technology – Beijing morning news on December 18th, the Internet domain name administration of ICANN on Wednesday said in a statement, the unidentified attackers breached the system sensitive institutions by a spear phishing attack. The attackers were thus able to obtain employee email accounts and personal information about people who have business dealings with ICANN.
ICANN also said that at the time of the attack, hackers get stored in the central region of the data administrator permissions all files in the organs of the system, and the system account owner name, postal address, e-mail address, fax number and telephone number, user name, and password is encrypted. Domain name registration services typically use this database to help manage the current allocation of hundreds of new top-level domains. Hackers also get access to the content management system of multiple blogs ICANN.
ICANN announcement: "we believe that the" spear phishing "attacks launched in November 2014. Some of the e-mail messages seem to be sent to us from our own domain. The attack led to a number of ICANN employees e-mail account information leakage."
earlier this month, ICANN reported that the leaked account information was used to access the regional data system. Other compromised systems also include ICANN GAC Wiki, which allows hackers to view the catalog pages that are limited to the internal staff view, as well as the user’s personal page. ICANN Whois information portal and ICANN blog are also affected.
the most sensitive information leaked in this attack is the central area of the system account holder’s personal information. ICANN recommends that account holders immediately modify the account password, because hackers will be easy to crack the lower strength and even moderate passwords. In addition, the account holder also need to guard against spear phishing attacks are similar, because the attack leaked the account holder’s personal information.
is not yet clear, how sensitive the other leaked data. Depending on the position of the ICANN employee being attacked, the leaked information may include undisclosed plans for top-level domain names, and other confidential information relating to the Internet domain name system. Other attacks may not be very sensitive to the system. ICANN’s Web site shows that the attacked area data system is a centralized access point for stakeholders to request access to a regional file". The information security company Rapid7 chief research officer HD· (HD Moore); Moore said, this system saves the technology of information disclosure, and domain name registration agencies use these techniques to ensure that they control the top-level domain name can be accessed via the internet.
as the controller of the Internet domain name system, ICANN is often subject to a variety of hacker attacks. Hackers want to get some confidential information through ICANN, which is used to attack it >