ICANN and IANA domains hijacked by Turkish crackers

26/06/2008 Written by Marcelo Almeida (Vympel) & Kevin Fernandez (Siegfr

icann-flagsThe ICANN and IANA web­sites were defaced ear­lier today by a Turk­ish group called “Net­Dev­ilz”. ICANN is respon­si­ble for the global coor­di­na­tion of the Internet’s sys­tem of unique iden­ti­fiers. These include domain names, as well as the addresses used in a vari­ety of Inter­net pro­to­cols. The Inter­net Assigned Num­bers Author­ity (IANA) is respon­si­ble for the global coor­di­na­tion of the DNS Root, IP address­ing, and other Inter­net pro­to­col resources.
Their domains were redi­rect­ing to a host­ing space at “atspace​.com” where the defac­ers left the fol­low­ing mes­sage:

“You think that you con­trol the domains but you don’t! Every­body knows wrong. We con­trol the domains includ­ing ICANN! Don’t you believe us?”

CONTINUE


Hijacked domains include “icann​.com”, “icann​.net”, “iana​.com” and “iana​-servers​.com”.
We reached the defac­ers by email but they refused to tell us how they changed the DNS records, how­ever a cross-​site script­ing or cross-​site request forgery vul­ner­a­bil­ity might have been exploited.

Here is the mir­ror of the ICANN​.com deface­ment:
http://​www​.zone​-​h​.org/​c​o​m​p​o​n​e​n​t​/​o​p​t​i​o​n​,​c​o​m​_​m​i​r​r​o​r​w​r​p​/​I​t​e​m​i​d​,​0​/​i​d​,​7​6​3​5102/

You can have a look at their other deface­ments here:
http://​www​.zone​-​h​.org/​c​o​m​p​o​n​e​n​t​/​o​p​t​i​o​n​,​c​o​m​_​a​t​t​a​c​k​s​/​I​t​e​m​i​d​,​4​3​/​f​i​l​t​e​r​_​d​e​f​a​c​e​r​,​N​e​t​D​e​vilz/


Share this content: