On Thursday, the domains used by ICANN, the Internet Corporation for Assigned Names and Numbers, and IANA, the Internet Assigned Numbers Authority, were hijacked. A Turkish hacking group known as NetDevilz claimed =responsibility. There is no word on how the hijack was accomplished.
The group successfully redirected ICANN site visitors to a page with the following message:
"You think that you control the domains but you don't! Everybody knows wrong. We control the domains including ICANN! Don't you believe us? haha :) (Lovable Turkish hackers group)"
According to SANS, changes to the ICANN site were corrected within 20 minutes. However, the update took another 24 to 48 hours to propagate throughout all the DNS serves worldwide.
On June 19, NetDevilz evidently hijacked Photobucket's DNS records, which resulted in a denial of service against that service.
The timing of the attack on ICANN is embarrassing for the organization, to say the least. Last week, ICANN announced it was opening up the generic top-level domain name (gTLD) to include just about anything. Currently, gTLDs are limited to .com, .net, .org, and 18 others. Under the new plan, like businesses could be organized under .healthcare, for example. In his blog, Neal Krawetz looks at the pros and the cons of the change.
None of the DNS hijacks have involved serving up malicious software.