The Broadband Guide
SG
search advanced
 Username:
 Password:
Register
 forgot password?

ICANN Targeted in Spear Phishing Attack

2014-12-18 09:57 by
Tags: , ,

 

The Internet Corporation for Assigned Names and Numbers (ICANN) was a victim of a "spear phishing" attack in November. By sending fake emails to ICANN's staff members, attackers were able to get their usernames and passwords. The emails appeared to come from icann.org. Employees were tricked to click on a link in the messages and to log in with their work credentials.

Having those details, the hackers apparently accessed a number of systems within ICANN, including the wiki pages of the Governmental Advisory Committee (GAC), the domain registration Whois portal, and the organization's blog. Probably the most important system that was accessed was the Centralized Zone Data System (CZDS). It is a repository for zone files from each registry, updated daily. Many bloggers use this system to download zone file data.

"The attacker obtained administrative access to all files in the CZDS. This included copies of the zone files in the system, as well as information entered by users such as name, postal address, email address, fax and telephone numbers, username, and password. Although the passwords were stored as salted cryptographic hashes, we have deactivated all CZDS passwords as a precaution. Users may request a new password at czds.icann.org. We suggest that CZDS users take appropriate steps to protect any other online accounts for which they might have used the same username and/or password. ICANN is providing notices to the CZDS users whose personal information may have been compromised," ICANN said in a statement.

"We are providing information about this incident publicly, not just because of our commitment to openness and transparency, but also because sharing of cybersecurity information helps all involved assess threats to their systems," ICANN added.

Earlier this year ICANN had implemented enhanced security measures, which likely helped prevent further damage from the attack.

Read more -here-

 

  Post your review/comments
    rate:
   avg:
comment discuss top
News Glossary of Terms FAQs Polls Cool Links SpeedGuide Teams SG Premium Services SG Gear Store
Registry Tweaks Broadband Tools Downloads/Patches Broadband Hardware SG Ports Database Security Default Passwords User Stories
Broadband Routers Wireless Firewalls / VPNs Software Hardware User Reviews
Broadband Security Editorials General User Articles Quick Reference
Broadband Forums General Discussions
Advertising Awards Link to us Server Statistics Helping SG About