Subscribe to RSS Feed

12|17|2014 11:18 am EDT

ICANN systems compromised through phishing attack

by Frank Michlick in Categories: ICANN / Policy

Tags: , ,

A number of ICANN’s staff email accounts have been compromised by a phishing attack, which lead to administrative passwords to other systems being exposed as well, as Necraft reports.

The Internet Corporation for Assigned Names and Numbers (ICANN) has fallen victim to a phishing attack which resulted in the attackers gaining administrative access to some of ICANN’s systems, including its Centralized Zone Data Service (CZDS).

In an email alert sent this morning, ICANN said it believes a spear phishing attack in November resulted in several ICANN staff members’ email credentials being compromised. The stolen passwords were then used to gain unauthorised access to multiple ICANN systems, which could have resulted in other usernames and passwords being compromised.

Although CZDS passwords are stored as salted hashes, ICANN has taken the precaution of deactivating passwords and API keys used on the compromised CZDS service. ICANN implemented some security enhancements earlier this year, which it believes limited the extent of the unauthorised access, and has implemented further measures since this attack.

Here’s the email that ICANN wrote to users of is CZDS:

ACTION REQUIRED: CZDS Security Disclosure

ICANN is investigating a recent intrusion into our systems. We believe a
“spear phishing” attack was initiated in late November 2014. It involved email
messages that were crafted to appear to come from our own domain being sent to
members of our staff. The attack resulted in the compromise of the email
credentials of several ICANN staff members.

In early December 2014 we discovered that the compromised credentials were
used to access certain ICANN systems including the Centralized Zone Data
Service (CZDS). 

You are receiving this notice because the attacker obtained administrative
access to all files in the CZDS including copies of the zone files in the
system. The information you provided as a CZDS user might have been downloaded
by the attacker. This may have included your name, postal address, email
address, fax and telephone numbers, and your username and password. Although
the passwords were stored as salted cryptographic hashes, we have deactivated
your CZDS password (and API key if applicable) as a precaution. Additional
information about the attack is included in an announcement that is posted at
https://www.icann.org/news.

In order to continue using CZDS, please visit http://czds.icann.org and follow
the instructions there to request a new password. We suggest that you take
appropriate steps to protect any other online accounts for which you might
have used the same username and/or password.  

This notice was not delayed as a result of a law enforcement investigation.
Earlier this year, ICANN began a program of security enhancements in order to
strengthen information security for all ICANN systems. We believe these
enhancements helped limit the unauthorized access obtained in the attack.
Since discovering the attack, we have implemented additional security
measures.

We are providing information about this incident publicly, not just because of
our commitment to openness and transparency, but also because sharing of
cybersecurity information helps all involved to assess threats to their
systems.

If you would like further assistance or information, you may contact us by
email to customerservice@icann.org or by telephone at +1-424-277-3192 or U.S.
toll-free at +1-800-401-1703.

Thank you for your attention to this. We sincerely regret any inconvenience or
concern this incident may cause you.


ICANN Registry Services

 

09|02|2014 01:55 pm EDT

NameCheap for NetNeutrality: FCC, don’t flush our rights down the toilet [video]

by Frank Michlick in Categories: ICANN / Policy

Tags:

NameCheap Released a video today for Net Neutrality:

 

 

Find out more here: http://netneutrality.com/

07|30|2014 10:07 am EDT

ICANN tells US Court that ccTLDs are not property and thus cannot be seized

by Frank Michlick in Categories: ICANN / Policy

Tags:

Files Motion to Quash in U.S. legal action aimed at Seizing Top-Level Domains

The Internet Corporation for Assigned Names and Numbers (ICANN) has told a U.S. federal court in the District of Columbia, that a country code Top-Level Domain (ccTLD) cannot be considered “property,” and thus cannot be attached by plaintiffs in a lawsuit, who are trying to obtain the assets of countries that they argued have supported terrorism.

“We filed a Motion to Quash in the US federal court today, to ensure that the court has the essential information about how the Internet’s domain name system (DNS) works. While we sympathize with what plaintiffs may have endured, ICANN’s role in the domain name system has nothing to do with any property of the countries involved”, said John Jeffrey, ICANN’s General Counsel and Secretary.

“We explained in our Motion to Quash, that country code Top-Level Domains (ccTLD) are part of a single, global interoperable Internet which ICANN serves to help maintain.” Jeffrey further explained that “ccTLD’s are not property, and are not ‘owned’ or ‘possessed’ by anyone including ICANN, and therefore cannot be seized in a lawsuit.”

ICANN’s arguments were put forth when the victims of terrorism who had successfully won lawsuits against Iran, Syria and North Korea, sought to collect on those civil judgments.  In their attempt to recover assets from these countries, the plaintiffs served ICANN with “writs of attachment” and subpoenas seeking information to help them seize the ccTLDs of those nations.

The ccTLDs (and related IP addresses) targeted by the plaintiffs include; .IR (Iran), .SY (Syria) and .KP (North Korea), as well as internationalized top-level domains in non-ASCII characters for Iran and Syria.

ICANN explains the motion as follows:

  • First, a ccTLD simply is not “property” subject to attachment.
  • Second, although operating for the benefit of the people of Iran, Syria and North Korea, respectively, the relevant ccTLDs are not “owned” by the defendants or anyone else, for that matter.
  • Third, the .IR, .SY and .KP ccTLDs are not “located” in the District of Columbia or even the United States, and therefore are beyond the reach of Plaintiffs’ Writs of Attachment.
  • Fourth, even if these ccTLDs could be characterized as “property in the United States of the defendants,” this Court would lack jurisdiction over these proceedings, according to the Foreign Sovereign Immunities Act.
  • Fifth, ICANN does not unilaterally have the capability or authority to transfer the .IR, .SY or .KP ccTLDs to Plaintiffs.
  • Finally, a forced transfer of the .IR, .SY and .KP ccTLDs would destroy whatever value may exist in these ccTLDs, would wipe out the hundreds of thousands of second-level domain names registered therein by various individuals, businesses and charitable organizations, and could jeopardize the single, global, interoperable structure the Internet.

The ICA comments: ICANN’s .IR Response Opens Legal Can of Worms

[via Press Release]

11|15|2013 10:27 am EDT

Buenos Aires Airport closure leaves many ICANN 48 attendees stranded

by Frank Michlick in Categories: ICANN / Policy

Tags:

As the 48th ICANN meeting is set to start in Buenos Aires, many of the attendees were stranded today in Montevideo, Uruguay  and other South American airports due to an airport closure in Buenos Aires. An Austral Embraer ERJ-190 on behalf of Air Austral/Aerolineas Argentina coming from Rio de Janeiro (Brazil), overrun the runway and only came to a halt after the nose of the machine had hit the localizer antenna about 220 meters/730 feet past the runway end at 5:45 local time this morning (UTC-3). None of the 96 passengers was injured and they were all taken to the terminal. According to reporting of the airport there was a cold front passing through the area at the time. The airline reports that the incident occurred due to a sudden change in wind direction and speed.

Flight  AU-2255/AR-2255 in the Localizer Radar, posted by @JuanMCornejo

Flights into the aiport resumed again after about three hours, but some attendees will now only arrive tomorrow. DNN was not able to confirm if any ICANN 48 attendees were on the flight itself.

 

[via AVHerald and the ICANN Social Group on Facebook, picture posted on twitter by @JuanMCornejo]

 

07|11|2013 11:44 am EDT

The Internet Architecture Board considers Dotless Domains Harmful

by Frank Michlick in Categories: ICANN / Policy

Tags: , , , , , , , ,

The Internet Architecture Board (IAB), which is a committee of the Internet Engineering Task Force (IETF) issued a statement today that it considers Dotless domains, such as the proposed “SEARCH” by Google harmful and will not work together with currently used procedures. As the statement explains:

Unfortunately, dotless domains will not work as intended by TLD operators in the vast majority of cases. As recommended by IETF standards track RFCs, existing deployed systems apply a search list to single-label names prior to attempting to resolve them. As a result, the resolution of dotless domains depends on local configuration such as the search list. For example, in a location where “example.com” is included within the search list, the URL http://printer1/ will generate a query for “printer1.example.com”, whereas in a location where “example.net” is in the search list, it will generate a query for “printer1.example.net”.

Aside from the Google proposal for its application for ‘SEARCH’, apparently this practice currently is already used by some existing Top Level Domains according to the statement.

With this background the IAB issues the following recommendations:

  1. The IAB strongly recommends against considering, implementing, or deploying dotless domains.
  2. The IAB believes that dotless domains are inherently harmful to Internet security.
  3. Applications and platforms that apply a suffix search list to a single-label name are in conformance with IETF standards track RFCs. Furthermore, applications and platforms that do not query DNS for a TLD are in conformance with IETF standards track recommendations intended to minimize security vulnerabilities and reduce load on the root servers.

[Hat tip to Michele Neylon of Blacknight, IAB Statement]

11|15|2012 12:09 pm EDT

gTLD specialist Kurt Pritz resigns as ICANN’s CSO over conflict of Interest

by Frank Michlick in Categories: ICANN / Policy, People

Tags: , , , ,

Picture from ICANN

As per an announcement from ICANN CEO Fadi Chehade, Kurt Pritz, former Chief Strategy Officer at ICANN and gTLD specialist has resigned from ICANN. Until Pritz became Chief Strategy officer in October he was Vice President for Stakeholder Relations. During the new gTLD program he was the key person presenting many of the facts of the program to various stakeholders.

To the ICANN Community,

Regretfully, I have accepted the resignation of Kurt Pritz, who has served most recently as ICANN’s Chief Strategy Officer.

Kurt has submitted his resignation because of a recently identified conflict of interest, which he immediately communicated to ICANN. After analyzing this conflict of interest, we decided that a change in Kurt’s role within ICANN would be appropriate. Kurt decided to resign his position and role as an officer of ICANN, to best serve the interests of the organization. Kurt will be engaged as a subject matter expert where needed, but will have no access to new gTLD applicant information nor will he play a role in the new gTLD program.

I have already put in place a plan for the reassignment of all of Kurt’s management responsibilities.

I would like to thank Kurt for his many years of service and commitment to ICANN and our community.

Respectfully,
Fadi

Further details about the nature of the conflict of interest have not been released.

[via DomainIncite]

11|14|2012 03:23 pm EDT

ICANN new gTLD Draw to Take Place on Dec 17th

by Frank Michlick in Categories: ICANN / Policy, Up to the Minute

Tags: , ,

A Christmas gift from ICANN to new gTLD applicants? Information from today’s ICANN teleconference for new gTLD applicants.

  • The new gTLD draw will take place on December 17th, 2012 (afternoon)
  • Tickets for the draw have to be purchased before that date. Tickets will be for sale from December 12th to the morning of December 17th at the Hilton LAX in Los Angeles.
  • The draw will take place at the Hilton LAX in Los Angeles as well and will be open to the public.
  • Draw details to be published on November 16th, 2012.
  • ICANN has obtained a license to hold a lottery in California.
  • Applicants can purchase the tickets or name a proxy to purchase them for them. Applicants do not have to be present for the draw.
  • Evaluation results to be expected in August 2013 (originally June 2013)
  • Background screening results will be published at the same time as Initial Evaluation results.
  • 6 Application withdrawals (AND, ARE, EST, CHATR, CIALIS, KSB) have been withdrawn, 7 additional withdrawals are in progress
  • 0 objections have been files so far
  • 169 change requests have been submitted, 29 of them were approved, 130 are in review and 10 require follow-ups
  • TLD Application System (TAS) will reopen on November 26th, 2012. Applicants will have to reset their passwords.
  • The first Clarifying Questions from the Geo Panel for applicants for Geographic TLDs will be issued on November 26h, 2012 via the CSC portal. Applicants will be able to respond until the end of initial evaluation.
  • Other clarifying questions will be issued through TAS in January. Applicants will have four weeks to answer.
  • First initial evaluation results will be released in priority order starting March 23, 2013
  • Apparently it has not yet been decided that IDNs will go first.

The presentation slides have been published on the ICANN site.

10|15|2012 10:25 am EDT

ICANN launches first version of myicann.org

by Frank Michlick in Categories: ICANN / Policy

Tags:

As just announced by ICANN CEO Fadi Chehadé at the ICANN 45 in Toronto today, ICANN launched a first version of MyICANN.org created to aggregate, organize and personalize all of the available information from ICANN.

Explore the latest news from across the ICANN community.
Pick out what’s important to you and have it delivered directly to your Inbox.
Browse the portal to see upcoming events and subscribe to get updates on your calendar.

The organization did not set up my.icann.org (which is what I first tried when I heard about the site.

06|22|2012 12:09 am EDT

ICANN’s new gTLD Program Director Resigns

by Frank Michlick in Categories: ICANN / Policy

Tags: , , , , ,

As announced by ICANN today, the new gTLD Program Director Michael Salazar has resigned. Kurt Pritz has been appointed to take on direct oversight of the entire New Generic Top-level Domain Program in an interim capacity. He will assume the responsibilities of New gTLD Program Director in addition to his responsibilities as Senior Vice President for Stakeholder Relations. Pritz will remain in the interim role until a new Program Director is appointed.

The announcement goes on to say that “He is authorized to bring the full resources available to ICANN to bear on the application evaluation process to improve customer support, applicant communications, security and reporting.” Some applicants had pointed out that it takes ICANN more than five working days to respond to questions in the new gTLD program.

Kurt Pritz will be reporting to COO, Akram Attalah, in his new role in addition to his current responsibilities for which he reports to the CEO. In the announcement, ICANN also promises the introduction of “several new tools” that will “help applicants with any issues or questions about the evaluation process“.

05|08|2012 02:05 pm EDT

ICANN Offers new gTLD Applicants Refunds

by Frank Michlick in Categories: ICANN / Policy, Up to the Minute

Tags: , , ,

As per an update sent out by ICANN earlier today the California not-for-profit is now offering applicants refunds of all paid fees (about $350M USD in total) if they would like to withdraw their application prior to the publication of the list of all new TLDs that received applications. The TLD Application System (TAS) exposed some of the filenames of applications to other applicants. The board authorized refunds with a resolution during their workshop in Amsterdam on May  6th.

See the full email update from ICANN after the jump.

(more…)