Hackers using a spear phishing attack targeted the Internet Corporation for Assigned Names and Numbers (ICANN), the organization announced Wednesday. The scheme enabled the hackers to gain access to internal emails, a members-only wiki, the ICANN blog and Whois portal, and administrative data files.
There were no catastrophic breaches, the worst transgression being the data files, which included encrypted user passwords for the data system that organizes general top-level domain files. ICANN has alerted users to change their password and implemented new security measures, but otherwise it seems the group got through unscathed.
But if the hackers had gained more control or ICANN's security measures weren't up to snuff, security experts say there could be "disastrous consequences."
First off, it helps to understand what did happen. ICANN is the international nonprofit in charge of the nuts and bolts of the internet. It manages top level domain names (everything from .com to .gov), allocates IP address space, and oversees underlying server system management functions. It also has several subcommittees in charge of setting standards for everything from new domain names to security protocols for the web.
It was hit with a spear phishing attack: a precisely-targeted email scheme, where a convincing email goads a user into clicking a link and handing over some information.
They're one of the central organizations for developing technical standards for a secure internet. They should be thinking a lot about security.
Though the attack was mild this time, there was potential for havoc if the hackers gained deeper access. Hackers looking to target a specific domain would probably infiltrate at a lower level, but poor security at ICANN could result in more startling attacks, according to Patrick Nielsen, senior security researcher at Kaspersky Lab, in an email.
"If ICANN took only superficial precautions, then even a small, inexpensive attack could have disastrous consequences," he said. "This would likely be on a large scale, such as taking down all domains for a specific country, or bringing down the internet altogether, not targeting individual users or websites."
This is pretty unlikely due to the security measures ICANN does have in place. But there are other risks if a stealthy hacker maneuvered those roadblocks, says Daniel Castro, senior analyst at the Information Technology and Innovation Foundation.
"Especially if you're talking about the ICANN email server, the greater risk might be somebody taking over some ICANN servers or email accounts and impersonating an ICANN official," Castro told me in a phone conversation. Since ICANN is essentially the backbone of the internet, getting access to ICANN could open the door to countless other agencies and organizations.
"That's the biggest risk. If you have low security there, that's an entry point to a potential attack somewhere else."
In this case, the attack didn't manage to penetrate ICANN too deeply. This is likely due to some smart security systems in place that most high profile organizations will execute, Castro said.
These include using dual or multi-factor identification on top of passwords, like smartcards or fingerprint scanners. Many organizations also do intense internal training, even fake-phishing their own employees as a learning experience, he said.
While it's encouraging the attack didn't seem very successful, its alarming someone was able to infiltrate the organization as much as they did, Castro noted. When asked for further comment, an ICANN representative referred to the group's blog post.
"In some ways it's kind of ironic because they're one of the central organizations for developing technical standards for a secure internet. They should be thinking a lot about security," Castro said. "Their goal is to get [security standards] on a worldwide basis. You'd think they could get it done internally."