ICANN Systems Infiltrated in “Spear Phishing” Attack

The nonprofit group that helps keep key elements of the internet moving had some of its key systems attacked in a sophisticated hacking attempt. While emails and user information was accessed, the most important system that ICANN controls was never in danger.

Key systems of ICANN, the nonprofit that governs internet domain names, were attacked this month in a sophisticated hacking attempt.

The organization responsible for doling out the internet’s domain names was the target of some unwelcome attention earlier this month.

The Internet Corporation for Assigned Names and Numbers (ICANN), a nonprofit group that—with the U.S. government’s blessing—manages the internet’s underlying infrastructure, announced on Wednesday that its internal systems had been compromised. Evidence pointed to a sophisticated “spear phishing” attack.

Spear phishing is a targeted attack, often involving a link sent through email or another source, that is meant to infiltrate a system through trickery. ICANN says  employees were targeted by “email messages that were crafted to appear to come from our own domain being sent to members of our staff.”

The attack, which was discovered in early December, affected three of ICANN’s systems: its internal email infrastructure; the members-only wiki for the ICANN Governmental Advisory Committee; and, most seriously, the Centralized Zone Data System (CZDS). That breach allowed attackers to access zone files for domains in its systems, “as well as information entered by users such as name, postal address, email address, fax and telephone numbers, username, and password.”

While CZDS information was encrypted, ICANN took precautionary steps to protect users, including deactivating all passwords associated with the system.

“We suggest that CZDS users take appropriate steps to protect any other online accounts for which they might have used the same username and/or password,” the group stated. “ICANN is providing notices to the CZDS users whose personal information may have been compromised.”

One system not affected by the breach was the Internet Assigned Numbers Authority, which manages key parts of the Domain Name System used by the internet. The group noted that “all critical functions hosted by ICANN, including the IANA functions, remained fully operational and unaffected by the attacker’s activities.”

ICANN said it announced the data breach in the interest of openness, transparency, and helping others assess data threats.


Ernie Smith

By Ernie Smith

Ernie Smith is a former senior editor for Associations Now. MORE

Got an article tip for us? Contact us and let us know!