ICANN and IANA domains hijacked
Turkish hacker group NetDevilz temporarily succeeded in hijacking domains owned by ICANN and IANA on Friday 27 June. The irony is of course that ICANN (Internet Corporation for Assigned Names and Numbers) and IANA (Internet Assigned Numbers Authority) are the organisations responsible for controlling domains and IP addresses.
According to media reports, the domains icann.net, icann.com, iana-servers.com, internetassignednumbersauthority.com and iana.com were affected. These are not the primary ICANN and IANA domains – the primary domains were not affected. The hackers changed the DNS records for the affected domains to point to their own website, where they posted the sardonic message "You think that you control the domains but you don't. We control the domains including ICANN!"
It is not yet clear how the hackers managed to change the DNS records, but the event is reminiscent of the hijacking of US telecoms company Comcast's website in late May. On that occasion the attackers apparently obtained Comcast's domain management console password, allowing them to change the settings for Comcast in the registrar's record. Phishing or cross-site scripting attacks are also a possibility. But one thing's for sure – as the security experts from SANS Internet Storm Center (ISC) put it, "If this can happen to these folks, it can happen to anyone."