ICANN Domain Names Attacked

    July 7, 2008

ICANN, the Internet Corporation for Assigned Names and Numbers says that it has been the recent target of online attacks.

ICANN is the organization that regulates the use of domain names. The organization says the domain names icann.com and iana.com were briefly taken over allowing the hackers to direct those Web sites to other locations.

The domains were used only as mirrors for ICANN and IANA’s main Web sites. The group’s actual Web sites at icann.org and inana.org were not affected. The DNS redirect occurred because of an attack on ICANN’s registrar’s systems.

The attack was sophisticated according to the organization, used both social and technological techniques. The attack lasted twenty minutes before being fixed. ICANN said it could take up to 48 hours for the redirect to be entirely removed from the Internet. The organization says that it has added new security measures to prevent future attacks.

In a separate incident, ICANN says hackers used an exploit in the blogging software for WordPress to target the ICANN blog. The attack was quickly noticed and the blog was taken offline while an analysis was done. The analysis revealed it to be an automated attack. The blogging software was patched and no large impact was found.

Because of the attacks, ICANN is doing an internal review of its current security procedures and plans to make any necessary improvements. The organization has reported the incidents to law enforcement.