Spear phished’: Hackers attack internet overlord ICANN

Don't let him in


ICANN, the US-based overseer of the internet structure and naming system, has fallen victim to hackers who impersonated employees to gain access to confidential data.

“ICANN is investigating a recent intrusion into our systems. We believe a ‘spear phishing’ attack was initiated in late November 2014. It involved email messages that were crafted to appear to come from our own domain being sent to members of our staff,” said a statement published on the ICANN website.

Spear phishing – the forging of trusted communication to access private data – is a popular fraud and hacking technique, and has been famously used by the Syrian Electronic Army to hijack the social media accounts of some of the most prominent media organizations in the world. It may also have been implicated in the unsolved but devastating attack on Sony Pictures last month.

In its most open form, it can be a letter asking someone to change their password, on what turns out to be a fake site, though often hackers can disguise the moment data is transferred out of safe hands, for example by creating indistinguishable fake login pages.

Los Angeles-based ICANN, or the Internet Corporation for Assigned Names and Numbers, is responsible for handling the majority of internet domain names, making sure they can be universally accessed from any computer in the world, and that they avoid technological and property conflicts.

ICANN headquarters (Image from wikipedia.org)

ICANN headquarters (Image from wikipedia.org)

As well as accessing internal emails, the intruders were able to gain access to the Centralized Zone Data Service (CZDS) – the database that contains the zone files, which map the path between the IP address, the identification of a computer hosting data, and the name of the domain. Millions of websites have their zone files, and additional data, stored and managed by ICANN.

“The attacker obtained administrative access to all files in the CZDS. This included copies of the zone files in the system, as well as information entered by users such as name, postal address, email address, fax and telephone numbers, username, and password. Although the passwords were stored as salted cryptographic hashes, we have deactivated all CZDS passwords as a precaution,” said ICANN.

While the hack may not have led to any harmful fraud at this point, the internal data obtained by the hackers can be used for future scams, whether through ‘spear phishing’ or other means.

Due to its technical function, ICANN generally flew under the radar during the early years of the web, but has recently become an international political football. As the internet has spread across the world, officials have become riled that such an important role is performed by an unaccountable US-based body.

Barack Obama has attempted to transition ICANN into a more international organization. But the Republican-dominated Congress, worried about countries with rival political systems getting to dictate the rules of the internet, has just barred the federal government from using its funds to change the status of the organization in its ‘Cromnibus’ budget bill.