The ICANN and IANA websites suffered hackers, with a Turkish group called “NetDevilz” claiming responsibility for the attack. The hack meant internet users were temporarily redirected from both sites last Thursday.
Hijacked domains included “icann.com”, “icann.net”, “iana.com” and “iana-servers.com” with users redirected to an illegitimate site, according to researchers at zone-h.org, a group that collects evidence of site attacks, including page defacements and redirects.
Their domains were redirecting to a hosting space at “atspace.com” where the defacers left the following message:
“You think that you control the domains but you don’t! Everybody knows wrong. We control the domains including ICANN! Don’t you believe us?”
We reached the defacers by email but they refused to tell us how they changed the DNS records, however a cross-site scripting or cross-site request forgery vulnerability might have been exploited.
The hack last for 20 minutes. “We reached the defacers by e-mail but they refused to tell us how they changed the DNS records, however a cross-site scripting or cross-site request forgery vulnerability might have been exploited,” zone-h said.
The hack attack happened on the same day ICANN voted to allow the relaxation of rules to enable the creation of new gTLDs, hopefully end domain tasting and enabling a limited number of internationalised domain names.
Screenshots of the hacker’s defacement of the effected websites are available from the zone-h website at zone-h.org/content/view/14973/30/.