ICANN, the Internet's Governing Body was Recently Hacked Too

dgstorm

Editor in Chief
Staff member
Premium Member
Joined
Dec 30, 2010
Messages
10,991
Reaction score
3,961
Location
Austin, TX
icann-hacked.jpg

Sony wasn't the only large entity that was hacked recently. In fact, the other hacking target should be a greater concern for most of us than Sony, yet it has received very little press. ICANN, the governing body behind the database of domain names and IP addresses across the web was also recently hacked.

Supposedly, their employees were tricked by a phishing attack that exposed email login info, which resulted in the theft of Administrative access to all the files in the Centralized Zone Data System and much more. If that doesn't have you quaking in your boots, then it should. Here's a quote with more of the details,

[This breach]...granted the hackers access to unalterable generic zone files (what're needed to resolve domain names to IP addresses), and gifted them with contact information for, among others, some of the world's registry administrators. Passwords were stored as "salted cryptographic hashes," but ICANN deactivated them as a precaution anyway. The firm's wiki was breached too, but aside from public information, a members-only index page and one user's profile, no other private data was viewed.

A few other areas were breached as well, like the organization's blog and WHOIS page, but the company doesn't seem too worried about those, saying neither were impacted after discovering the breach this month. The outfit, for its part, claims its new security measures aided in keeping unauthorized access to a minimum. ICANN also says that nothing else has been compromised either, including Internet Assigned Numbers Authority which keeps the web running in ship shape.

If the folks who run the "core of the internet" can be tricked into this level of hack, then the entire globe needs to rethink the way we handle security on the Internet, or things could start getting really ugly really fast.

Source: Engadget
 

FoxKat

Premium Member
Premium Member
Joined
Apr 2, 2010
Messages
14,651
Reaction score
4,703
Location
Pennsylvania
Current Phone Model
Droid Turbo 2 & Galaxy S7
The employees who were tricked were probably lower level staff who are simply clerical or administrative, but with sufficient data clearance to gain access to the information. The IT department wouldn't (I certainly hope), fall for such a phishing attack. o_O
 

thunderbolt_nick

Thunderbolt Rescue Squad
Rescue Squad
Joined
Nov 22, 2011
Messages
1,185
Reaction score
609
Location
Orlando, FL
Website
www.nickburress.com
Current Phone Model
Nexus 6P
Twitter
@nickburress2k2
The employees who were tricked were probably lower level staff who are simply clerical or administrative, but with sufficient data clearance to gain access to the information. The IT department wouldn't (I certainly hope), fall for such a phishing attack. o_O

This kind of talk makes me worry about the company I work for. I'm not saying anybody is stupid, but we try to have seminars every other week to help educate us on the importance of not only customer and company privacy but our own. These are the types of seminars though that I look around and people are immediately on their phones...That's the point of this seminar -_- Even though we are all tech support some of us are not IT trained at all and that scares me because of attacks like at ICANN.
 
Top