On CBS.com: Play Survivor Video Trivia Now
BNET Business Network:
BNET
TechRepublic
ZDNet

June 26th, 2008

ICANN and IANA's domains hijacked by Turkish hacking group

Posted by Dancho Danchev @ 3:38 pm

Categories: Black Hat, Complex Attacks, Denial of Service (DoS), Hackers

Tags: ICANN, IANA, DNS Hijacking, Web Site Defacement, Turkish Hackers, Turkey, NetDevilz, Atspace.com, Dancho Danchev

What happens when the official domain names of the organizations that issue the domain names in general, and provide allNetDevilz ICANN IANA the practical guidance on how the prevent DNS hijacking, end up having their own domain names hijacked? A wake up call for the Internet community.

The official domains of ICANN, the Internet Corporation for Assigned Names and Numbers, and IANA, the Internet Assigned Numbers Authority were hijacked earlier today, by the NetDevilz Turkish hacking group which also hijacked Photobucket’s domain on the 18th of June. Zone-H mirrored the defacements, some of which still remain active for the time being :

The ICANN and IANA websites were defaced earlier today by a Turkish group called “NetDevilz”. ICANN is responsible for the global coordination of the Internet’s system of unique identifiers. These include domain names, as well as the addresses used in a variety of Internet protocols. The Internet Assigned Numbers Authority (IANA) is responsible for the global coordination of the DNS Root, IP addressing, and other Internet protocol resources.

NetDevilz left the following message on all of the domains :

“You think that you control the domains but you don’t! Everybody knows wrong. We control the domains including ICANN! Don’t you believe us? haha :) (Lovable Turkish hackers group)”

NetDevilz ICANN IANA

The following domains were hijacked, and some of them still return the defaced page - icann.net; icann.com; iana-servers.com; internetassignednumbersauthority.com; iana.com.

The hackers are once again redirecting the visitors to Atspace.com, 82.197.131.106 in particular, the ISP that theyNetDevilz ICANN IANA used in the Photobucket’s DNS hijacking. And while Photobucket hasn’t issued an official statement on the DNS hijack, Atspace.com did so last week, a copy of which you can find here.

The NetDevilz hacking group seems to be taking advantage of a very effective approach when hijacking domain names, and while they declined to respond to an email sent by Zone-H on how they did it,  cross-site scripting or cross-site request forgery vulnerability speculations are already starting to take place.

One thing’s for sure though, if the ICANN and IANA can lose control of their domains, anyone can.

Dancho DanchevDancho Danchev is an independent security consultant and cyber threats analyst, with extensive experience in open source intelligence gathering, malware and cybercrime incident response. He's been an active security blogger since 2007, and maintains a popular security blog. See his full profile and disclosure of his industry affiliations.

Email Dancho Danchev

Subscribe to Zero Day via Email alerts or RSS.

  • Talkback
  • Most Recent of 21 Talkback(s)
RE: ICANN and IANA's domains hijacked by Turkish hacking group
Welcome to the Wild, Wacky, World of high tech. (Read the rest)
Posted by: Kryptik_4B72797074696B Posted on: 08/29/09 You are currently: a Guest | | Terms of Use
Windows is to blame  NonZealot | 06/26/08
clueless  croberts | 06/26/08
He got you...  wolf_z | 06/27/08
8.5 for catching a fish.  riverab0@... | 06/27/08
As of ...  Linux_4u! | 06/27/08
Just wait till they do that to some banks!!!!!  dragon@... | 06/27/08
Re: Just wait till they do that to some banks!!!!!  ddanchevZDNet Moderator | 06/27/08
RE: ICANN and IANA's domains hijacked by Turkish hacking group  pwford@... | 06/27/08
RE: ICANN and IANA's domains hijacked by Turkish hacking group  ddanchevZDNet Moderator | 06/27/08
An interesting take on these kinds of things...  StephG72 | 06/27/08
question4ddanchev - are ip addresses vulnerable?  waecaidr@... | 06/27/08
Re: question4ddanchev - are ip addresses vulnerable?  ddanchevZDNet Moderator | 06/27/08
RE: ICANN and IANA's domains hijacked by Turkish hacking group  twaynesdomain | 06/27/08
Obvious solution  cburkitt2 | 06/27/08
LOL ....  guy@... | 06/27/08
Re: Obvious solution  ddanchevZDNet Moderator | 06/27/08
Not just the domain registrar..  3dguru | 06/28/08
Master Joe Says...  MasterJoe | 06/28/08
Obviously they're plugging FreeBSD.  kraterz | 06/29/08
RE: ICANN and IANA's domains hijacked by Turkish hacking group  alishariefm | 06/30/08
RE: ICANN and IANA's domains hijacked by Turkish hacking group  Kryptik_4B72797074696B | 08/29/09

What do you think?

SponsoredWhite Papers, Webcasts, and Downloads

advertisement

Recent Entries

Premier Vendor Content Whitepapers, webcasts & resources from our Power Center Sponsors
Microsoft Dynamics CRM Online - Free Six-Month Trial for Eligible Organizations
Microsoft Dynamics CRM Online provides fast online access, simple contact management and better sales performance for a low monthly cost - the best value on the market today.
Learn more about the free, six-month trial offer>>
Learn more about tools to grow your business
The Business Essentials Guide provides you useful tools and templates to help grow your business and save you time with automated shipping solutions.
Save time with the UPS Business Essentials Guide
The more you simplify, the more you save
When you transition from your existing Red Hat environment to SUSE Linux Enterprise from Novell, you can recognize dramatic cost savings, perhaps as much 50%
Learn more >>
Reduce risk. Reduce complexity. Increase reliability.
A simplified IT environment isn't just less complex. It's also more reliable. Standardize on a single Linux platform with SUSE Linux Enterprise from Novell, and get the world's most interoperable Linux
Learn more >>
Keep Up With The Latest In Document Management with The DocuMentor.
Doc delivers the scoop on today's enterprise content management, printer maintenance, and all other issues related to document management. It's the DocuMentor Blog.
Learn more >>
The best support in the Linux business
If Linux is going to power your mission-critical applications, you'd better have the best support known to business. Novell was rated the top provider of Linux technical support.
Learn more >>
advertisement

Archives

Favorite Links

ZDNet Blogs

White Papers, Webcasts, and Downloads

Meet Doc

  • Here to help you with your Document Management Needs
  • Doc is an enigma. Born to a Russian ballerina and a German electrical engineer, he grew up in various locations in the United States. He’s seen the insides of more brands, versions, and generations of printer and printer-related hardware than almost anyone.
  • To learn more about this mysterious figure check out his blog on ZDNet and his Workspace on TechRepublic. You’ll be glad you did.
  • Produced by
    ZDNet and