ICANN targeted by Spear Phishing attack, several systems impacted

ICANN says that multiple employees had their credentials compromised

security phishing hook
Credit: Thinkstock

ICANN posted details of a recent network intrusion on Tuesday, which originated from a Spear Phishing attack.

Those responsible spoofed the ICANN domain, and fooled several employees into revealing their network credentials.

According to ICANN, one of the first things the attackers did was compromise the Centralized Zone Data System (CZDS):

"The attacker obtained administrative access to all files in the CZDS. This included copies of the zone files in the system, as well as information entered by users such as name, postal address, email address, fax and telephone numbers, username, and password. Although the passwords were stored as salted cryptographic hashes, we have deactivated all CZDS passwords as a precaution."

In addition to the CZDS, the attackers were also able to access the ICANN GAC Wiki, which contained public information. However, only one member's profile page was viewed.

There was also unauthorized access to two other systems, the ICANN blog and the ICANN WHOIS information portal. Investigators have said that there was no impact to either of these systems.

"Based on our investigation to date, we are not aware of any other systems that have been compromised, and we have confirmed that this attack does not impact any IANA-related systems.

"Earlier this year, ICANN began a program of security enhancements in order to strengthen information security for all ICANN systems. We believe these enhancements helped limit the unauthorized access obtained in the attack. Since discovering the attack, we have implemented additional security measures."

The attack was initiated in late November and detected in early December.

There's a good deal of concern that ICANN could be the target of future attacks, given the state of Internet policy and the battle that's taking place over transition of various Internet management functions from the U.S. government.

If that were to happen, the first thing at risk would be the internal communications and policy memos, as well as email spools.

To comment on this article and other CSO content, visit our Facebook page or our Twitter stream.
Insider: Hacking the elections: myths and realities
Notice to our Readers
We're now using social media to take your comments and feedback. Learn more about this here.