หลังจาก Sony ก็ ICANN ถึงระดับ zone file เลย[URL=“http://www.theregister.co.uk/2014/12/17/icann_hacked_admin_access_to_zone_files/”]
http://www.theregister.co.uk/2014/12/17/icann_hacked_admin_access_to_zone_files/
โลกช่างอยู่ยากขึ้นทุกวันแฮะ
Attackers sent staff spoofed emails appearing to coming from icann.org. The organization notes it was a “spear phishing” attack, suggesting employees clicked on a link in the messages that took them to a bogus login page – into which staff typed their usernames and passwords, providing hackers with the keys to their work email accounts. No sign of two-factor authentication, then.
“The attack resulted in the compromise of the email credentials of several ICANN staff members,” ICANN’s statement on the matter reads, noting that the attack happened in late November and was discovered a week later.
With those details, the hackers then managed to access a number of systems within ICANN, including the Centralized Zone Data System (CZDS), the wiki pages of the Governmental Advisory Committee (GAC), the domain registration Whois portal, and the organization’s blog.
The CZDS gives authorized parties access to all the zone files of the world’s generic top-level domains. It is not possible to alter those zone files from within that system, but the hackers did manage to obtain information on those who are registered with the system, which include many of the administrators of the world’s registries and registrars.
In an email sent to every CZDS user, ICANN has warned that “the attacker obtained administrative access to all files in the CZDS including copies of the zone files in the system. The information you provided as a CZDS user might have been downloaded by the attacker. This may have included your name, postal address, email address, fax and telephone numbers, and your username and password.”
ICANN notes that the passwords were stored as salted hash values, rather than in plaintext, although the algorithm used is not known. It has since deactivated all pass-phrases and asked users to set new passwords. However, if CZDS users have used the same login details for other systems, the hackers could also gain access to other parts of the internet’s basic infrastructure if they can crack the hashes.
ICANN says it has found no impact on the other systems. “Based on our investigation to date, we are not aware of any other systems that have been compromised, and we have confirmed that this attack does not impact any IANA-related systems,” it stated.
social engineering
:967339c1: