ICANN victim of phishing: online account misused for cryptocurrency advertising

The network self-administration ICANN has fallen victim to phishing. Despite multifactor authentication, an attacker managed to take over the official ICANN account on the social network X on Tuesday. However, the perpetrator did not use the account for political statements or a lesson in IT security, but was looking for other victims: they were asked to buy units of a cryptocurrency called $DNS.

Anzeige

The ICANN (Internet Corporation for Assigned Names and Numbers) was “redefining digital ownership”. It is the “first memecoin that combines domain governance and Web3 culture” on the Solana blockchain. Well, if that’s not a convincing sales argument.

Anyone following the link to a website set up specifically for this purpose could come across phrases like these: “$DNS reimagines domain ownership by empowering users to stake, govern, and trade digital identities through a community-driven ecosystem.” Or: “$DNS combines utility, humor, and governance to redefine internet infrastructure.” Whatever that means, anyone who has fallen for it will not take it with humor.

ICANN confirms that the profile on the social network was compromised; it has apparently regained control and has since deleted the fraudulent postings. It is now trying to find out how the perpetrator was able to take over the profile. The results of the investigation are to be published. The case was brought to the attention of security researcher Brian Krebs.

Guilty plea to SEC compromise

X is a popular stomping ground for the cryptocurrency scene. For years, new victims have been sought and found there day in, day out. In 2020, a massive wave of Bitcoin fraud made headlines around the world, with profiles of several celebrities being misused, from Bill Gates to Elon Musk and Warren Buffet.

At the beginning of 2024, an illegitimate posting from the account of the US Securities and Exchange Commission (SEC) caused a short-term jump in the price of Bitcoin. Eric C. from Alabama played a key role in enabling someone to take over the SEC’s X account and post a false report on the approval of Bitcoin funds. He was arrested in the fall, indicted in US Federal District Court in Alabama, and has now confessed to making a fake ID with the name of an SEC employee. The perpetrator then used this ID to obtain a new SIM card from the victim’s network operator for an existing mobile phone connection (known as a SIM swap), thereby overcoming the two-factor authentication of the online account.

He then sold the access to other perpetrators in exchange for Bitcoin. C. has pleaded guilty to conspiracy to commit aggravated impersonation and fraudulent access to electronic devices. In addition to the SEC attack, the man also confessed to other SIM swaps. In the six months prior to his arrest, he is said to have earned around 50,000 US dollars. He now faces a maximum of five years in prison with up to three years of subsequent supervision and/or a fine of 250,000 US dollars. The sentence is to be determined on May 16 by the US Federal District Court for the District of Columbia (Case No. 5:24-mj-01154).

(ds)