[GTLD-WG] [CPWG] [technical-issues] Cyberspies Hijacked the Internet Domains of Entire Countries

Olivier MJ Crépin-Leblond ocl at gih.com
Sat Apr 20 07:25:53 UTC 2019


Dear Holly,

I am not saying it shouldn't. Just asking an open question.
BTW as CPWG is now CC'ed to this, Michele Neylon informed us that the
Wired article was alarmist and a more accurate coverage of the incident
would be the Register article:
https://www.theregister.co.uk/2019/04/17/sea_turtle_dns/
Registry lock is probably the feature that should be enabled by default.
Kindest regards,

Olivier

On 20/04/2019 04:24, Holly Raiche wrote:
> Hi Olivier
>
> Why isn’t this something that ALAC should take up?  
>
> Holly
>
>> On Apr 20, 2019, at 3:30 AM, Olivier MJ Crépin-Leblond <ocl at gih.com
>> <mailto:ocl at gih.com>> wrote:
>>
>> Dear colleagues,
>>
>> I have just read an article on Wired that speaks of mass scale cyber
>> attacks on the DNS:
>> https://www.wired.com/story/sea-turtle-dns-hijacking/
>>
>> This looks very serious indeed. Furthermore, it appears to be
>> happening on domains that are not DNSSEC enabled/signed. And of
>> course, this is a known vulnerability. But one thing that has somehow
>> shocked me was that one of the way to avoid this was using a
>> "Registry Lock" which many Registries were unwilling to implement.
>>
>> Is it time to (a) ask SSAC what this is all about and (b) get the
>> ICANN Board to mandate an essential security implementation before
>> the whole DNS falls apart for lack of trust? Or is this article way
>> too alarmist? My big concern at the moment is that if I was a
>> Government representative, I'd ask "who runs this DNS?" and upon
>> being told it's ICANN, I'd think that ICANN is incompetent in making
>> the DNS safe from attack. As a result -> DNS is a critical resource
>> -> get it run by countries rather than this incompetent organisation.
>> (a lose-lose for all of us)
>>
>> Kindest regards,
>>
>> Olivier
>> _______________________________________________
>> Technical-issues mailing list
>> Technical-issues at atlarge-lists.icann.org
>> <mailto:Technical-issues at atlarge-lists.icann.org>
>> https://atlarge-lists.icann.org/mailman/listinfo/technical-issues
>

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://atlarge-lists.icann.org/pipermail/gtld-wg/attachments/20190420/8d822cce/attachment-0001.html>
-------------- next part --------------
_______________________________________________
CPWG mailing list
CPWG at icann.org
https://mm.icann.org/mailman/listinfo/cpwg


More information about the GTLD-WG mailing list