The U.S.-regulated corporation responsible for managing the Internet’s most-crucial functions was hacked last month according to a statement from the company this week, which comes months after the Obama administration announced plans to hand regulation of the Internet Corporation for Assigned Names and Numbers (ICANN) over to the global community.
ICANN — the organization charged with managing domain names, assigning Internet protocol addresses and executing other crucial web functions under the Commerce Department — suffered a “spear phishing” attack in late November that successfully breached the company’s systems, according to a blog post on ICANN’s website.
“It involved email messages that were crafted to appear to come from our own domain being sent to members of our staff,” the post reads. “The attack resulted in the compromise of the email credentials of several ICANN staff members.”
ICANN, which essentially acts as the roadmap between websites and web connected devices, said the hackers were able to access a members-only Wikipedia page containing public information, internal emails, ICANN’s blog, the WHOIS information portal (a database of who has registered what domain names) and the Centralized Zone Data System (CZDS).
Hackers were able to gain full administrative access to the CZDS, which contains user information including names, addresses, email accounts, fax and telephone numbers, usernames and passwords. Though the passwords were encrypted, ICANN has suspended them all with the suggestion that users with recycled passwords change those passwords used for multiple accounts on the web.
The breach, which ICANN discovered in early December, comes months after the Obama administration’s announcement in March that it would transition oversight of ICANN over to a global, multi-stakeholder community model after its current contract expires in the fall of 2015. (RELATED: Ex-Bush Admin Official: Internet Giveaway Weakens Cybersecurity, Opens Door To Web Tax)
Current and former government officials along with a collection of Internet industry and policy experts have been highly critical of the administration’s move since March, warning that it could lead to global Internet censorship, weakened cybersecurity and the imposition of global Internet access taxes.