ICANN发表声明回应近日域名被挟持事件

---Response to Recent Security Threats

Response to Recent Security Threats

     [编者按：ICANN在7月3日(美国时间)发表官方声明，回应近日域名被挟持事件问题。认为ICANN.com仅仅是ICANN.org这个主域名镜象做指向、问题发生一经发现即在20分钟内被纠正。另外还提到了黑客在ICANN网站的Blog使用开源软件Wordpress 中做手脚问题。本网在周一（7月7日）将独家披露我们夫妇在7月4日(中国时间)采访ICANN的CTO、介绍此事件的一些内幕。敬请留意。-----沈阳]

3 July 2008

ICANN has been the recent target of an online attacks. This announcement provides more information on those attacks and ICANN's response to them.

As has been widely reported, a number of domain names, including icann.com and iana.com were recently redirected to different DNS servers, allowing a group to provide visitors to those domains with their own website.

The domains in question are used only as mirrors for ICANN and IANA's main websites. The organizations' actual websites at icann.org and iana.org were unaffected.

The DNS redirect was a result of an attack on ICANN's registrar's systems. A full, confidential, security report from that registrar has since been provided to ICANN with respect to this attack.

It would appear the attack was sophisticated, combining both social and technological techniques, but was also limited and focused. The redirect was noticed and corrected within 20 minutes; however it may have taken anywhere up to 48 hours for the redirect to be entirely removed from the Internet.

ICANN is confident that the lessons learned and new security measures since introduced will ensure there is not a repeat of this situation in future. ICANN's Security and Stability Advisory Committee (SSAC) is considering the issue of access to domain names through registrars as a priority research topic. The results of that work will be made available through the usual channels.

In a separate and unrelated incident a few days later, attackers used a very recent exploit in popular blogging software Wordpress to target the ICANN blog. The attack was noticed immediately and the blog taken offline while an analysis was run. That analysis pointed to an automated attack. The blogging software has since been patched and no wider impact (except the disappearance of the blog while the analysis was carried out) was noted.

In response to the attacks, ICANN has started an internal review of its existing security procedures to see if there are any lessons that can be learnt and to make any improvements necessary. Full reports on both incidents have been provided to law enforcement agencies.

http://www.icann.org/en/announcements/announcement-03jul08-en.htm