The official domains of ICANN, the Internet Corporation for Assigned Names and Numbers, and IANA, the Internet Assigned Numbers Authority were hijacked earlier today, by the NetDevilz Turkish hacking group which also hijacked Photobucket’s domain on the 18th of June. Zone-H mirrored the defacements, some of which still remain active for the time being.
Read more here - "ICANN and IANA’s domains hijacked by Turkish hacking group". A single email appears to have been used in the updated DNS records of all domains, logically courtesy of the NetDevilz team - firstname.lastname@example.org
More details will be posted as soon as they emerge.
The ICANN has restored access to its domains, and as in every other DNS hijacking the correct records will be updated on a mass scale in 24/48 hours. Some press coverage :
Ankle-biting hackers storm net's overlords, hijack their domains
Hackers hijack critical Internet organization sites
No such thing as a guaranteed safe site
Good Always Comes Out of Bad
Hackers Deface ICANN, IANA Sites
ICANN publicity may have triggered malicious behavior
Turkish Hackers Relive Memories in Photobucket
ICANN Web Site Compromise
Moreover, according to an article at Computerworld, the ICANN weren't aware of the hijack :
"A spokesman for ICANN contacted Friday morning wasn't aware of the hack, and declined comment until he find out more."
Let's hope that they issue a statement on the situation once they know more about how it happened. More comments follow from the ICANN - "Turkish Hacker Group Strikes Again, This Time Victims are ICANN and IANA" :
"Latest response received by CircleID from ICANN states that the problem took place at their registrar level. A Whois look up shows Register.com as the registrar for the hacked domains. ICANN has further stated that the registrar "fixed the dns redirection within 20 minutes of us notifying them of the problem. The registrar is actively investigating what happened and has promised to report back to us on what happened."
This is the second time in a row when DNS hijacking happens through Register.com compared to Comcast.net's one done through Network Solutions.