By Stefanie Hoffman, ChannelWeb, Jun. 30 2008, 1730 hrs
Turkish hackers broke into two of the most established international Websites that oversee and regulate the Internet in order to reroute visitors to a rogue domain, the New York Times reported Friday.
Two of the domains under attack include the Internet Corporation for Assigned Names and Numbers (ICANN, icann.org) and the Internet Assigned Numbers Authority (IANA (iana.org) -- two organizations that that have dominion over numerous critical functions regarding Internet regulation.
IANA oversees the international coordination of the domain name system, IP addressing and other Internet protocol resources. ICANN has global authority over the Internet's identifier system, allocating IP address space and managing the Web's domain name system.
The cyber prank was conducted by the Turkish group known as "NetDevilz," according to researchers at Zone-h, a security organization that logs Web exploits and cyber attacks.
Zone-h researchers said that they were able to contact the hackers but that "they refused to tell us how they changed the DNS records," in Thursday blog post. The researchers speculated that the hackers might have exploited a cross-site scripting or cross-site request forgery vulnerability to execute the attack.
Users that attempted to visit iana.com, iana-servers.com, icann.com and icann.net were subsequently redirected to an illegitimate a hosting space at "atspace.com," where visitors were treated to a message that read: "You think that you control the domains but you don't! Everybody knows wrong. We control the domains including ICANN! Don't you believe us?"
The attack on ICANN follows closely on the heels of Thursday's announcement that the organization intended to loosen stringent regulations regarding the assignment and oversight of top level domains, allowing an unlimited number of Web address suffixes in order to create unique customizations.
The landmark decision, which will go into effect in 2009, would allow almost any word to replace .com or .org in a Web site, opening up almost limitless possibilities for domain names. |