Hackers have tricked their way into the computers of the Internet Corporation for Assigned Names and Numbers (ICANN)
A “spearfishing” attack hooked staff members with emails crafted to appear as though they were sent from peers using “icann.org” addresses, according to a blog post.
The attack commenced in November. Typically, spearfishing attacks dupe people into clicking on links to what appeared to be legitimate email log-in pages but aren’t or open attached files booby-trapped with viruses.
“The attack resulted in the compromise of the email credentials of several ICANN staff members,” ICANN said.
The hackers gained control of accounts and keys to reaching deeper, according to the blog post.
User names and passwords were used this month to access a Centralised Zone Data System, where hackers could get hold of files about generic top-level domains as well as names, addresses, passwords and other valuable information about users, according to ICANN.
Hackers were also said to have used compromised passwords to get into an ICANN wiki page; its blog, and a Whois index of registered owners of web addresses.
ICANN believed that security enhancements made earlier this year limited how deep hackers could dive into its computers. More defence measures have been instituted since the hack, according to ICANN.
Jeff Moss is the organisation chief security officer and he founded the notorious annual Def Con gathering of hackers in Las Vegas and has the hacker name Dark Tangent.
Source: iOL