ICANN publicity may have triggered malicious behavior

On a week when ICANN's decisions were headlining hundreds of tech news sites, several of the group's pages were defaced by a group of hackers, and a phishing scam spoofing the group's page hit inboxes across the country.

Yesterday, a Turkish group known as "NetDevilz" -- which is linked to a reported 31 perpetrated attacks just this year, as tracked by site Zone-H -- hijacked icann.com, icann.net, iana.com, and iana-servers.com, all sites belonging to the Internet Corporation for Assigned Names and Numbers (ICANN) and the Internet Assigned Numbers Authority (IANA).

The defacement replaced pages' contents with the group's name, and the message "You think that you control the domains but you don't! Everybody knows wrong. We control the domains including ICANN! Don't you believe us? haha :) (Lovable Turkish hackers group)."

The phishing attack was launched several days before ICANN's site was defaced and targeted domain name owners. The e-mails that were sent contained the following text:

>Dear Domain Account Holder,
>You are being sent this notice from ICANN due to the fact that you
>currently own an active domain name. ICANN is currently upgrading all
>domains from their registry database.
>The upgrade will introduce new control options for your domain and easier
>access. The new upgrade is required by the registry. All domain users are
>expected to submit their domain information manually at
>http://www.icannresolve.com/[spoofed site name removed] with the
>required information for ICANN to apply the required updates.
>The upgrades will be applied to accounts on a first come, first serve
>basis. You have until July 25, 2008 to submit the required information to
>avoid service and domain interruption.
>Thank you for your time.
>ICANN.org Resolutions Department

The spoofed site, which has since been removed, was a faithful representation of the pre-hack ICANN page design, with blank fields for all harvestable user information.

2 Responses to ICANN publicity may have triggered malicious behavior

© 1998-2024 BetaNews, Inc. All Rights Reserved. Privacy Policy - Cookie Policy.