The US based overseer of internet structure and naming system, ICANN had been hacked by cyber criminals who impersonated the employees to have access to their confidential data.
According to the statement published in the ICANN (Internet Corporation for Assigned Names and Numbers) Website, “ICANN is investigating a recent intrusion into our systems. We believe a ‘spear phishing’ attack was initiated in late November 2014. It involved email messages that were crafted to appear to come from our own domain being sent to members of our staff”
Spear Phishing – this is a form of forging trusted communication in accessing private data. This is a well-known hacking technique and popularly used by Syrian Electronic Army for hijacking social media accounts of the prominent media organizations around the globe. This is also associated with the unresolved hacking attack on Sony Pictures Entertainment a month ago.
Spear phishing is an open form that can be performed by asking users to change passwords, but it turns out to be a fake website. Usually, hackers disguise until the data is transferred on their hands just like creating fake login pages.
Los Angeles based ICANN is liable to control the majority of internet domain names and they make sure that they are universally accessed to any computers around the world, and they have to avoid technological and property conflicts.
In addition to accessing internal emails, hackers were clever to have access to CZDS or Centralized Zone Data Service, which is a database containing zone files. CZDS maps the path of IP address and identification of the computer’s hosting data as well as the domain names. Hundreds of millions websites are under their zone files and additional data stored and managed by the ICANN.
According to ICANN, “The attacker obtained administrative access to all files in the CZDS. This included copies of the zone files in the system, as well as information entered by users such as name, postal address, email address, fax and telephone numbers, username and password. Although the passwords were stored as salted cryptographic hashes, we have deactivated all CZDS passwords as precaution.”
While this hacking incident might not have led to harmful fraud at this moment, the internal data gained by the hackers could be utilized for any future scams, might be ‘spear phishing’ or by other means.
Because of the technical function, ICANN normally hovered under the radar during the earlier years of the website; however it has currently become an international political football. While the internet soars across the universe, officials are becoming upset that this important role is being performed by peculiar US-based body.
President Barack Obama attempted to change ICANN to become a more international organization, however, the Republican-dominated congress worries about the countries with opposing political systems to dictate the rules of the internet. Federal government was barred to use their funds in changing the organization’s status in the “Cromnibus’ budget bill.