ICANN Announcements

Read ICANN Announcements to stay informed of the latest policymaking activities, regional events, and more.

Response to Recent Security Threats

3 July 2008

In addition to the ICANN Languages, this content is also available in

ICANN has been the recent target of online attacks. This announcement provides more information on those attacks and ICANN's response to them.

As has been widely reported, a number of domain names, including icann.com and iana.com were recently redirected to different DNS servers, allowing a group to provide visitors to those domains with their own website.

The domains in question are used only as mirrors for ICANN and IANA's main websites. The organizations' actual websites at icann.org and iana.org were unaffected.

The DNS redirect was a result of an attack on ICANN's registrar's systems. A full, confidential, security report from that registrar has since been provided to ICANN with respect to this attack.

It would appear the attack was sophisticated, combining both social and technological techniques, but was also limited and focused. The redirect was noticed and corrected within 20 minutes; however it may have taken anywhere up to 48 hours for the redirect to be entirely removed from the Internet.

ICANN is confident that the lessons learned and new security measures since introduced will ensure there is not a repeat of this situation in future. ICANN's Security and Stability Advisory Committee (SSAC) is considering the issue of access to domain names through registrars as a priority research topic. The results of that work will be made available through the usual channels.

In a separate and unrelated incident a few days later, attackers used a very recent exploit in popular blogging software Wordpress to target the ICANN blog. The attack was noticed immediately and the blog taken offline while an analysis was run. That analysis pointed to an automated attack. The blogging software has since been patched and no wider impact (except the disappearance of the blog while the analysis was carried out) was noted.

In response to the attacks, ICANN has started an internal review of its existing security procedures to see if there are any lessons that can be learnt and to make any improvements necessary. Full reports on both incidents have been provided to law enforcement agencies.