ICANN: Phishing attack compromised systems

ICANN said it is investigating a breach of its internal systems that may have compromised several staff members' credentials.

The Internet Corporation for Assigned Names and Numbers — the nonprofit organization responsible for assigning and monitoring the Internet’s IP addresses and domain names — said it is investigating a breach of its internal systems that may have compromised several staff members’ credentials.

The U.S.-based organization said a “spear phishing” attack — a malicious email spoof targeted at one person or a small group of individuals — that appeared to come from an ICANN domain led to hackers gaining access to several ICANN systems.

The culprits accessed ICANN’s Centralized Zone Data Service, a repository that stores, among other things, data related to information needed to pair domain names with IP addresses. ICANN said hackers accessed copies of that data, as well as names, postal addresses, email addresses, fax and telephone numbers, usernames, and passwords. While the passwords were stored as salted cryptographic hashes, ICANN said it has taken steps to deactivate the entire library.


ICANN also said a members-only wiki page, the organization’s WHOIS listing and blog were also compromised.

The organization said the attack was initiated some time in late November and does not impact any of ICANN’s other systems, including ones related to the Internet Assigned Numbers Authority.

The attack comes as the U.S. is in the midst of handing over its oversight of ICANN to an international consortium in 2015. The National Telecommunications and Information Association, which oversees ICANN, assured people in July that the handover would not disrupt the Internet as the public has come to know it.

“Contrary to some initial concerns that we were giving away the Internet, the response from the global Internet community has been overwhelmingly supportive,” NTIA assistant secretary of commerce for communications and information Lawrence Strickling said at an event in July. “The discussions to date demonstrate that the community is taking this transition very seriously and is determined to develop a transition plan that will ensure that the Internet [domain name system] continues to support a growing and innovative Internet.”

Greg Otto

Written by Greg Otto

Greg Otto is Editor-in-Chief of CyberScoop, overseeing all editorial content for the website. Greg has led cybersecurity coverage that has won various awards, including accolades from the Society of Professional Journalists and the American Society of Business Publication Editors. Prior to joining Scoop News Group, Greg worked for the Washington Business Journal, U.S. News & World Report and WTOP Radio. He has a degree in broadcast journalism from Temple University.

Latest Podcasts