[prev in list] [next in list] [prev in thread] [next in thread] 

List:       dns-operations
Subject:    [dns-operations] zdnet blog: ICANN and IANA's domains hijacked by Turkish	hacking group
From:       bortzmeyer () nic ! fr (Stephane Bortzmeyer)
Date:       2008-07-04 8:11:46
Message-ID: 20080704081146.GA7088 () nic ! fr
[Download RAW message or body]

On Fri, Jun 27, 2008 at 07:49:53PM +0000,
 Duane Wessels <wessels at dns-oarc.net> wrote 
 a message of 13 lines which said:

> http://blogs.zdnet.com/security/?p=1356 says:
> 
> The official domains of ICANN, the Internet Corporation for Assigned
> Names and Numbers, and IANA, the Internet Assigned Numbers Authority
> were hijacked earlier today, ...
> 
> Anyone have more details?

Not a lot of details but more authoritative than ZDnet. The registrars
are typically the weakest link:

http://www.icann.org/en/announcements/announcement-03jul08-en.htm


Response to Recent Security Threats

3 July 2008

ICANN has been the recent target of an online attacks. This announcement provides \
more information on those attacks and ICANN's response to them.

As has been widely reported, a number of domain names, including icann.com and \
iana.com were recently redirected to different DNS servers, allowing a group to \
provide visitors to those domains with their own website.

The domains in question are used only as mirrors for ICANN and IANA's main websites. \
The organizations' actual websites at icann.org and iana.org were unaffected.

The DNS redirect was a result of an attack on ICANN's registrar's systems. A full, \
confidential, security report from that registrar has since been provided to ICANN \
with respect to this attack.

It would appear the attack was sophisticated, combining both social and technological \
techniques, but was also limited and focused. The redirect was noticed and corrected \
within 20 minutes; however it may have taken anywhere up to 48 hours for the redirect \
to be entirely removed from the Internet.

ICANN is confident that the lessons learned and new security measures since \
introduced will ensure there is not a repeat of this situation in future. ICANN's \
Security and Stability Advisory Committee (SSAC) is considering the issue of access \
to domain names through registrars as a priority research topic. The results of that \
work will be made available through the usual channels.

In a separate and unrelated incident a few days later, attackers used a very recent \
exploit in popular blogging software Wordpress to target the ICANN blog. The attack \
was noticed immediately and the blog taken offline while an analysis was run. That \
analysis pointed to an automated attack. The blogging software has since been patched \
and no wider impact (except the disappearance of the blog while the analysis was \
carried out) was noted. In response to the attacks, ICANN has started an internal \
review of its existing security procedures to see if there are any lessons that can \
be learnt and to make any improvements necessary. Full reports on both incidents have \
been provided to law enforcement agencies.


[prev in list] [next in list] [prev in thread] [next in thread]