Hackers phished ICANN employees to gain access to systems.
ICANN revealed today that its systems were compromised by a phishing attack.
The attack involved emails designed to look like they came from ICANN’s own domain name being sent to members of its staff. Email credentials of several ICANN staff members were obtained.
It appears the biggest system to be accessed as a result of the security breach was The Centralized Zone Data System (CZDS). This system is a repository for zone files from each registry, updated daily. Many bloggers use this system to download zone file data.
According to ICANN, the attacker gained access copies of the zone files in the system, as well as information entered by users such as name, postal address, email address, fax and telephone numbers, username and password. It says the passwords were stored as salted cryptographic hashes, but it has reset all passwords as a precaution.
Was CZDS the target of the attack, or was it just one of the few systems the attackers could access with the obtained credentials?
Given the current struggle over the transition of certain internet management functions away from the U.S. government, ICANN could become a target for future politically-motivated attacks. There could certainly be Sony-like emails that people would like to get their hands on.
The attack occurred in November, and ICANN discovered that the compromised credentials were used to access the CZDS in December. ICANN says notice of the issue was not delayed as a result of a law enforcement investigation.