ICANN admits falling victim to phishing attack

Thursday 18 December 2014 10:59 CET | News

The Internet Corporation for Assigned Names and Numbers (ICANN) has fallen victim to a phishing attack.

The attack allowed hackers to gain administrative access to some of the organisations systems. Attackers sent phishing e-mails disguised as internal ICANN communications to staff members, and were successful in capturing the e-mail credentials of several employees which were then used to compromise other systems.

One of the systems attackers were able to access was ICANNs centralised zone data service (CZDS), which is used by domain registries to request access to DNS root zone files. As a result, user account details such as e-mail addresses and passwords, as well as the zone files, were compromised.

ICANN said it stored passwords as salted cryptographic hashes, but it had deactivated all CZDS passwords regardless as a precaution. The organisation said it had not found any evidence that Internet Assigned Numbers Authority (IANA) systems - which manage unique names and numbers - had been compromised.

Free Headlines in your E-mail

Every day we send out a free e-mail with the most important headlines of the last 24 hours.

Subscribe now

Keywords: ICANN, phishing attack, web fraud, online security, digital identity
Categories: Fraud & Financial Crime
Countries: World
This article is part of category

Fraud & Financial Crime

Industry Events