The Internet Corporation for Assigned Names and Numbers, a.k.a. ICANN, a nonprofit group that manages a good deal of the behind the scenes operations of the internet throughout the world, was hacked in November, according to a statement from the organization. You’d think the company that essentially runs the internet would have a little bit better digital security, no?
Spear Phishing is A Thing
In an all too brief blog post, ICANN says that, ultimately, the damage caused was minimal. Hackers broke into ICANN’s system using a technique called “spear phishing,” in which targeted emails, cleverly disguised as internal messages, were sent to ICANN employees. From there, the cyber attackers were able to access email systems and other public and internal networks.
According the ICANN, the main subject of the hack was an online site where internet users can request information about domain names. User names, addresses, emails, phone numbers, and even encrypted passwords were visible to the cyberterrorists involved.
Damage control is well underway. “ICANN is providing notices to the […] users whose personal information may have been compromised,” the organization’s statement read, in part. The number of people affected was not disclosed.
Coulda Been Worse
ICANN has confirmed that what is perhaps their most important department, the one in charge of keeping the global internet network running smoothly, was not targeted. Which makes sense: had the hackers attacked that system, it’s possible their entire hacking operation would’ve fallen apart. Damage would’ve been done on a massive scale, but the hackers would likely have been left vulnerable to detection and sweet, sweet vengeance.
The attack could’ve been significantly worse, ICANN admits, which is a shockingly honest and unexpected admission. Fortunately, new security upgrades, installed earlier this year, limited the damage.
“We believe these enhancements helped limit the unauthorized access,” ICANN stated. “Since discovering the attack, we have implemented additional security measures.” What’s the digital equivalent of the old “ounce of prevention/pound of cure” adage?
All in all, 2014 was a pretty good year for hackers. While Home Depot and several other high-profile cyberattacks made waves early in the year, the recent Sony Pictures hack that led to the cancelation of the movie The Interview and highlighted the pure cowardice of a major, multi-billion dollar corporation, set a new gold standard for cybercrime.
If an organization like ICANN, which one would assume is essentially the Fort Knox of the internet can get hacked, what hope do the rest of us have? Way to go hackers: @$$holes like you are the reason we can’t have nice things.