Forgot your password?
typodupeerror
Security The Internet

Comcast Briefly Loses Control of Its Domain Name 222

Posted by kdawson
from the old-skool-pwned dept.
Fallen Andy notes that Comcast, one of the largest US ISPs, lost control of its domain name to what appeared to be juvenile social engineers of the old school — i.e. not in it for the money. The intruders got into Comcast's registrar account at Network Solutions and repointed the domain's DNS records. A blog entry at SANS points out how trivially easy this can be. Reader ElvenKnight points out an insightful interview up at Wired with the two young guys who perpetrated the hack.
This discussion has been archived. No new comments can be posted.

Comcast Briefly Loses Control of Its Domain Name

Comments Filter:
  • by Rosco P. Coltrane (209368) on Friday May 30, 2008 @08:57AM (#23598267)
    the two kids who perpetrated the hack

    How much do you bet the feds will come down hard on the kids and charge then with felony, cyber-"terrorism" or some other preposterous computer crime? I used to do harmless hacks for fun in years past, but these days it's not really wise.
    • by Scutter (18425) on Friday May 30, 2008 @09:01AM (#23598297) Journal
      How much do you bet the feds will come down hard on the kids and charge then with felony, cyber-"terrorism" or some other preposterous computer crime? I used to do harmless hacks for fun in years past, but these days it's not really wise.

      That was hardly a "harmless hack". There is a lot of money tied to that domain and when it's down, it's a serious problem for a lot of people. That said, I agree that charging them as cyber-terrorists would be severe overkill.
      • Re: (Score:2, Insightful)

        by Akita24 (1080779)
        While I in no way condone what they did, I do see a certain amount of poetic justice in the assholes who "hijack" their users packets getting hijacked themselves. How do you like it when they do it to you you greedy f*cks? Not fun is it CommieCast?
    • by shawn(at)fsu (447153) on Friday May 30, 2008 @09:10AM (#23598383) Homepage
      I personally couldn't care less what they charge them with. If you going to do something so high profile you better expect that your punishment is going to be equally if not more so. I hope for them it was worth it.
      • Re: (Score:2, Interesting)

        So some kid who "tags" an abandoned building and gets caught gets to spend the night in jail, but throw the book at some kid who, through some feat of ingenuity, manages to "tag" the Washington Monument?

        That seem fair to you?

        • by D Ninja (825055) on Friday May 30, 2008 @09:36AM (#23598685)
          No, it does not seem fair. But, as the GP poster pointed out, life isn't always fair. People/companies with a high profile want to set an example out of people like these two guys so it doesn't happen again.

          Hopefully the judicial system will dish out the appropriate punishment and won't get caught up in the hype. I wouldn't hold my breath, though.
        • by quanticle (843097)

          Well, yeah. Saying that the effect of tagging an abandoned warehouse is the same as the effect of tagging the Washington Monument is like saying the cost of denting a rusted out Geo Metro is the same as the cost of denting a brand new Ferrari.

        • Re: (Score:3, Insightful)

          by Hoi Polloi (522990)
          Yes, yes it does. So if they burnt down someone's business they should get the same punishment as if they burnt down an abandoned shack in the woods? They may be clever enough to turn off the fire alarm so they lets them off the hook?
        • Re: (Score:3, Insightful)

          by egyptiankarim (765774)
          It's totally fair. An abandoned building has little to no value and if these kids managed to hack some squatted domain, they probably wouldn't get much flack.

          The Washington Monument is a highly visible, highly valuable, historic landmark and if you deface it it affects a lot more people.

          I don't know about anyone else, but your analogy just made it easier for me to see fault in these kids' actions.
      • by swillden (191260) <shawn-ds@willden.org> on Friday May 30, 2008 @09:33AM (#23598621) Homepage Journal

        I personally couldn't care less what they charge them with. If you going to do something so high profile you better expect that your punishment is going to be equally if not more so.

        I think they've figured that out... now. From the Wired interview:

        "The situation has kind of blown up here, a lot bigger than I thought it would," says Defiant, a 19-year-old man whose first name is James. "I wish I was a minor right now because this is going to be really bad."

        They claim they called Comcast's technical contact and told him they'd taken control of the domain, BEFORE they changed anything. I don't know if it'll help them in court, but it sounds like if he hadn't blown them off, it really would have been a harmless prank. That doesn't justify their decision to redirect, but the Comcast guy should have at least bothered to check.

        After they were blown off by him, these punks lost their tempers:

        "I was trying to say we shouldn't do this the whole damn time," says Defiant.

        "But once we were in," adds EBK, "it was, like, fuck it."

        Well, I hope they had fun, because they're going to be paying for it, big time.

        • by Jay L (74152) *

          They claim they called Comcast's technical contact and told him they'd taken control of the domain, BEFORE they changed anything. I don't know if it'll help them in court, but it sounds like if he hadn't blown them off, it really would have been a harmless prank.


          It probably won't help them, but it certainly help anyone who might have been harmed - as a subscriber or a shareholder - and wants to sue Comcast for negligence...

    • by bconway (63464) on Friday May 30, 2008 @09:24AM (#23598543) Homepage
      It was hardly harmless. They changed all the important host entries, including mail servers, and harvested logins of customers. I don't think many people would be happy if pop.gmail.com was redirected unbeknownst to user and their password was given away with a click (or auto refresh).
      • by parcel (145162) on Friday May 30, 2008 @09:31AM (#23598599)

        harvested logins of customers.
        FTFA:

        Fellow hackers, relying on press reports claiming that customer data may have been compromised, are hitting up the duo for passwords to Comcast e-mail accounts, which they say they don't have. "Nobody was listening in on the ports to try and get usernames and password," says Defiant. "We could have, but we didn't." (On this point, Comcast and the hackers agree).
        • by bconway (63464) on Friday May 30, 2008 @09:58AM (#23598955) Homepage
          Read (some of) the 25+ page discussion on Broadband Reports, linked in the article. Ports 25 and 110 were active and accepting connections, followed by rejecting all logins are (presumably) harvesting their credentials. My Nmap scans during the event are included in that thread.
          • by berzerke (319205)
            Just because the ports were active does not mean any usernames/passwords were recorded. The server could have simply been set to reject all attempts.

            I wouldn't lay money on that scenario mind you, but it is possible.
          • Re: (Score:3, Informative)

            The Wired article/interview says that they were bouncing around web hosts like crazy. Of course if the point comcast.net to some large host, you'll see all kinds of services during your nmap scan.

            They were using bunches of free webhosts who almost definitely have servers listening on imap/pop3/smtp and other services. That said, it makes sense that logins intended for comcast ended up failing when they hit these random web hosts.
        • yeah...ain't that nice, they said they didn't...maybe i am just paranoid, but i already changed my passwords
          • by parcel (145162)

            yeah...ain't that nice, they said they didn't...maybe i am just paranoid, but i already changed my passwords
            Not paranoid, wise. It sounds pretty unlikely that any harvesting was going on, but still better to be safe.
        • by vslashg (209560)

          harvested logins of customers.

          FTFA:

          Fellow hackers, relying on press reports claiming that customer data may have been compromised, are hitting up the duo for passwords to Comcast e-mail accounts, which they say they don't have. "Nobody was listening in on the ports to try and get usernames and password," says Defiant. "We could have, but we didn't." (On this point, Comcast and the hackers agree).

          You have to consider the sources here; both sides have something to lose by claiming usernames and passwords were stolen. If the boys admit to stealing accounts, they're looking at a harsher sentence when this all comes crashing down. If Comcast admits accounts could have been compromised in this attack, they are facing a rather nasty security-related PR problem.

    • Re: (Score:3, Insightful)

      by Dan541 (1032000)
      Messing with someone's domain is hardly a "harmless" activity.
    • Re: (Score:3, Insightful)

      by Mizchief (1261476)
      They should throw the book at these kids. Given how easy it is to do these types of attacks the fear of punishment is needed.
  • by Flamora (877499) on Friday May 30, 2008 @09:02AM (#23598307)
    Other websites that I know of have had this happen in the past, and the common trend seems to be that Network Solutions has been their domain registrar. The largest site in recent memory that this occurred to other than Comcast was SomethingAwful.

    Perhaps it's a sign of a more underlying flaw in Network Solutions' security?
  • Wanna know why? Because they called Comcast and could get in touch with a HUMAN!

    Now *THAT'S* hacking.
    • by Thaelon (250687) on Friday May 30, 2008 @09:41AM (#23598721)
      Try this: http://www.gethuman.com/gethuman_list.asp?bname=%22C%22 [gethuman.com]

      Lazy companies create "automated systems to handle most inquiries" ignoring the fact that even their claim states its own failing, it doesn't handle them all. So we have created a database of how to circumvent the barrier to customer support.

      Now if only we could force them to hire customer support grunts without such thick accents.
    • by DriedClexler (814907) on Friday May 30, 2008 @09:46AM (#23598799)
      How come no one's made the obvious joke yet?

      Comcast: OMG!!! Outrageous!!! Some HACKERS denied us access to our OWN DOMAIN NAME!!!! Get them!!!!
      FBI: Why? They didn't take anything that belongs to you.
      Comcast: What??? Out contract with ICANN gives us unlimited access to the Comcast domain!
      FBI: Right. And what does unlimited mean?
      Comcast: Look, it's right here in Websters: "without any ..."
      FBI: No, no, not that one, use your own internal glossary.
      Comcast: Okay then, "unlimited: " ... ah, okay, see your point there.
  • by Thelasko (1196535) on Friday May 30, 2008 @09:14AM (#23598423) Journal
    It was the Slowskys [youtube.com].
  • by MarkGriz (520778) on Friday May 30, 2008 @09:16AM (#23598429)
    FTFA: "A brute force password attack is one possibility"

    Right.... it was probably 1234 (same as most slashdotter's luggage)

  • by antifoidulus (807088) on Friday May 30, 2008 @09:27AM (#23598565) Homepage Journal
    not commenting on the hack, but the fact that a human being actually set up a tricorder in his(or his parents) bathroom to take a picture of himself using a bong, and then posted it on myspace.....
  • by Pazy (1169639) <Pazy160@Hotmail.com> on Friday May 30, 2008 @09:54AM (#23598913)
    If Comcast has any sense they will try to hire the guys rather than drag them through the courts. We need people like this looking for and fixing flaws rather than exploiting them.
    • by Thelasko (1196535)

      If Comcast has any sense they will try to hire the guys rather than drag them through the courts. We need people like this looking for and fixing flaws rather than exploiting them.

      I couldn't disagree with you more. From reading the Wired article, it seems that these guys are just a bunch of scrip kiddies who got lucky. If Wired managed to track them down so quickly (through MySpace no less) than anyone can, including the FBI. If these guys were hired by Comcast they would spend their days getting paid to smoke their bongs, and nothing more. Comcast should be extremely embarrassed to be hacked by these two clowns.

    • Re: (Score:3, Insightful)

      You hire Kevin Mitnicks and Frank Abignales. You don't hire these morons.
    • by ScentCone (795499) on Friday May 30, 2008 @12:18PM (#23600951)
      If Comcast has any sense they will try to hire the guys rather than drag them through the courts. We need people like this looking for and fixing flaws rather than exploiting them.

      I have discovered that I can throw bricks through windows. But strangely, no glass manufacturers want to hire me to give them advice on the specifics of engineering brick-proof glass.
  • Taking it may have been easy, but the shocker is that Network Solutions + Comcast don't have any kind of response time... 5 hours of someone else controlling a whole swath of high-traffic names sounds like a breach of contract to me. Shouldn't Network Solutions have re-aimed those back to the default values within seconds? There's nothing that they're using to keep track of huge changes like that? Weird... that's what i would do if I were running a domain registrar.
  • Couldn't have happened to a nicer company. Fuck you Comcast for killing my TechTV. I am glad this happened, good to get some egg on their face.
  • by penguin_dance (536599) on Friday May 30, 2008 @10:26AM (#23599321)
    Technically they didn't break into Comcast, they broke into Network Solutions. They're the weak link. I like to bash Comcast as much as the next, but it was a breakdown in security at Network Solutions that allowed them to get into Comcast's registar and repoint their URLs.

  • > "Nobody was listening in on the ports to try and get usernames and password," says Defiant. "We could have, but we didn't." (On this point, Comcast and the hackers agree).

    These guys are either total idiots for getting themselves in a lot of trouble with no gain for themselves or they are lying. Comcast, on the other hand, clearly has no way of knowing if customer information was compromise. They're relying on the word of two criminals who clearly don't like the company. Comcast's agreement in the state

Put no trust in cryptic comments.

Working...