[h=1]The internet's governing body was hacked, too[/h] by Timothy J. Seppala
The Sony Pictures hack is getting all of the attention right about now, but it turns out that another prominent organization recently was victim to a security breach as well. Last month, ICANN, the outfit that regulates the internet's domain names and IP addresses, fell prey to a phishing attack that tricked employees into giving out email login info. What'd the ne'er-do-wells get a hold of? Administrative access to all the files in the Centralized Zone Data System. Which, as The Register points out, granted the hackers access to unalterable generic zone files (what're needed to resolve domain names to IP addresses), and gifted them with contact information for, among others, some of the world's registry administrators. Passwords were stored as "salted cryptographic hashes," but ICANN deactivated them as a precaution anyway. The firm's wiki was breached too, but aside from public information, a members-only index page and one user's profile, no other private data was viewed.
A few other areas were breached as well, like the organization's blog and WHOIS page, but the company doesn't seem too worried about those, saying neither were impacted after discovering the breach this month. The outfit, for its part, claims its new security measures aided in keeping unauthorized access to a minimum. ICANN also says that nothing else has been compromised either, including Internet Assigned Numbers Authority which keeps the web running in ship shape. The key takeaway here is that humans do in fact run the internet and even they can get fooled by phishers. What's surprising, though, is that ICANN didn't require two-factor authentication for employee email accounts -- we're guessing that'll change rather soon.
The internet's governing body was hacked, too
A few other areas were breached as well, like the organization's blog and WHOIS page, but the company doesn't seem too worried about those, saying neither were impacted after discovering the breach this month. The outfit, for its part, claims its new security measures aided in keeping unauthorized access to a minimum. ICANN also says that nothing else has been compromised either, including Internet Assigned Numbers Authority which keeps the web running in ship shape. The key takeaway here is that humans do in fact run the internet and even they can get fooled by phishers. What's surprising, though, is that ICANN didn't require two-factor authentication for employee email accounts -- we're guessing that'll change rather soon.
The internet's governing body was hacked, too