ICANN falls for spear phishing attackICANNCZDSThe Attack
ICANN
ICANN is responsible for the coordination of maintenance and methodology of several databases of unique identifiers related to the namespaces of the Internet, and ensuring the network’s stable and secure operation. In short it is the keeper of the Internet Protocol identifiers. It maintains registry of Internet’s global Domain Name System, and is responsible for introduction of new generic top-level domains (TLDs), ICANN also looks after the operation of root name servers. The numbering facilities ICANN manages include the Internet Protocol address spaces for IPv4 and IPv6, and assignment of address blocks to regional Internet registries.
CZDS
The Centralized Zone Data Service works within the ICANN and provides a centralized point for access to Zone Files provided by participating Top Level Domain Registries. As more and more generic TLD’s are added to internet, the work of CZDS has gone up.
The Attack
ICANN stated that the attack had been committed in late November using emails sent to staff members. The specially crafted emails were sent to the employees were sent in such a way that they seem to have come from ICANN domain itself. As a result of the attack, the email credentials of several ICANN staff members were compromised. Those credentials were then used to compromise other ICANN systems, including the CZDS. All the zone files and user account details including emails id and passwords may have been compromised due to the intrusion in the CZDS. ICANN has urged all the users to change their passwords to new ones. Unauthorized access was also obtained to user accounts on two other systems, the ICANN Blog (blog.icann.org) and the ICANN WHOIS (whois.icann.org) information portal. No impact was found to either of these systems. From the ICANN statement The ICANN GAC Wiki (gacweb.icann.org) Public information, the members-only index page and one individual user’s profile page was viewed. No other non-public content was viewed. Based on our investigation to date, we are not aware of any other systems that have been compromised, and we have confirmed that this attack does not impact any IANA-related systems.