and/or password. ICANN is providing notices to the CZDS users whose personal information may have been compromised."

Hackers also found a way into the ICANN Governmental Advisory Committee Wiki, which provides advice to ICANN on issues of public policy, and especially where there may be an interaction between ICANN's activities or policies and national laws or international agreements. Finally, ICANN reported unauthorized access to user accounts on two other systems, the ICANN Blog and the ICANN WHOIS (whois.icann.org) information portal.

Could Have Been Worse

We caught up with Tyler Reguly, manager of security research at Tripwire, to get his thoughts on the attack. He told us it's a great reminder that spear-phishing is a serious issue and targeted attacks are quite common. With the holidays upon and more e-mail spam, tracking and delivery notifications, and invoices appearing in our mailboxes due to increases in online shopping, he said we need to be hyper-vigilant about what we click.

"While any breach should be considered serious, the breach at ICANN is not as bad as it could have been. All user passwords have been reset, and should the attackers act on the stolen salted hashes, hopefully users will not have reused passwords from other Web sites," Reguly said.

"It is, of course, advisable that users of the Centralized Zone Data System reset their passwords if they were reused elsewhere. While the zone file copies contain useful information, much of that information will be available via other means, limiting the impact that any data exfiltration may have."

Tell Us What You Think
Comment:

Name:

Like Us on FacebookFollow Us on Twitter
MORE IN NETWORK SECURITY

NETWORK SECURITY SPOTLIGHT
A security researcher has found that hundreds of different models of HP notebooks, tablets, and other devices include a keylogger that could track and record every keystroke a user makes.

CRM DAILY
NEWSFACTOR NETWORK SITES
NEWSFACTOR SERVICES
© Copyright 2017 NewsFactor Network. All rights reserved. Member of Accuserve Ad Network.