ICANN, the Internet's Governing Body was Recently Hacked Too

[dgstorm]

Sony wasn't the only large entity that was hacked recently. In fact, the other hacking target should be a greater concern for most of us than Sony, yet it has received very little press. ICANN, the governing body behind the database of domain names and IP addresses across the web was also recently hacked.

Supposedly, their employees were tricked by a phishing attack that exposed email login info, which resulted in the theft of Administrative access to all the files in the Centralized Zone Data System and much more. If that doesn't have you quaking in your boots, then it should. Here's a quote with more of the details,

[This breach]...granted the hackers access to unalterable generic zone files (what're needed to resolve domain names to IP addresses), and gifted them with contact information for, among others, some of the world's registry administrators. Passwords were stored as "salted cryptographic hashes," but ICANN deactivated them as a precaution anyway. The firm's wiki was breached too, but aside from public information, a members-only index page and one user's profile, no other private data was viewed.

A few other areas were breached as well, like the organization's blog and WHOIS page, but the company doesn't seem too worried about those, saying neither were impacted after discovering the breach this month. The outfit, for its part, claims its new security measures aided in keeping unauthorized access to a minimum. ICANN also says that nothing else has been compromised either, including Internet Assigned Numbers Authority which keeps the web running in ship shape.

If the folks who run the "core of the internet" can be tricked into this level of hack, then the entire globe needs to rethink the way we handle security on the Internet, or things could start getting really ugly really fast.

Source: Engadget

 

[FoxKat]

The employees who were tricked were probably lower level staff who are simply clerical or administrative, but with sufficient data clearance to gain access to the information. The IT department wouldn't (I certainly hope), fall for such a phishing attack.

 

[thunderbolt_nick]

The employees who were tricked were probably lower level staff who are simply clerical or administrative, but with sufficient data clearance to gain access to the information. The IT department wouldn't (I certainly hope), fall for such a phishing attack.

This kind of talk makes me worry about the company I work for. I'm not saying anybody is stupid, but we try to have seminars every other week to help educate us on the importance of not only customer and company privacy but our own. These are the types of seminars though that I look around and people are immediately on their phones...That's the point of this seminar -_- Even though we are all tech support some of us are not IT trained at all and that scares me because of attacks like at ICANN.