Comcast Briefly Loses Control of Its Domain Name

Fallen Andy notes that Comcast, one of the largest US ISPs, lost control of its domain name to what appeared to be juvenile social engineers of the old school — i.e. not in it for the money. The intruders got into Comcast's registrar account at Network Solutions and repointed the domain's DNS records. A blog entry at SANS points out how trivially easy this can be. Reader ElvenKnight points out an insightful interview up at Wired with the two young guys who perpetrated the hack.

Network Solutions seems to be the common trend.

[Flamora]

Other websites that I know of have had this happen in the past, and the common trend seems to be that Network Solutions has been their domain registrar. The largest site in recent memory that this occurred to other than Comcast was SomethingAwful.

Perhaps it's a sign of a more underlying flaw in Network Solutions' security?

Luckily Comcast doesn't host common AJAX libraries

[Anonymous Coward]

Imagine what would happen if one central host were to host widely used AJAX libraries to help with caching and that host got its DNS mangled.

Re:Expiring domains

[Flamora]

It wasn't even that Comcast's domain expired. The pair involved in this managed to gain access to Comcast's Network Solutions control panel and had full authoritative control over the domains.

Apparently, according to the linked articles, they pulled it off twice, too. This wasn't a case of "oh sweet, that's not registered anymore, yoink", it was a case of actual wresting of control.

The question is if the weakness in security lies with Comcast (i.e. a weak password for the panel) or Network Solutions (i.e. weakness in their portal, weak transmission of passwords, etc).

Everything old is new again.

[Rob T Firefly]

Recent memory, my eye. This same thing happened to my old zine in 1999, and the trick was already old hat back then. We even published a how-to article about it, [phonelosers.net] since our specialty was old tricks everyone already thought were lame.

The best part: Network Solutions were of absolutely no help to us in getting our own domain back from the hijackers, so we ended up having to use the same trick to just steal it back again. Three times.

Re:Luckily Comcast doesn't host common AJAX librar

[morgan_greywolf]

Imagine what would happen if one central host were to host widely used AJAX libraries to help with caching and that host got its DNS mangled.

Maybe he's trolling and maybe not, but he's got a very good point, you have to admit.

Re:Everything old is new again.

[Flamora]

Oh, I'm just talking of things that I've directly experienced myself. I wouldn't be surprised in the slightest if this is an old trend that's been going on for a while.

And from what was said by the admin team at SA, Network Solutions wasn't any help to them at all, either. Funny, that.

Re:The consequences might not be as fun

[morgan_greywolf]

So some kid who "tags" an abandoned building and gets caught gets to spend the night in jail, but throw the book at some kid who, through some feat of ingenuity, manages to "tag" the Washington Monument?

That seem fair to you?

Re:The consequences might not be as fun

[Scutter]

It was a terrorist attack intended to disrupt a major part of the infrastructure, period.

Oh, really? You were there? You know what they were thinking? How do you know it wasn't a couple of punk kids just screwing around and not realizing what they were getting themselves into?

I never said they shouldn't be charged. I (and the parent I responded to) both just said that they will likely be charged with much more than the crime warrants.

Re:The consequences might not be as fun

[parcel]

harvested logins of customers.

FTFA:

Fellow hackers, relying on press reports claiming that customer data may have been compromised, are hitting up the duo for passwords to Comcast e-mail accounts, which they say they don't have. "Nobody was listening in on the ports to try and get usernames and password," says Defiant. "We could have, but we didn't." (On this point, Comcast and the hackers agree).

Re:The consequences might not be as fun

[swillden]

I personally couldn't care less what they charge them with. If you going to do something so high profile you better expect that your punishment is going to be equally if not more so.

I think they've figured that out... now. From the Wired interview:

"The situation has kind of blown up here, a lot bigger than I thought it would," says Defiant, a 19-year-old man whose first name is James. "I wish I was a minor right now because this is going to be really bad."

They claim they called Comcast's technical contact and told him they'd taken control of the domain, BEFORE they changed anything. I don't know if it'll help them in court, but it sounds like if he hadn't blown them off, it really would have been a harmless prank. That doesn't justify their decision to redirect, but the Comcast guy should have at least bothered to check.

After they were blown off by him, these punks lost their tempers:

"I was trying to say we shouldn't do this the whole damn time," says Defiant.

"But once we were in," adds EBK, "it was, like, fuck it."

Well, I hope they had fun, because they're going to be paying for it, big time.

Re:The consequences might not be as fun

[Anonymous Coward]

since when "what they were thinking" is an excuse to break law?

Re:The consequences might not be as fun

[something_wicked_thi]

Since they invented the difference between first and second degree murder. Intent matters.

If Comcast had sense...

[Pazy]

If Comcast has any sense they will try to hire the guys rather than drag them through the courts. We need people like this looking for and fixing flaws rather than exploiting them.

Re:The consequences might not be as fun

[Anonymous Coward]

Stuff like this needs to happen so that corporate America can wake the $uck up! It also points out how much risk these companies are willing to take on security all with our money.

Since terrorism is the new buzz word, if nothing else that is what they will be labeled. Agree with it or not the real issue here is how blatantly our Government has the backs of companies and not the people, scary times are here -

Re:The consequences might not be as fun

[Hijacked Public]

Since when did the monetary cost of a crime determine its punishment?

Since Babylon? An eye for an eye and such. Or more directly, fines could be levied that were determined "according to the enormity of the offence".

Re:The consequences might not be as fun

[Chris Mattern]

Since when did the monetary cost of a crime determine its punishment?

Since always, basically. The prime example would be theft, which has always been both a misdemeanor or a felony, depending on how much is stolen.

The premeditated murder of a drug dealer and the premeditated murder of famous Hollywood celebrity certainly have different economic impacts, but both are capital offenses punishable by (at the very least) life imprisonment.

With crimes against persons, any monetary impact is considered so secondary as to not be worthy of consideration, generally (a few centuries back, this wasn't the case; in medieval law, if you murdered somebody rich and important, the penalty was indeed greater than if you murdered a serf). With crimes against property, the monetary impact is basically the point. This was a crime against property.

Ubuwalker's 6 pronged guide to terrorism

[ubuwalker31]

Actually, what you describe (violent act intending to cause intimidation) is not necessarily terrorism. It could be the legitimate use of force, the result of an armed robbery, or a simple assault.

This is why I developed:

Ubuwalker's 6 pronged guide to determining if a person or entity is a terrorist:

1) Did they intend to cause mass terror? [This is an objective test; just because something is scary, doesn't make it terrorism.]

2) Did they use violence or threat of violence? [This rules out non-violent protesters, but includes activities related to violence, like arson]

3) Did they deliberately (and routinely) target non-combatant civilians? [Actions that target military personnel aren't terrorism. An entity which is involved in isolated and infrequent acts which meet criteria 1-6 are more characteristic of war crimes, rather than terrorism, as they might be revenge attacks or guerrilla attacks of opportunity, or of splinter cells, or accidental engagements of civilian target, or engagements of legitimate military targets where civilian combatant are killed, and thus would not be indicative of a systematic policy of engaging in terrorism]

4) Are they a non-governmental organization? [otherwise the action is a war-crime or crime against humanity or piracy or the actor is a State Sponsor of Terrorism]

5) Did they have a political goal? [This rules out ordinary criminals and vandals and street thugs and normal military action]

6) Do they disguise themselves or pretend that they are ordinary civilians? [This goes to the fundamentally unlawful nature of terrorism, by not acting under the color of the laws of war or international law, and thereby putting civilians at risk of attack or collateral damage]

If you don't meet all of these criteria, or find yourself arguing that a group doesn't meet a prong, then you might be dealing with something other than terrorism. Like Piracy (missing prong 5), ordinary military action (lacking 3 and 4 and 6), covert government operations (lacking 4), war crimes (lacking 4), paramilitary/freedom fighters/insurgents (lacking 1, 3).

A State Sponsor of Terrorism provides support to non-governmental entities engaged in terrorist activities. It is fair to say that a leader who supports terrorism is himself a terrorist, sort of like how its fair to say an accessory to murder is a murderer. However, deliberately targeting civilians/ethnic cleansing/genocide is a war crime, and calling war criminals terrorists just confuses the issue.

Hackers and script kiddies are just ordinary criminals. If Al Queda launched a cyber attack to knock out a hospitals computer infrastructure, that would be terrorism.