Internet domain name and Address Management Agency security officer hijacked behind

Intermediary transaction SEO diagnosis Taobao guest Cloud host technology Hall

June 26, 2008, foreign media reported that a self-proclaimed "Turkish" Hacker gangs hijacked the following domain name: icann.net,icann.com,iana-servers.com,internetassignednumbersauthority.com,iana.com. Then change the domain name to the original point and leave the following words on the page where the change points: you control all the domain names? No, the domain name, including ICANN (Internet domain name and address management), is under our control. You don't believe me? Ha ha.

In the eyes of the world's media, this is a very ironic thing. ICANN, which has been providing security guidance on Internet domain names, is on the back of its own, as well as the homepage of the Internet Address Assignment Agency (IANA). Just one day later, there are more than 10,000 reports on the Chinese website, which shows people's interest in the matter.

ICANN issued a note on the recent threat of domain name security in U.S. time, July 3 (US time). In the statement, ICANN acknowledged: "ICANN has recently become a target for cyber attacks." ICANN also points out that these incorrectly-booted domain names, such as icann.com and iana.com, are simply mirrors of the ICANN and IANA main sites. The website host domain name www.icann.org and www.iana.org of ICANN and IANA two agencies are unaffected.

The results of this icann.com, iana.com two domain DNS modification point are due to an attack on the registration system of ICANN's registrars. The Registrar has provided ICANN with a comprehensive, top-secret security report on the attack.

According to the analysis, the hacker attack means very sophisticated, they use from the community and technology to cooperate with each other's skills, but the effect is limited and less obvious. ICANN analysis said that once the DNS was found to be pointed again, within 20 minutes to return to normal, of course, the global Internet return to normal access for a maximum of 48 hours.

ICANN believes that, drawing on the lessons learned from this incident, new security measures will be adopted to ensure that the same situation does not recur in the future. ICANN's "Security and Stability Advisory Committee (SSAC)" is studying the issue of priority research, using the results of the study in the normal way.

A few days later, in an event unrelated to the attack, the attacker used a newly developed program to attack ICANN's blogging system. However, the attack was immediately detected by the monitoring program, and the ICANN website blog system disconnected. A comprehensive report on the above two incidents has been submitted to the relevant law enforcement agencies.

After seeing these media reports, I have always wanted to know more about ICANN's technical director CTO. Until 1 o'clock in the morning in Beijing July 5, only to see ICANN's Ctojohn online, he is an old friend I have known since 2002, the following is the record of our two dialogues:

I: Is it true that ICANN was hacked the day after agreeing to open a new domain name?

John: Not exactly. The breach resulted in a gap that was directed at our registrar, and some ICANN-registered domain names were modified by DNS to point to the alleged hacker's website. The main sites we use icann.org and iana.org are unaffected.

Author: Oh, there are many registered companies have been affected?

John: Only We register.com the registrar. They were the victims, and after being hacked, some of ICANN-related domain names were hijacked by the Registrar.

Author: How did all this happen?

John: Only a few ICANN's domain names have been hijacked, using the way DNS was modified. Hackers have never entered our site, they just modified the icann.com and other domain names of DNS pointing to themselves.

At this point, we have a more clear understanding of this incident. This is the global management of Internet domain names and address resource agencies ICANN own related domain names have been modified by DNS pointing. The hacker's technique is very special: from. COM Domain name Registrar ports invade the database and then point to by modifying DNS.

As can be seen from ICANN's official statement and John's response: This incident exposes the vulnerabilities of ICANN's Registrar security management, but does not represent an intrusion into ICANN's database or primary domain name and Web site. Also for the domestic media in the dissemination of the incident in the translation error made a correction.

In addition, the incident in the domestic and foreign media widely disseminated, but did not see the domestic media to find the details of the technical experts to do interpretation, so that we understand the importance of domain name security issues. In our country already has 11.82 million. CN domain name and about 4 million. com/.net/.org domain name, domain name in the world's first position, if the media only to disseminate the importance and value of registered domain name, but the lack of comprehensive, systematic and accurate guidance of registered domain name users reasonable layout, safe use of the domain name importance and impact, which will likely hinder Chinese users to fully understand the basic value of domain