If you were a user of ICANN’s CZDS (Centralized Zone Data Service) in 2014 you might wish to think about changing some of your passwords today.
In November 2014, hackers managed to use a spear phishing attack to successfully gain access to confidential internal data at the Internet Corporation for Assigned Names and Numbers (ICANN).
The data is currently still being sold on the dark web markets for $300 USD with claims that it has never been leaked before.
The 2014 data breach enabled hackers to take ICANN’s Governmental Advisory Committee wiki and employee email accounts, its Whois portal, administrative data files, and its blog.
In spite of the fact that the stolen data is important, the cyber-attack could have been arguably worse.
ICANN, which has been a target of many cyber-attacks over the years, possesses a lot of critical information due to its day to day management of top level domains, server systems, and IP address space.
In March 2015, ICANN apologized after a technical problem enabled some applicants for new top level domains to see information of other applicants.
Additionally, officials at ICANN reported in August 2015 that they were hacked again and email addresses/usernames and encrypted passwords for profile accounts were stolen.
In an effort to improve cybersecurity, ICANN said in 2016 that they will for the first time switch the Root Zone Signing Key that`s crucial for ensuring that web users do not get sent to malicious websites, such as phishing websites that are designed to steal information.
The switch will increase the key size from 1024 bits up to 2048, and as a result it`s going to significantly reduce the chances of cracking the key.
The entire switchover will take approximately 2 years.
The fact that no additional important data has slipped out thus far clearly shows that ICANN has significantly improved their security.
However, since ICANN runs the internet address book, even a small data breach will have a high market value on the dark web for many years.
The ICANN data that was stolen during the 2014 data breach is being sold on AlphaBay, which is currently one of the largest dark web marketplaces.
ICANN experts have confirmed that the data sold on the dark web is real, but is from the 2014 data breach.
The batch of stolen data reportedly contains credentials for 8,633 users.
ICANN spokesperson Brad White said that after the data breach was discovered, they reset all the user passwords, and advised users to do the same for other accounts where they used the same passwords.
Although Centralized Zone Data System (CZDS) users have all presumptively already changed their CZDS passwords, if they`re still using the same password for non-CZDS sites it is advised that they should change it.
It’s possible that a more successful cyber-attack may impersonate the officials of ICANN or take down the whole top level domains at the highest level in the hierarchical Domain Name System.
Although none of these has taken place, it shows why ICANN is such high-value target for hackers.
The dark web seller, who also has several stolen databases for sale on the AlphaBay dark web marketplace, did not lie directly about the information’s age; he instead said that he did not know when the ICANN data breach occurred.
The advert of the ICANN data did say that it`s the first time the data has been leaked, a claim which is difficult to directly disprove or prove in the dark web mess.