ICANN corporation has confirmed the discovery of problems that potentially threaten the safety of its online resources. The statement published by the corporation reads that due to the problems function of the Global Domains Division portal was temporarily suspended. The portal stored data concerning all the communications with gTLD registries. Another portal that was addressed to the application for new gTLDs was also suspended. «Under certain circumstances an authenticated portal user could potentially view data of, or related to, other users», reads ICANN’s statement. Corporation representatives, however, highlight that at the moment there is no evidence that user confidential information was made available to third parties.
Safety of the portals is provided by the Salesforce security platform. And since no new alerts were received from Salesforce concerning new vulnerabilities, we can assume that the reason for the problems are technical errors of ICANN staff. Unfortunately, this is not the first time. In December 2014 several ICANN employees fell victims to a phishing attack as a result of which criminals managed to compromise several systems of the corporation. The investigation of the incident showed that many of ICANN system were not protected by two-factor authentication. Back then in December 2014 Verisign prepared a lengthy paper warning about ICANN’s technical incompetence.
Critics also draw attention to the fact that ICANN corporation is not investing it’s money in technical support of its work. Its budget has expanded significantly due to the New gTLD Program: it received more than 2000 applications, the fee for each was $185.000. Meanwhile, only 5% of ICANN’s budget is spent on performing the technical job.
