ICANN — the organization responsible for allocating IP addresses and domain names for the internet — has been hacked. The US-administered non-profit has said that its internal systems were breached following a spear phishing attack in late November. Employees were tricked into giving up their credentials after receiving emails apparently sent from the organization’s own domain.
Hackers accessed names, passwords, emails and addresses
ICANN says the hackers accessed internal emails, a members-only Wiki page containing public information, the WHOIS portal (used to look up who registered a particular domain), and the organization’s Centralized Zone Data System (CZDS). This last breach is the most troubling as ICANN reports that the attackers gained access to a wide range of user information including real names, addresses, emails, telephones and usernames. Users’ passwords were also accessed but ICANN has said that these were encrypted rather than stored as plaintext.
Although it’s a given that an organization like ICANN is going to be a tempting target for hackers the breach could be used as evidence that the US needs to retain greater control over the organization. President Obama announced plans in March to give up many of the government's powers over the day-to-day function of the internet, only to be met by conservative opposition accusing him of giving too much power to America's rivals. Thankfully this hack seems too slight to count against the president's plans.