Hackers used spear-phishing to infiltrate the computer network of ICANN where they access sensitive credentials that could potentially break the backbone of the internet.
Hackers warmed their way into the computer network of Internet Corporation for Assigned Names & Numbers (ICANN), a US based organization for handling domain names. The attackers through a spear-phishing campaign obtained legitimate login credentials and masqueraded as employees of ICANN.
“We believe a ‘spear phishing’ attack was initiated in late November 2014. It involved email messages that were crafted to appear to come from our own domain being sent to members of our staff,” read a statement on ICANN website.
Spear-phishing is a decade-old hackers’ tool that employs social engineering tactics to lure users into giving out their password and username. Usually, its start with a bogus email allegedly from a service provider such as your bank, asking you to update some information or correct a problem with your account. Typical phishing emails contain embedded links leading to spoofed websites designed to steal the user’s login credentials. The attacker later uses the harvested login credential to access the legit site such as ICANN.
On a normal day, ICANN facilitates the smooth working of the internet by ensuring millions of domain names under its belt are easily accessed by computers around the world without any technical hitch. Data relating to its operation also known Zone files are stored in a database, Centralized Zone Data Service (CZDS), which was apparently infiltrated by the attackers.
“The attacker obtained administrative access to all files in the CZDS. This included copies of the zone files in the system, as well as information entered by users such as name, postal address, email address, fax and telephone numbers, username, and password. Although the passwords were stored as salted cryptographic hashes, we have deactivated all CZDS passwords as a precaution,” said ICANN.
Hackers also managed to infiltrate other important ICANN systems including the wiki pages of ICANN Governmental Advisory Committee (GAC), Whois domain registration portal and the official ICANN blog. Fortunately, the intrusion did not spill over to the systems of Internet Assigned Numbers Authority (IANA), where actual management of DNS root Zone takes place.
“Based on our investigation to date, we are not aware of any other systems that have been compromised, and we have confirmed that this attack does not impact any IANA-related systems,” ICANN stated.
Meanwhile, data stolen from ICANN’s system pose a relative low threat to internet users considering that most of it was highly encrypted. That notwithstanding, hackers could use such information to wage future attacks and it’s thus advisable for ICANN clients’ to change their passwords as fast as humanly possible.
ICANN assured its users the situation is under control, adding that the Company has “implemented additional security measures” to shore up its defense, an addition to the existing Security enhancements launched earlier this year.
The hack comes in a week when US security agencies have been up in arms warning users about cyber threats from online phishing scams. It also comes amid another high profile hack on Sony Pictures that leaked personal information of Hollywood stars. Security Experts have hailed ICANN for coming out clean on an incident that could potentially break the internet.