ICANN Investigating Attack

Monday, May 4, 2015 @ 02:05 PM gHale


The Internet Corporation for Assigned Names and Numbers (ICANN) suffered an attack of two of the organization’s generic top-level domain (gTLD) portals and the first part of its impact investigation is now complete.

On February 27, ICANN shut down the New gTLD Applicant and GDD (Global Domains Division) portals after learning of a security flaw that exposed user records. The affected websites are only accessible to applicants and registry operators, and they end up used in the evaluation and contracting processes.

RELATED STORIES
Malware Delivers Trojan to Enterprises
Government Attacks via APT
‘Air Gapped’ Systems Targeted
Safe Air Gaps Not Protected

In early March, shortly after restoring access to the affected portals, ICANN said it hadn’t found any evidence of unauthorized access. However, after reviewing logs dating back to April 2013, when the New gTLD Applicant portal started up, and March 2014, when the GDD portal started, the two consulting firms called in by ICANN to investigate the incident found some users had in fact accessed records that didn’t belong to them.

“Based on the investigation to date, the unauthorized access resulted from advanced searches conducted using the login credentials of 19 users, which exposed 330 advanced search result records, pertaining to 96 applicants and 21 registry operators. These records may have included attachment(s). These advanced searches occurred during 36 user sessions out of a total of nearly 595,000 user sessions since April 2013,” ICANN said in a post.

ICANN said it will notify affected users “shortly” and inform them on which portion of their data ended up accessed and when. By May 27, they will also know the identity of the users who viewed their information.

Those who exploited the vulnerability to view the details of other users will end up contacted by ICANN. The organization is asking them to motivate their activity, and to certify they will delete or destroy the data they have obtained, and they will not use it or distribute it to third parties.

“We realize that any compromise of our users’ data is unacceptable and take this situation, as well as user trust, very seriously,” said ICANN’s Chief Information and Innovation Officer, Ashwin Rangan.



Leave a Reply

You must be logged in to post a comment.