Jump to content

Hackers spearfish into ICANN

Master Disaster
By Master Disaster
in Tech News
 Share
Posted

http://blink.htcsense.com/Web/ArticleMobile.aspx?regionid=1&articleid=33456543

The private agency that acts as a gatekeeper for the Internet said that hackers tricked their way into its computers.

A "spearfishing" attack aimed at US-based nonprofit Internet Corporation for Assigned Names and Numbers (ICANN) hooked staff members with emails crafted to appear as though they were sent from peers using "icann.org" addresses, according to a blog post.

"The attack resulted in the compromise of the email credentials of several ICANN staff members," ICANN said.

It appeared that the attack commenced in November. Typically, spearfishing attacks dupe people into clicking on links to what appeared to be legitimate email log-in pages but aren't or open attached files booby-trapped with viruses.

The ruse won hackers ICANN email user names and passwords, giving the intruders control of accounts and keys to reaching deeper, according to the blog post.

User names and passwords were used this month to access a Centralized Zone Data System, where hackers could get hold of files about generic top-level domains as well as names, addresses, passwords and other valuable information about users, according to ICANN.

Hackers were also said to have used compromised passwords to get into an ICANN wiki page; its blog, and a Whois index of registered owners of web addresses.

The blog and Whois did not appear to have been tampered with, according to ICANN, which provided no insight into who was behind the attack.

ICANN believed that security enhancements made earlier this year limited how deep hackers could dive into its computers. More defense measures have been instituted since the hack, according to ICANN.

The organization's chief security officer is Jeff Moss, who founded the notorious annual Def Con gathering of hackers in Las Vegas and has the hacker name Dark Tangent.

ICANN, which is in charge of assigning Internet domain names, is expected to break free of US oversight late next year.

Washington said in March it might not renew its contract with the Los Angeles-based agency, provided a new oversight system is in place that ensures the Internet addressing structure is reliable.

The agency plans to submit a proposal on oversight to the US Department of Commerce next year.

Shits getting serious now, no one is safe from attack anymore.

Main Rig:-

Ryzen 7 3800X | Asus ROG Strix X570-F Gaming | 16GB Team Group Dark Pro 3600Mhz | Corsair MP600 1TB PCIe Gen 4 | Sapphire 5700 XT Pulse | Corsair H115i Platinum | WD Black 1TB | WD Green 4TB | EVGA SuperNOVA G3 650W | Asus TUF GT501 | Samsung C27HG70 1440p 144hz HDR FreeSync 2 | Ubuntu 20.04.2 LTS |

 

Server:-

Intel NUC running Server 2019 + Synology DSM218+ with 2 x 4TB Toshiba NAS Ready HDDs (RAID0)

Link to comment
Share on other sites
Link to post
Share on other sites
Posted

http://blink.htcsense.com/Web/ArticleMobile.aspx?regionid=1&articleid=33456543

Shits getting serious now, no one is safe from attack anymore.

Anymore would imply that the internet has ever been "safe". It's not surprising, really.

~Remember to quote posts to continue support on your thread~
-Don't be this kind of person-

CPU:  AMD Ryzen 7 5800x | RAM: 2x16GB Crucial Ripjaws Z | Cooling: XSPC/EK/Bitspower loop | MOBO: Gigabyte x570 Aorus Master | PSU: Seasonic Prime 750 Titanium  

SSD: 250GB Samsung 980 PRO (OS) | 1TB Crucial MX500| 2TB Crucial P2 | Case: Phanteks Evolv X | GPU: EVGA GTX 1080 Ti FTW3 (with EK Block) | HDD: 1x Seagate Barracuda 2TB

Link to comment
Share on other sites
Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share
Go to topic listing Tech News

×