As 2014 comes to a close, hackers aren’t showing any signs of slowing down. On Tuesday the Internet Corporation for Assigned Names and Numbers , or ICANN, which organizes the Internet’s domain name system, announced that some of its sensitive data had been compromised in late November as part of spear-phishing scam that tricked ICANN employees.
The breach gave hackers access to multiple email accounts, the content management systems of certain ICANN blogs, ICANN’s Governmental Advisory Committee wiki (including members-only sections), and ICANN’s centralized zone data system, or CZDS, which contains … basically everything related to the management of domains.
ICANN is consistently targeted by hackers looking for information about the structure of the domain system or seeking the trove of personal information in the CZDS. ICANN updated the security systems on its networks earlier this year, and says that it thinks these improvements helped limit damage from this hack. It also says that it has added new security features over the past few weeks.
The group explained in a statement:
The attacker obtained administrative access to all files in the CZDS. This included copies of the zone files in the system, as well as information entered by users such as name, postal address, email address, fax and telephone numbers, username, and password. Although the passwords were stored as salted cryptographic hashes, we have deactivated all CZDS passwords as a precaution.
ICANN says that it thinks the attackers used a spear-phishing attack to make emails to employees seem official and tempt them to click on links that lead to malware installation. Depending on who those employees were, the hackers could have gotten extensive amounts of sensitive information.
ICANN says that passwords exposed in the CZDS aren’t actually at risk because they were encrypted, but the organization is resetting all passwords nonetheless and encouraging everyone listed in the CZDS to monitor their data and take protective precautions.
The fact that legit-looking emails are all it took to let hackers in is a reminder (that we’ve all heard a million times at this point) that hackers don’t need to be super-sophisticated to trick people.