What happens when the official domain names of the organizations that issue the domain names in general, and provide all the practical guidance on how the prevent DNS hijacking, end up having their own domain names hijacked? A wake up call for the Internet community.
The official domains of ICANN, the Internet Corporation for Assigned Names and Numbers, and IANA, the Internet Assigned Numbers Authority were hijacked earlier today, by the NetDevilz Turkish hacking group which also hijacked Photobucket's domain on the 18th of June. Zone-H mirrored the defacements, some of which still remain active for the time being :
The ICANN and IANA websites were defaced earlier today by a Turkish group called "NetDevilz". ICANN is responsible for the global coordination of the Internet's system of unique identifiers. These include domain names, as well as the addresses used in a variety of Internet protocols. The Internet Assigned Numbers Authority (IANA) is responsible for the global coordination of the DNS Root, IP addressing, and other Internet protocol resources.
NetDevilz left the following message on all of the domains :
"You think that you control the domains but you don't! Everybody knows wrong. We control the domains including ICANN! Don't you believe us? haha :) (Lovable Turkish hackers group)"
The hackers are once again redirecting the visitors to Atspace.com, 18.104.22.168 in particular, the ISP that they used in the Photobucket's DNS hijacking. And while Photobucket hasn't issued an official statement on the DNS hijack, Atspace.com did so last week, a copy of which you can find here.
The NetDevilz hacking group seems to be taking advantage of a very effective approach when hijacking domain names, and while they declined to respond to an email sent by Zone-H on how they did it, cross-site scripting or cross-site request forgery vulnerability speculations are already starting to take place.
One thing's for sure though, if the ICANN and IANA can lose control of their domains, anyone can.