Welcome to WebmasterWorld Guest from 3.227.208.153

Forum Moderators: phranque

Message Too Old, No Replies

ICANN Investigates "Spear Phishing" Attack After Obtaining Admin Access To Files in CZDS

     
7:09 pm on Dec 18, 2014 (gmt 0)

Administrator from GB 

WebmasterWorld Administrator engine is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month Best Post Of The Month

joined:May 9, 2000
posts:26441
votes: 1067


ICANN has provided information on this hacking incident which appears to have been smart enough to fool its own staff.

I would expect it's too early to say how bad this is until it's fully understood what the hacker took away from the attack.

Either way, it doesn't sound too good.

ICANN is investigating a recent intrusion into our systems. We believe a "spear phishing" attack was initiated in late November 2014. It involved email messages that were crafted to appear to come from our own domain being sent to members of our staff. The attack resulted in the compromise of the email credentials of several ICANN staff members.ICANN Investigates "Spear Phishing" Attack After Obtaining Admin Access To Files in CZDS [icann.org]
The Centralized Zone Data System (czds.icann.org)
The attacker obtained administrative access to all files in the CZDS. This included copies of the zone files in the system, as well as information entered by users such as name, postal address, email address, fax and telephone numbers, username, and password. Although the passwords were stored as salted cryptographic hashes, we have deactivated all CZDS passwords as a precaution. Users may request a new password at czds.icann.org. We suggest that CZDS users take appropriate steps to protect any other online accounts for which they might have used the same username and/or password. ICANN is providing notices to the CZDS users whose personal information may have been compromised.
8:53 pm on Dec 18, 2014 (gmt 0)

Senior Member

WebmasterWorld Senior Member 10+ Year Member Top Contributors Of The Month

joined:Aug 30, 2002
posts: 2661
votes: 103


The API keys were reset too so that any CDZS user that was accessing the service using scripts had to get a new key.

Regards...jmcc