[CPWG] [technical-issues] Cyberspies Hijacked the Internet Domains of Entire Countries
Olivier MJ Crépin-Leblond
ocl at gih.com
Sat Apr 20 07:25:53 UTC 2019
Dear Holly,
I am not saying it shouldn't. Just asking an open question.
BTW as CPWG is now CC'ed to this, Michele Neylon informed us that the
Wired article was alarmist and a more accurate coverage of the incident
would be the Register article:
https://www.theregister.co.uk/2019/04/17/sea_turtle_dns/
Registry lock is probably the feature that should be enabled by default.
Kindest regards,
Olivier
On 20/04/2019 04:24, Holly Raiche wrote:
> Hi Olivier
>
> Why isn’t this something that ALAC should take up?
>
> Holly
>
>> On Apr 20, 2019, at 3:30 AM, Olivier MJ Crépin-Leblond <ocl at gih.com
>> <mailto:ocl at gih.com>> wrote:
>>
>> Dear colleagues,
>>
>> I have just read an article on Wired that speaks of mass scale cyber
>> attacks on the DNS:
>> https://www.wired.com/story/sea-turtle-dns-hijacking/
>>
>> This looks very serious indeed. Furthermore, it appears to be
>> happening on domains that are not DNSSEC enabled/signed. And of
>> course, this is a known vulnerability. But one thing that has somehow
>> shocked me was that one of the way to avoid this was using a
>> "Registry Lock" which many Registries were unwilling to implement.
>>
>> Is it time to (a) ask SSAC what this is all about and (b) get the
>> ICANN Board to mandate an essential security implementation before
>> the whole DNS falls apart for lack of trust? Or is this article way
>> too alarmist? My big concern at the moment is that if I was a
>> Government representative, I'd ask "who runs this DNS?" and upon
>> being told it's ICANN, I'd think that ICANN is incompetent in making
>> the DNS safe from attack. As a result -> DNS is a critical resource
>> -> get it run by countries rather than this incompetent organisation.
>> (a lose-lose for all of us)
>>
>> Kindest regards,
>>
>> Olivier
>> _______________________________________________
>> Technical-issues mailing list
>> Technical-issues at atlarge-lists.icann.org
>> <mailto:Technical-issues at atlarge-lists.icann.org>
>> https://atlarge-lists.icann.org/mailman/listinfo/technical-issues
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mm.icann.org/pipermail/cpwg/attachments/20190420/8d822cce/attachment.html>
More information about the CPWG
mailing list