Slashdot Mirror

← Back to Stories (view on slashdot.org)

ICANN Loses Control of Its Own Domain Names

Posted by Soulskill on from the heal-thyself dept.

NotNormallyNormal writes "CBC picked up an AP story about ICANN recently losing control over two of their domain names on Thursday, June 26. A domain registrar run by the group transferred the domains to someone else. ICANN's press release had this to say: 'As has been widely reported, a number of domain names, including icann.com and iana.com were recently redirected to different DNS servers, allowing a group to provide visitors to those domains with their own website. It would appear the attack was sophisticated, combining both social and technological techniques, but was also limited and focused.' Comcast has had similar troubles lately as well."

26 of 61 comments (clear)

  1. Might be good for something by Calydor · · Score: 3, Insightful

    Maybe this'll show them what needs to be changed in the system. Also, err, first post? How?

    --
    -=This sig has nothing to do with my comment. Move along now=-
    1. Re:Might be good for something by Mike89 · · Score: 4, Funny

      Also, err, first post? How?

      I hear a group of rogue trolls tricked ICANN into making Slashdot.org resolve to goatse.cx. You must've come back at the right time (or wrong time, depending on whether you're into the kind of stuff ;))

  2. In a perfect world by ShakaUVM · · Score: 4, Funny

    In a perfect world, this would serve as a wake-up call to ICANN that the current domain name policies are hideously flawed.

    Of course, their heads are so far up their collective asses, though, that they'll just say it was an awesome example of domain tasting by a third party, and all part of the glorious monstrosity they have birthed.

  3. HaHa by soundguy · · Score: 5, Funny

    Ha Ha

    /nelson

    --
    Nothing worthwhile ever happens before noon
    1. Re:HaHa by Anonymous Coward · · Score: 2, Insightful

      Memes like the nelson laugh, beowulf cluster, soviet russia, etc are redundant because we get them all the time.

    2. Re:HaHa by Anonymous Coward · · Score: 2, Funny

      Mentioning that those memes are redundant is redundant because it gets mentioned all the time ;)

  4. Sophisticated ? by stephanruby · · Score: 4, Informative

    It's obvious they didn't follow their own rules by providing valid whois contact information.

    1. Re:Sophisticated ? by Anonymous Coward · · Score: 5, Insightful

      ICANN, as far as I can tell, does not follow rules. Their one and only purposes seems to be to enrich the members of its board. As a result, we have a stagnant generic TLD system with new proposals, etc being designed to extract cash for them rather than benefit the world. I have no problem with them getting hacked -- throws a spotlight on their arrogance and corruption.

      ICANN'T do anything to help the world because I am too busy getting paid.

    2. Re:Sophisticated ? by kimba · · Score: 3, Insightful

      Perhaps you can explain what is not valid in the WHOIS information for these domains?

  5. Social Engineering to Take Over Entire TLDs by Ron+Bennett · · Score: 4, Interesting

    When I first read this news several days ago, I thought it was referring to the root servers ...

    What most don't know is that the TLDs (ie. com, .net, etc) themselves are registered in much the same manner as 2nd level domains are ... see the TLD Whois: http://whois.iana.org/

    The major TLDs (.com, .net, etc) are relatively safe, since any changes would likely be difficult to get through - with any changes quickly noticed ... as in within minutes, or even seconds; likely wouldn't even be that effective, since the most popular TLDs zone dns entries are heavily cached.

    However, ccTLDs are a different story completely, since ccTLD zone name server changes are more common and thus such change requests would be far less scrutinized.

    I've never heard of any TLD being hijacked, but could likely be easily done, since the social engineering involved would be very similar. A frightening prospect.

    Ron

    1. Re:Social Engineering to Take Over Entire TLDs by jabley · · Score: 2, Informative

      The major TLDs (.com, .net, etc) are relatively safe, since any changes would likely be difficult to get through - with any changes quickly noticed ... as in within minutes, or even seconds; likely wouldn't even be that effective, since the most popular TLDs zone dns entries are heavily cached.

      However, ccTLDs are a different story completely, since ccTLD zone name server changes are more common and thus such change requests would be far less scrutinized.

      I've never heard of any TLD being hijacked, but could likely be easily done, since the social engineering involved would be very similar.

      Changes to TLD nameservers need to pass human inspection at the IANA, human inspection at the US Department of Commerce, and human inspection at Verisign (who provide maintenance for the root zone). This is in stark contrast to the largely mechanical process by which domains in gTLD and ccTLD registries are modified.

      Requests to change entire NS sets (as opposed to simply dropping a couple and adding a couple of other nameservers) are typically stalled early in the process while the IANA requests justification for why the entire set is being changed at once.

      Hijacking a TLD would require a lot more social engineering than your note suggests.

  6. URL by thedrx · · Score: 5, Funny

    http://www.cbc.ca/technology/story/2008/07/04/icann-pwned.html

    Anyone else think the URL is hilarious?

    1. Re:URL by Hatkirby · · Score: 2, Funny

      It is! Very strange.... Now, you need to ask yourself, Did they pick that out themselves or did Wordpress (or whatever) generate it for them? *giggle*

      --
      Four
  7. Why do we need registrars? by jibjibjib · · Score: 2, Interesting

    Why do registrars even have to exist? And why does ICANN need to pay other companies to run the actual DNS infrastructure? If ICANN ran .com, .org and .net itself, and there were no registrars/resellers, and every time someone paid for a domain all the money went straight to ICANN, surely ICANN would have enough money to run all the DNS infrastructure itself very well. Then we wouldn't have to deal with all the dodgy things that registries and registrars do, like Verisign's "Site Finder", and various slightly evil registrars stealing domains, and various registrars being incredibly insecure and transferring domains to hackers without proper authentication.

    1. Re:Why do we need registrars? by tokul · · Score: 2, Insightful

      ICANN would have enough money to run all the DNS infrastructure itself very well.

      They will have less money, if they have to support the DNS infrastructure.

    2. Re:Why do we need registrars? by kvezach · · Score: 4, Insightful

      If they did that, it'd be Network Solutions all over again. Remember their exorbitant monopoly prices when they were the only shop in town? Like that.

  8. Re:ICAN'T by Hal_Porter · · Score: 2, Funny

    ICANN needs to be ICANNED?

    Thanks! Try the veal and tip your waitress!

    --
    echo -e 'global _start\n _start:\n mov eax, 2\n int 80h\n jmp _start' > a.asm; nasm a.asm -f elf; ld a.o -o a;
  9. Re:You pay for *incoming* messages? What the... by GradiusCVK · · Score: 4, Funny

    here comes the -1, I don't get it / -1, I don't like you

    No, I'd say -1 Offtopic is sufficient, no need to invent new reasons to mod you down :-)

  10. No problem! by Veggiesama · · Score: 4, Funny

    They had no problem getting the domains back. They just kept saying to themselves, "I think ICANN! I think ICANN!"

  11. ICANN and IANA it's been a stormy affair by Magdalene · · Score: 2, Interesting

    well, Without them There wouldn't be an internet, for one.

    After reading their news release, this goes from "whoo 31337 h4x0r5 shr R Sm4r7" to disgruntaled soon to be ex employee getting he and and all his friends 12 year domains for free for as long as the DNS record is changed. It was an inside job by someone who had access to the Registrar's internal network.

    Whoever made the change knew the system and how ICANN and IANA work, and also knew that ICANN can not really say 'well if you got your domain during this 'attack' we want you to pay us some more money' although they may try that. Legally, I am pretty sure it wouldn't stand up to a challenge in court.

    Its nice to have a topic where my 2 cents actually mean something finally.

    -MnM

    Domain Despute Goddess before the fall.plain old tech goddess afterwards ;)

    --
    -Magdalene --"there are 10 types of people in the world, those who read binary, and those who don't"
  12. The quality of Journalism? by Conficio · · Score: 4, Insightful

    Hmm, in the CBC article is says "Visitors to those addresses are normally redirected automatically to the organization's main sites at ICANN.org and IANA.org, neither of which was affected by the attack."

    What is to *re*direct here? DNS is there to translate domain names into IP addresses. It does not have any *re*direction mechanisms. Redirection is a feature of the HTTP protocol and would require to compromise the web-server (which they state has not happened.)

    I wonder, Is this simply a typo or does the journalist/editor not understand what (s)he is writing about (and has no references to have this proof read)?

    I'm rather vary, because I see such factual errors often in widely read media, written and edited by journalists. Sometimes I see even "experts" quoted with wrong statements. How does this reflect on news that I don't know so much about that I can spot the factual errors?

    --
    Busy helping non technical users of OpenOffice.org - http://plan-b-for-openoffice.org/
    1. Re:The quality of Journalism? by multipartmixed · · Score: 2, Insightful

      Being directed and being redirected are REALLY subtle differences in the mind of a techno-plebe. And no, in Canada, there is no requirement for journalists to hold CS degrees.

      So, when something's directed to one place, and then directed to another place, it's not strange for a reporter to assume that it was redirected, as opposed to newly directed.

      --

      Do daemons dream of electric sleep()?
    2. Re:The quality of Journalism? by Conficio · · Score: 2, Insightful

      Not to talk to myself, but I just also read the "press release" from ICANN. It says the same things "icann.com and iana.com were recently redirected to different DNS servers." How can that be?

      The press release also talks about "The domains in question are used only as mirrors for ICANN and IANA's main websites." Well, as of today the domains and the www.... simply point to the same web IP address, which is presumably served by the same server. In my book this is hardly a mirror, which would imply it is somewhat fault tolerant.

      Also, the press release implies that only web servers where affected. However if the whole domain got routed to a different DNS server, the attackers also had ability to change the MX record, which routes mail for this domain. Did they not realize this? Or did they just not want to talk about it in their press release?

      I conclude the journalists where even mislead by the official press release, which does not excuse that they did not check the content.

      --
      Busy helping non technical users of OpenOffice.org - http://plan-b-for-openoffice.org/
    3. Re:The quality of Journalism? by Phroggy · · Score: 2, Interesting

      You're being deliberately pedantic. I thought it was perfectly clear exactly what they meant:

      Normally, A records for icann.com, www.icann.com, iana.com, www.iana.com and similar FQDNs point to IP addresses of web servers that are configured to send an HTTP redirect (via the Location header) that tells the browser to request e.g. http://www.icann.org/ if http://www.icann.com/ had been originally requested.

      While more technically specific, this takes a lot more words to say than "Visitors to those addresses are normally redirected automatically to the organization's main sites at ICANN.org and IANA.org." But we all know what they meant, and anyone who doesn't know what they meant probably doesn't care. So why explain the details?

      --
      $x='S24;r)>63/* h@<5+oZ)32"5cz';$me='phroggy'x$];
      $x=~y+ -xz+\0-Tx+;print$_^chop$me for split'',$x;
    4. Re:The quality of Journalism? by Alarash · · Score: 2, Insightful

      "simply point to the same web IP address, which is presumably served by the same server. In my book this is hardly a mirror, which would imply it is somewhat fault tolerant."

      Or the IP is, you know, a Virtual IP on server load balancers and they can host the website on one thousand different servers at the same time for all you know?

  13. Re:lastweeksnews by ColdWetDog · · Score: 4, Funny

    I submitted this a week ago and a firehose reader modded it down quickly.
    What changed to make this important now if it wasn't important then?

    Now it's old news and thus suitable for Slashdot. Before it was rough hot-off-the-press stuff.

    We don't do that sort of thing here.

    --
    Faster! Faster! Faster would be better!