Dear Visitor,

Our system has found that you are using an ad-blocking browser add-on.

We just wanted to let you know that our site content is, of course, available to you absolutely free of charge.

Our ads are the only way we have to be able to bring you the latest high-quality content, which is written by professional journalists, with the help of editors, graphic designers, and our site production and I.T. staff, as well as many other talented people who work around the clock for this site.

So, we ask you to add this site to your Ad Blocker’s "white list" or to simply disable your Ad Blocker while visiting this site.

Continue on this site freely
You are here: Home / World Wide Web / Just How Bad Was the ICANN Breach?
Just How Bad Was the ICANN Database Breach?
Just How Bad Was the ICANN Database Breach?
By Jennifer LeClaire / CRM Daily Like this on Facebook Tweet this Link thison Linkedin Link this on Google Plus
The Internet Corp. for Assigned Names and Numbers (ICANN) has been hacked. The nonprofit organization that manages several databases of domain names is investigating a system intrusion that compromised its domain name servers.

ICANN described what it classified as a spear phishing attack that started in late November. Norton defines spear phishing as e-mail that appears to be from an individual or business that you know, but it's really from criminal hackers who want to steal your credit card or bank account numbers, passwords, and financial information.

"It involved e-mail messages that were crafted to appear to come from our own domain being sent to members of our staff," ICANN said. "The attack resulted in the compromise of the e-mail credentials of several ICANN staff members."

What Was Compromised?

ICANN said it discovered early this month that the compromised credentials were used to access other ICANN systems besides e-mail. Specifically, hackers infiltrated the Centralized Zone Data System (CZDS), which provides a centralized access point for interested parties to request access to the Zone Files provided by participating Top Level Domains. Zone files contain data describing a portion of the domain name space for specific top-level domains.

"The attacker obtained administrative access to all files in the CZDS. This included copies of the zone files in the system, as well as information entered by users such as name, postal address, email address, fax and telephone numbers, username, and password," ICANN said.

"Although the passwords were stored as salted cryptographic hashes, we have deactivated all CZDS passwords as a precaution. Users may request a new password at We suggest that CZDS users take appropriate steps to protect any other online accounts for which they might have used the same username and/or password. ICANN is providing notices to the CZDS users whose personal information may have been compromised."

Hackers also found a way into the ICANN Governmental Advisory Committee Wiki, which provides advice to ICANN on issues of public policy, and especially where there may be an interaction between ICANN's activities or policies and national laws or international agreements. Finally, ICANN reported unauthorized access to user accounts on two other systems, the ICANN Blog and the ICANN WHOIS ( information portal.

Could Have Been Worse

We caught up with Tyler Reguly, manager of security research at Tripwire, to get his thoughts on the attack. He told us it's a great reminder that spear-phishing is a serious issue and targeted attacks are quite common. With the holidays upon and more e-mail spam, tracking and delivery notifications, and invoices appearing in our mailboxes due to increases in online shopping, he said we need to be hyper-vigilant about what we click.

"While any breach should be considered serious, the breach at ICANN is not as bad as it could have been. All user passwords have been reset, and should the attackers act on the stolen salted hashes, hopefully users will not have reused passwords from other Web sites," Reguly said.

"It is, of course, advisable that users of the Centralized Zone Data System reset their passwords if they were reused elsewhere. While the zone file copies contain useful information, much of that information will be available via other means, limiting the impact that any data exfiltration may have."

Tell Us What You Think


Like Us on FacebookFollow Us on Twitter

Over the past decade, hospitals have been busy upgrading their systems from paper to electronic health records. Unfortunately, spending so much on EHR may have left insufficient funds for security.
The British government officially blamed Russia for waging the so-called NotPetya cyberattack that infected computers across Ukraine before spreading to systems in the U.S. and beyond.
© Copyright 2018 NewsFactor Network. All rights reserved. Member of Accuserve Ad Network.