back to article ICANN HACKED: Intruders poke around global DNS innards

Domain-name overseer ICANN has been hacked and its DNS zone database compromised, the organization has said. Attackers sent staff spoofed emails appearing to coming from icann.org. The organization notes it was a "spear phishing" attack, suggesting employees clicked on a link in the messages that took them to a bogus login …

  1. Alistair
    Coat

    Ouchies.

    That doesn't sound good. At the moment they haven't found any futzing about is what I'm reading. I wonder if something interesting in the futzing about deparment will be found in the near future.

    Just to be paranoid, going to have relevant stuff checked at our end.

  2. John Robson Silver badge

    Still trust them more than any of the root CAs my browser has loaded...

    Although it'll be interesting to know if this ends up in the mainstream press...

    1. Crazy Operations Guy

      If it does end up in the mainstream press, they'd heavily misinterpret it and blow it way out of proportion like they do with anything they don't understand (which seems to be everything lately).

  3. Florida1920
    Terminator

    The end

    ICANN staff fell for a spear-phishing attack? We're all doomed!

    1. Just Enough
      Facepalm

      Re: The end

      This is the most concerning part of the whole tale. You'd hope that ICANN staff were a bit more savvy than my grandmother.

      What does it take to get into people's heads that if a link in an unexpected email (or whatever) leads to a login page, do not progress any further?

      And any legitimate organisation that sends emails that do this should be publicly ridiculed. They are setting themselves, and their users, up as prime phishing targets.

      1. Tom 38

        Re: The end

        This is the most concerning part of the whole tale. You'd hope that ICANN staff were a bit more savvy than my grandmother.

        You might hope that, but why would it be the case? Because he works for ICANN, the receptionist also knows how to debug BIND?

        1. Jamie Jones Silver badge

          Re: The end

          "iYou might hope that, but why would it be the case? Because he works for ICANN, the receptionist also knows how to debug BIND?"

          No. Because he works for ICANN, you'd expect the receptionist not to have access to this information in thd first place.

      2. Alan Brown Silver badge

        Re: The end

        "You'd hope that ICANN staff were a bit more savvy than my grandmother."

        ICANN staff aren't selected for their technical abilities.

        Thankfully, IANA staff are.

  4. Wensleydale Cheese
    Thumb Down

    "With the email addresses of staff with access to root zone records having been compromised and the hack only noticed a week later,"

    That's a bit worrying.

    1. fearnothing

      Considering that the average time from being hacked to it being spotted is something like 250 days, I'd say they're not doing too badly!

  5. Mephistro
    Happy

    Survey?

    C'mon, Elreg, you're missing the opportunity to make one of these reader's surveys.

    It should be something like:

    Who do you think hacked the ICANN?

    -a) China

    -b) The USA

    -c) NK

    -d) Russia

    -e) The Illuminati

    -f) Others (please specify)

    1. iManageSocial

      Re: Survey?

      f. It's an Inside Job to raise the ICANN fees :-)

    2. Adam 1

      Re: Survey?

      f) SONY - revenge against the internet.

    3. A Non e-mouse Silver badge

      Re: Survey?

      -f) MPAA

    4. Christopher Lane
      Joke

      Re: Survey?

      -f) Others

      TIFKAM - It's become self aware and is getting revenge for nobody loving it's tile-y goodness!!!!

      1. Anonymous Coward
        Pirate

        Re: Survey?

        You guys left out "Somebody who ultimately works for Rupert Murdoch" as an option!

  6. Khaptain Silver badge

    Spear Phishing !!

    "The organization notes it was a "spear phishing" attack, suggesting employees clicked on a link in the messages, and then typed their usernames and passwords into a bogus webpage, providing hackers with the keys to their accounts."

    This can't be serious, if it is then maybe they should change their name to ICANT....

  7. John Klos

    Come on - TheReg should know better

    "ICANN hackers sniff..." Granted, the correct use of "cracker" isn't going to happen. I get that. But can you PLEASE choose phrasing which isn't confusing? Obviously you're talking about hackers (sic) who have hacked (sic) ICANN, not hackers who are part of ICANN, which is implied.

    Thanks!

    1. Captain DaFt

      Re: Come on - TheReg should know better

      Well, 'cracker' is a racial epithet in the US, that's why the press avoids it.

      I'd propose calling them 'diddlers' instead, but that has gained sexual connotations as well as its older meanings of time wasting, fraud and tinkering with things.

      http://www.merriam-webster.com/dictionary/diddle

      1. Khaptain Silver badge

        Re: Come on - TheReg should know better

        "Well, 'cracker' is a racial epithet in the US, that's why the press avoids it."

        I'd say it was then about time that a lot of people grew up. It appears that anyone with enough time on their hands will eventually find a term, a word or a phrase which offends them.

        In my book, if you decide to behave like a c**t then you have to accept to be treated like a c**t.

        I put asterisks in place in order to avoid offending all the colts...

        1. frank ly

          @Khaptain Re: Come on - TheReg should know better

          I notice that you are happy to use the word 'colts' in your comment, even though it is highly offensive to some people.

          1. Khaptain Silver badge

            Re: @Khaptain Come on - TheReg should know better

            @Frank Ly

            I had no other option, I was far too worried about the shitstorm that would have arrived if I had used the "Gl*ck" word.

        2. AndrueC Silver badge
          Joke

          Re: Come on - TheReg should know better

          I'd say it was then about time that a lot of people grew up. It appears that anyone with enough time on their hands will eventually find a term, a word or a phrase which offends them.

          In my book, if you decide to behave like a c**t then you have to accept to be treated like a c**t.

          That's apparently why the Honda Fit is called the Honda Jazz in EMEA :)

          1. Phil O'Sophical Silver badge

            Re: Come on - TheReg should know better

            That's apparently why the Honda Fit is called the Honda Jazz in EMEA :)

            And why the Chevrolet Nova didn't do so well in Spanish-speaking parts of S. America.

          2. Anonymous Coward
            Anonymous Coward

            Re: Come on - TheReg should know better

            Subsequently renamed the Honda Jizz

            They really didn't think that one through properly.

        3. Anonymous Coward
          Anonymous Coward

          Re: Come on - TheReg should know better

          If you can use "Cracker" then that other word becomes fair game. THAT's why it doesn't get commonly used. Otherwise you would have a reverse racisim lawsuit faster than you could say Klan.

        4. Anonymous Coward
          Anonymous Coward

          Re: Come on - TheReg should know better

          If you can use "Cracker" in the derogatory useage (as "poor white trash") then other words becomes fair game. THAT's why it doesn't get commonly used. Otherwise you would have a reverse racism lawsuit faster than you could say Klan.

          However, there are MANY interpretations and usages for Cracker, not all are derogatory. Some of us even enjoy the term as it points back to the Scots Irish that came here at the beginning of the US and later on.

    2. Salts

      Re: Come on - TheReg should know better

      Royal Institution Christmas lectures this year

      Sparks will fly: How to hack your home

      As normal the Guardian did not quite get it right, with hacker

      "But it wasn’t. Because hacking has taken on a new identity – grown a Dr Jekyll to counter its Mr Hyde. “Hack” is now the byword for smart fixes and canny contraptions"

      http://www.theguardian.com/technology/2014/dec/14/how-to-hack-your-home-danielle-george-christmas-lectures

      Funny I always though that **WAS** hacking.

      1. Clamps Silver badge

        Hack etymology

        . “Hack” is now the byword for smart fixes

        That has got to be the longest the mainstream has been behind with I.T jargon and events? I'd say the average is 3 or 4 years. Thats about 40 years!

    3. Anonymous Coward
      Anonymous Coward

      Sorry, 'cracker' vs 'hacker' non-argument

      The 'hacker vs cracker' argument ship sailed a long time ago and mention of the 'c' word of those two makes me think of A Grand Day Out more than anything computery.

      The good/evil attribution of 'hacker' is normally obvious from context and sometimes people even include words to make the difference really clear.

      Conclusion : a waste of a perfectly good post, just like this one!

  8. iManageSocial

    Seriously ICANN

    I remember years back, when selling on eBay, using PayPal and getting all this phishing email crap. Even then, I had enough sense to NEVER login through a link sent to my inbox. That should be RULE #1.

    Seriously, ICANN, it is very concerning to the digital community that the keepers of the "Domains" did not have some basic protocol in place to prevent this from happening.

  9. Keven E.

    "Well, 'cracker' is a racial epithet in the US, that's why the press avoids it."

    As in a "whip cracker"? So... blacks using it is calling white people "slave owners"? It's been quite a while since the literal reality, but if it's a substitute for outright calling them "racists", sad to say, but there's a good chance they are accurate. I'm with Khaptain.

    What's a "colt"? <wink>

    1. Destroy All Monsters Silver badge
      Paris Hilton

      Re: "Well, 'cracker' is a racial epithet in the US, that's why the press avoids it."

      but there's a good chance they are accurate

      But isn't that Sun People doing the racism thing instead?

  10. Anonymous Coward
    Anonymous Coward

    Disabling links and scripts in email!

    That's security 101, folks! Yes all you lazy buts will be forced to copy and paste the link in your browser but saves millions of dollars and/or hundreds of metric tons of embarrassment.

    A big thanks to our visionary friends at Microsoft for bringing html and active content to plain text email.

    1. Salts

      Re: Disabling links and scripts in email!

      Never did like the comment "subject 101" implies you should know it, there was a time not so long ago "subject 101" was a first year university subject, at least in the UK.

      Also not sure how you get html and active content in a plain text email, my email client rejects anything that is not plain text, with a reject message "plain text only"(ish). Perhaps you misunderstood "security 101", Oh well, must go and review my commentard 101 course :-)

      1. Clamps Silver badge

        Re: Disabling links and scripts in email!

        I'm not so sure you've understood "subject 101"

        Yes, It *does* mean you should know it and ,yes, It does refer to first year Uni subjects , or high school, or "community college" the level is irrelevent. It simply means "first lesson". Whatever level you are studying at you should be able to handle lesson 1. Also Its usually used in a discussion where the participants are familiar with %subject% and hence above lesson1 (at whatever level)

  11. tom dial Silver badge

    My wife, who denies any degree of technical knowledge (but is an astute judge of people), would instantly reject an invitation to follow a link and provide login details. I do not believe we can trust those who failed a trivial test of common sense to administer systems and data sets critical to proper operation of the Internet naming and numbering system.

    1. Destroy All Monsters Silver badge
      Paris Hilton

      So we will just have to replace ICANN personnel with your wife?

      1. tom dial Silver badge

        We might do worse. She's a pretty good organizer and has the people skills to handle techies. But also the common sense to avoid messes like this.

    2. Richard Boyce

      Always easy to throw stones at end users

      If your wife were hit with a well-constructed spear while she was tired, the attack might succeed. If you insist on black and white behaviour, use a machine.

      ICANN should be employing a lot of machinery to protect people from themselves.

  12. Ben Holmes

    It's OK though, because apparently ICANN have Sterling Archer - codename Duchess - handling their security if the article image is anything to go by...

  13. Anonymous Coward
    Anonymous Coward

    How does an organization like ICANN not have SPF and DKIM set up to prevent these kind of phishing mails. Any semi-decent administrator would set this up.

    1. Jamie Jones Silver badge

      And any fully-decent administrator would rip out SPF whilst tutting unapprovingly to the semi-decent admin!

      1. Destroy All Monsters Silver badge

        explain.jpg

  14. RankingRoger
    Thumb Up

    Good, the deserve it

    I never buy ICANN stuff anyway, not since one of their employees dropped a crisp packet on the pavement once.

    1. Jamie Jones Silver badge

      Re: Good, the deserve it

      I'd love to be able to understand that.

      1. Anonymous Coward
        Anonymous Coward

        Re: Good, the deserve it

        I think it's a reference to Sony once upon a time trying to (badly) put copy protection on a few thousand CD's, and because of that, they totally deserve to have their entire organisation gutted from the onside, and anyone working for them, or anyone indirectly working for them, their familes out of buisness and living on the streets.

        Yes, believe it or not, there are idiots so brainwashed they believe total destruction of Sony is the only correct punishment for them indirectly putting a rootkit on the PC of somebody they have never met...

        What a bizzare world we live in.

        1. usbac Silver badge

          Re: Good, the deserve it

          @AC

          It's not just because of the root-kit fiasco that I will not buy anything Sony ever again. The root-kit thing was just a small example of the viscous, immoral, greed-driven corporate culture of Sony corp.

          The fact that they have nothing but utter contempt for their customers, and see all of us as their enemy, is reason enough not to give them any of my hard earned money.

          Yes, I'm one of those horrible people that hopes Sony does fail. Sony's employees will ultimately be better off working for another company that's not such a bunch of corporate scumbags. I can't believe they treat their employees any better than their customers (much worse, most likely).

          1. Phil Koenig

            Re: Good, the deserve it

            @usbac: I always avoid companies with a viscous culture, too sticky for me.

    2. Anonymous Coward
      Anonymous Coward

      Re: Good, the deserve it

      @rankinrodger

      You have the wrong ICANN. The other Icahn (as in Karl) deserves a damn good hacking, parasite.

  15. Syntax Error

    Doomed

    The internet will soon become unusable for secure transactions and communications. I think its doomed.

  16. Crazy Operations Guy

    One of the things that shouldn't be automated

    Zone files are so important, and change so infrequently, that this should be a fully manual and offline process to complete. IE changes are sent via bonded courier (or another equally-secure method) to ICANN where an employee verifies the change by calling up the requester and confirming identification as well as each item modified.

    1. Jamie Jones Silver badge

      Re: One of the things that shouldn't be automated

      That was probably true in the recent past.

      These days, the root zone refreshes twice a day (serial number increment) because of all these bullshit new domain names.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like