ICANN says hijacking attack due to breach at their registrar

As we commented on, ICANN, the group that manages top-level domain (TLD) naming systems for the web, recently had several of its domains hijacked by a Turkish hacking group. ICANN has now commented that the hijacking was due to a security breach at the registrar that manages those URLs. From ICANN’s site:

The DNS redirect was a result of an attack on ICANN’s registrar’s systems. A full, confidential, security report from that registrar has since been provided to ICANN with respect to this attack.

It would appear the attack was sophisticated, combining both social and technological techniques, but was also limited and focused. The redirect was noticed and corrected within 20 minutes; however it may have taken anywhere up to 48 hours for the redirect to be entirely removed from the Internet.

Hmm… I wonder how “sophisticated” this could’ve been. I think that this is like one of the stages of denial for security flaws:

  1. Deny the flaw exists
  2. Once the flaw exists, assume the attack must’ve been sophisticated

ICANN also stated on the site:

ICANN is confident that the lessons learned and new security measures since introduced will ensure there is not a repeat of this situation in future. ICANN’s Security and Stability Advisory Committee (SSAC) is considering the issue of access to domain names through registrars as a priority research topic. The results of that work will be made available through the usual channels.

In a separate and unrelated incident a few days later, attackers used a very recent exploit in popular blogging software Wordpress to target the ICANN blog. The attack was noticed immediately and the blog taken offline while an analysis was run. That analysis pointed to an automated attack. The blogging software has since been patched and no wider impact (except the disappearance of the blog while the analysis was carried out) was noted.

In response to the attacks, ICANN has started an internal review of its existing security procedures to see if there are any lessons that can be learnt and to make any improvements necessary. Full reports on both incidents have been provided to law enforcement agencies.

So not only did the people who run all the domains on the net get their domains hijacked, they also failed to update Wordpress and got their blog owned. Way to go. Really makes a person feel comfortable.

[Source: zdnet]