2014 Hacked ICANN data still sells at a black market premium, years after breach

A blog called Cyberscoop reports that Three years after hackers used a spearphishing attack to successfully gain access to internal data at the Internet Corporation for Assigned Names and Numbers (ICANN), the data is still being passed around and sold on black markets for $300, complete with claims that it’s never been leaked before.

The 2014 breach allowed hackers to take ICANN’s internal emails and wiki, its administrative data files, its blog and the Whois portal. Although the stolen data is important, the attack could have been worse. ICANN, which has been the target of many cyberattacks over the years, possesses much more critical information due to its day-to-day management of top-level domains (.com, .gov, etc.), the IP address space and some server systems. The fact that nothing else slipped out is a testament to good security.

But even a little data from such an important organization has black-market value for years. Here it is being sold right now on AlphaBay:

ICANN experts said the data for sale was real but from the old breach.

It’s feasible that a more successful attack could impersonate ICANN officials or take down entire top-level domains at the highest level in the hierarchical Domain Name System of the internet. Again, none of that took place but it illustrates why ICANN is a high-value and repeated targeted for attackers.

Read more from CyberScoop