ICANN falls for spear phishing attack

E-mail credentials and a key DNS zone system were compromised. The severity of the damage is not yet clear.

The Internet Corporation for Assigned Names and Numbers (ICANN) announced yesterday that they have fallen victim to a phishing attack which resulted in the attackers gaining administrative access to some of ICANN's systems, including its Centralized Zone Data Service (CZDS).

ICANN believes that the attack was committed in late November using emails sent to staff members that were designed to look like they came from within ICANN. As a result of the attack, the email credentials of several ICANN staff members were compromised. Those credentials were then used to compromise other ICANN systems, including the CZDS.

The CZDS is a service used by domain registries and other interested parties request access to DNS root zone files. The compromise of the system means that the zone files themselves were available but, more importantly, so were the account details of users on the system, including email addresses and passwords. The passwords were salted cryptographic hashes, so it's unlikely that the attackers will be able to use them, but ICANN is urging users to get new passwords just the same.

At the same time, the attackers would have access to the account holders' names, postal addresses, email addresses, fax and telephone numbers. This could be good fodder for further spear phishing attacks.

The investigation has found no evidence of compromise of any Internet Assigned Numbers Authority (IANA) systems. The IANA is part of ICANN and performs the actual management of globally-unique names and numbers.