ICANN, the global depository of Internet websites or domain names, has admitted that hackers have penetrated its systems using “spear fishing” in November and compromised staff e-mails, besides . However, it has clarified that the staff , whose emails have been hacked, did not have access to central data services and assured to beef up its security systems further.
ICANN (Internet Corporation for Assigned Names and Numbers), however, said its key arm Internet Assigned Numbers Authority, that keeps the Internet running smoothly, was not compromised. “The attack has not impacted any IANA-related systems. The ICANN staff members whose passwords were compromised did not have access to the IANA functions systems,” said ICANN in a statement.
The attack took place in November, ICANN said and it discovered in early December that the hackers had used the compromised credentials to access other ICANN systems’ emails, the Centralized Zone Data System (czds.icann.org), and the ICANN GAC Wiki (gacweb.icann.org).
The attacker obtained administrative access to all files in the CZDS, including copies of the zone files in the system, information entered by users such as name, postal address, email address, fax and telephone numbers, username, and password.
Although the passwords were stored as salted cryptographic hashes, “we have deactivated all CZDS passwords as a precaution. Users may request a new password at czds.icann.org. We suggest that CZDS users take appropriate steps to protect any other online accounts for which they might have used the same username and/or password. ICANN is providing notices to the CZDS users whose personal information may have been compromised,” said the global depository agency in its statement.
The attack on the ICANN GAC Wiki (gacweb.icann.org) penetrated the public information, the members-only index page and one individual user’s profile page, it said assuring that no other non-public content was viewed.
Hackers were also able to access and obtain user accounts on two other systems, the ICANN Blog (blog.icann.org) and the ICANN WHOIS (whois.icann.org) information portal, it said but quickly added “No impact was found to either of these systems.”
“Based on our investigation to date, we are not aware of any other systems that have been compromised, and we have confirmed that this attack does not impact any IANA-related systems,” it said.
ICANN said it has begun security enhancements in early this year to strengthen information security for all ICANN systems. “We believe these enhancements helped limit the unauthorized access obtained in the attack. Since discovering the attack, we have implemented additional security measures,” it said.
In an apologetic note, ICANN said, “We are providing information about this incident publicly, not just because of our commitment to openness and transparency, but also because sharing of cybersecurity information helps all involved assess threats to their systems.”
In another statement, ICANN clarified that the most important IANA functions are a separate system with additional security measures that have not been breached and all critical functions worked as usual during the hacking. “While the attackers were able to breach the outermost layer of defenses, our on-going investigation indicates our most critical systems were not affected,” it added.