Actu
Websense: ICANN Web Site Compromise
June 2008 by Websense
Websense® Security Labs™ has received reports that the official website of ICANN and IANA Domains have been hijacked by a Turkish group called “NetDevilz”. ICANN and IANA are responsible for the Internet Protocol (IP) address space allocation, protocol identifier assignment, generic (gTLD) and country code Top Level Domain Name System management, and root server system management functions. NetDevilz is the same group that has hijacked many other domains listed here: Zone-H Attack Archive.
Threat Type: Malicious Web Site / Malicious Code
The ICANN and IANA web sites were defaced and left the following message: “You think that you control the domains but you don’t! Everybody knows wrong. We control the domains including ICANN! Don’t you believe us? haha :) (Lovable Turkish hackers group)”
Zone-H Archived Defacement.
The following domains were hijacked, and some of them still return the defaced pages - http://icann.***; http://icann.^^^; http://iana-servers.@@@; http://internetassignednumbersauthority.!!!; http://iana.&&&. These sites are redirecting visitors to http://atspace.%%%. So far, none of these DNS hijacks served any malware or live exploits.
References:
http://securitylabs.websense.com/content/Blogs/3118.aspx
http://ddanchev.blogspot.com/2008/06/icann-and-ianas-domain-names-hijacked.html
