Turkish criminal hackers hijack ICANN sites

On the eve of opening up a hierarchical naming system for the Internet, ICANN's sites are hijacked with a warning from criminal hackers.

Robert Vamosi Former Editor

As CNET's former resident security expert, Robert Vamosi has been interviewed on the BBC, CNN, MSNBC, and other outlets to share his knowledge about the latest online threats and to offer advice on personal and corporate security.

See full bio

Robert Vamosi

June 30, 2008 11:05 a.m. PT

On Thursday, the domains used by ICANN, the Internet Corporation for Assigned Names and Numbers, and IANA, the Internet Assigned Numbers Authority, were hijacked. A Turkish hacking group known as NetDevilz claimed =responsibility. There is no word on how the hijack was accomplished.

The group successfully redirected ICANN site visitors to a page with the following message:

"You think that you control the domains but you don't! Everybody knows wrong. We control the domains including ICANN! Don't you believe us? haha :) (Lovable Turkish hackers group)"

According to SANS, changes to the ICANN site were corrected within 20 minutes. However, the update took another 24 to 48 hours to propagate throughout all the DNS serves worldwide.

On June 19, NetDevilz evidently hijacked Photobucket's DNS records, which resulted in a denial of service against that service.

The timing of the attack on ICANN is embarrassing for the organization, to say the least. Last week, ICANN announced it was opening up the generic top-level domain name (gTLD) to include just about anything. Currently, gTLDs are limited to .com, .net, .org, and 18 others. Under the new plan, like businesses could be organized under .healthcare, for example. In his blog, Neal Krawetz looks at the pros and the cons of the change.

None of the DNS hijacks have involved serving up malicious software.