ICANN and IANA's domains hijacked by Turkish hacking group

Summary:What happens when the official domain names of the organizations that issue the domain names in general, and provide all the practical guidance on how the prevent DNS hijacking, end up having their own domain names hijacked? A wake up call for the Internet community.

What happens when the official domain names of the organizations that issue the domain names in general, and provide all

NetDevilz ICANN IANA
the practical guidance on how the prevent DNS hijacking, end up having their own domain names hijacked? A wake up call for the Internet community.

The official domains of ICANN, the Internet Corporation for Assigned Names and Numbers, and IANA, the Internet Assigned Numbers Authority were hijacked earlier today, by the NetDevilz Turkish hacking group which also hijacked Photobucket's domain on the 18th of June. Zone-H mirrored the defacements, some of which still remain active for the time being :

The ICANN and IANA websites were defaced earlier today by a Turkish group called "NetDevilz". ICANN is responsible for the global coordination of the Internet's system of unique identifiers. These include domain names, as well as the addresses used in a variety of Internet protocols. The Internet Assigned Numbers Authority (IANA) is responsible for the global coordination of the DNS Root, IP addressing, and other Internet protocol resources.

NetDevilz left the following message on all of the domains :

"You think that you control the domains but you don't! Everybody knows wrong. We control the domains including ICANN! Don't you believe us? haha :) (Lovable Turkish hackers group)"

NetDevilz ICANN IANA

The following domains were hijacked, and some of them still return the defaced page - icann.net; icann.com; iana-servers.com; internetassignednumbersauthority.com; iana.com.

The hackers are once again redirecting the visitors to Atspace.com, 82.197.131.106 in particular, the ISP that they

NetDevilz ICANN IANA
used in the Photobucket's DNS hijacking. And while Photobucket hasn't issued an official statement on the DNS hijack, Atspace.com did so last week, a copy of which you can find here.

The NetDevilz hacking group seems to be taking advantage of a very effective approach when hijacking domain names, and while they declined to respond to an email sent by Zone-H on how they did it,  cross-site scripting or cross-site request forgery vulnerability speculations are already starting to take place.

One thing's for sure though, if the ICANN and IANA can lose control of their domains, anyone can.

Topics: Networking

About

Dancho Danchev is an independent security consultant and cyber threats analyst, with extensive experience in open source intelligence gathering, and cybercrime incident response. He's been an active security blogger since 2007, and maintains a popular security blog sharing real-time threats intelligence data with the rest of the community... Full Bio

zdnet_core.socialButton.googleLabel Contact Disclosure

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Related Stories

The best of ZDNet, delivered

You have been successfully signed up. To sign up for more newsletters or to manage your account, visit the Newsletter Subscription Center.
Subscription failed.