ICANN Loses Control of Its Own Domain Names

NotNormallyNormal writes "CBC picked up an AP story about ICANN recently losing control over two of their domain names on Thursday, June 26. A domain registrar run by the group transferred the domains to someone else. ICANN's press release had this to say: 'As has been widely reported, a number of domain names, including icann.com and iana.com were recently redirected to different DNS servers, allowing a group to provide visitors to those domains with their own website. It would appear the attack was sophisticated, combining both social and technological techniques, but was also limited and focused.' Comcast has had similar troubles lately as well."

Social Engineering to Take Over Entire TLDs

[Ron Bennett]

When I first read this news several days ago, I thought it was referring to the root servers ...

What most don't know is that the TLDs (ie. com, .net, etc) themselves are registered in much the same manner as 2nd level domains are ... see the TLD Whois: http://whois.iana.org/ [iana.org]

The major TLDs (.com, .net, etc) are relatively safe, since any changes would likely be difficult to get through - with any changes quickly noticed ... as in within minutes, or even seconds; likely wouldn't even be that effective, since the most popular TLDs zone dns entries are heavily cached.

However, ccTLDs are a different story completely, since ccTLD zone name server changes are more common and thus such change requests would be far less scrutinized.

I've never heard of any TLD being hijacked, but could likely be easily done, since the social engineering involved would be very similar. A frightening prospect.

Ron

Why do we need registrars?

[jibjibjib]

Why do registrars even have to exist? And why does ICANN need to pay other companies to run the actual DNS infrastructure? If ICANN ran .com, .org and .net itself, and there were no registrars/resellers, and every time someone paid for a domain all the money went straight to ICANN, surely ICANN would have enough money to run all the DNS infrastructure itself very well. Then we wouldn't have to deal with all the dodgy things that registries and registrars do, like Verisign's "Site Finder", and various slightly evil registrars stealing domains, and various registrars being incredibly insecure and transferring domains to hackers without proper authentication.

ICANN and IANA it's been a stormy affair

[Magdalene]

well, Without them There wouldn't be an internet, for one.

After reading their news release, this goes from "whoo 31337 h4x0r5 shr R Sm4r7" to disgruntaled soon to be ex employee getting he and and all his friends 12 year domains for free for as long as the DNS record is changed. It was an inside job by someone who had access to the Registrar's internal network.

Whoever made the change knew the system and how ICANN and IANA work, and also knew that ICANN can not really say 'well if you got your domain during this 'attack' we want you to pay us some more money' although they may try that. Legally, I am pretty sure it wouldn't stand up to a challenge in court.

Its nice to have a topic where my 2 cents actually mean something finally.

-MnM

Domain Despute Goddess before the fall.plain old tech goddess afterwards ;)

Re:The quality of Journalism?

[Phroggy]

You're being deliberately pedantic. I thought it was perfectly clear exactly what they meant:

Normally, A records for icann.com, www.icann.com, iana.com, www.iana.com and similar FQDNs point to IP addresses of web servers that are configured to send an HTTP redirect (via the Location header) that tells the browser to request e.g. http://www.icann.org/ [icann.org] if http://www.icann.com/ [icann.com] had been originally requested.

While more technically specific, this takes a lot more words to say than "Visitors to those addresses are normally redirected automatically to the organization's main sites at ICANN.org and IANA.org." But we all know what they meant, and anyone who doesn't know what they meant probably doesn't care. So why explain the details?