Slashdot Mirror

← Back to Stories (view on slashdot.org)

Hackers Compromise ICANN, Access Zone File Data System

Posted by timothy on from the that-should-be-a-boss-level dept.

Trailrunner7 writes with this news from ThreatPost: Unknown hackers were able to compromise vital systems belonging to ICANN, the organization that manages the global top-level domain system, and had access to the system that manages the files with data on resolving specific domain names. The attack apparently took place in November and ICANN officials discovered it earlier this month. The intrusion started with a spear phishing campaign that targeted ICANN staffers and the email credentials of several staff members were compromised. The attackers then were able to gain access to the Centralized Zone Data System, the system that allows people to manage zone files. The zone files contain quite bit of valuable information, including domain names, the name server names associated with those domains and the IP addresses for the name servers. ICANN officials said they are notifying any users whose zone data might have been compromised." (Here's ICANN's public note on the compromise.)

12 of 110 comments (clear)

  1. So that's why Slashdot has been screwed up! by TWX · · Score: 4, Funny

    This explains a lot! We're not posting on the real Slashdot at all! We're on someone's bad copy! The entire "beta" thing was just a hijack attempt!

    --
    Do not look into laser with remaining eye.
  2. Re:fire them by CaptainDork · · Score: 3, Insightful

    Any IT shop that ain't got the sense god gave a pissant to identify a phishing attack programmatically and shield employees who work on the INCOME side of the ledger, as opposed to IT, which is on the EXPENSE side, needs to be hit over the head with a wet squirrel and stuff.

    --
    It little behooves the best of us to comment on the rest of us.
  3. Apparently I've been a hacker for years by kdub007 · · Score: 4, Insightful

    I've been able to get all of that info for 15 years using the apparently malicious tool, WHOIS. Now, if they were able to change that data, that's different, but according to this post, all the "hackers" got was publicly available information.

    --
    The correct answer is 42.
  4. Re:Some people better be out of a job... by TWX · · Score: 4, Interesting

    And replace it with what, exactly?

    Seriously, how do you intend to manage all of the addressing, both the IP level and the human-readable level, without some form of central authority?

    --
    Do not look into laser with remaining eye.
  5. Re:Some people better be out of a job... by mmell · · Score: 4, Funny

    I'll bet he could tell you. He has written a hostfile manager that guards your home, brings you your slippers and makes your coffee in the morning.

  6. Re:fire them by cyberchondriac · · Score: 4, Funny

    I think the squirrel would disagree..

    --

    Look back up at my post, now look back down, you're on the Internet. Now look back up. I'm a signature.
  7. Re:fire them by WaffleMonster · · Score: 3, Informative

    Any employee dumb enough to fall for a phish should be fired.

    The messages were *targeted* they appeared to come from real people within the company. If your PM sent you a word doc detailing a new project proposal and you opened it should YOU be fired?

    SMTP email is a failed experiment causing untold damage to millions of users around the world.

  8. Let me be the first to say that by organgtool · · Score: 4, Funny

    This never would have happened if there was an air gap between the DNS servers and the internet.

  9. CZDS isn't about managing zone files by MrCawfee · · Score: 4, Informative

    ...it is about publishing them. You can request a free account and download the current zone file for the root dns.

    Verisign also provides this service for free for .COM and .NET, CZDS is just a centralized place so you can get the zones for all the new gTLDs without requesting accounts at 500 registries.

    This hack, while bad, doesn't directly affect the root dns system.

  10. Re:fire them by Archangel+Michael · · Score: 3, Insightful

    If my PM sent me a word doc via email, especially if it was sensitive, I would fire the PM for incompetence. Files should be stored on servers where proper security can be enabled and monitored. Once a doc gets attached to email, you have lost all control over it.

    Document control systems need to be in place, and email is not a document control system.

    --
    Agent K: A *person* is smart. People are dumb, stupid, panicky animals, and you know it.
  11. Re:fire them by omglolbah · · Score: 5, Interesting

    We have a document control system at work, it has grown to such a degree that adding a document is a 3 day process involving a document controller and various other tasks. If the document does not fit a corporate template it may get rejected.

    At that point people tend to go "fuck it" and just send around work copies until it is finalized and THEN go through the hassle.

    It is unfortunate, but I've seen it happen in two different companies so far... both multinational, both ignoring their own procedures for sensitive data.

  12. Re:fire them by sjames · · Score: 3, Insightful

    If anyone doesn't think IT is on the INCOME side, they should give the sales guys a pad and a pencil and shut down IT services for a week. Let's see how much INCOME they have then. Make that week during payroll and lets see what their INCOME looks like when nobody gets paid.