Comcast's DNS records hijacked by pair of young hackers

May 30, 2008

Humphrey Cheung

Philadelphia (PA) - Comcast's homepage and webmail were unavailable for several hours from Wednesday to Thursday after a pair of young hackers hijacked the company's DNS records.  The hackers, going by the names of Defiant and EBK, also defaced the homepage after they tried warning Comcast's technical contact about the intrusion.  By Thursday night, all Comcast services seemed to be working normally.

Comcast users reported having problems with their webmail accounts starting on Wednesday night.  According to an interview done by Wired, the hackers used a security vulnerability and a bit of social engineering to gain access to Comcast's DNS management page at Network Solutions.  At first, Defiant and EBK just changed some of the DNS contact information, but then escalated to much more drastic actions after trying to warn a Comcast manager about the vulnerability - that manager apparently hung up on the hackers, a very very bad move on his part if true.

Throughout Wednesday night, the hackers repointed Comcast's DNS entries and defaced the homepage with "KRYOGENIKS Defiant and EBK RoXed Comcast sHouTz to VIRUS Warlock elul21 coll1er seven".  In all the hackers had to set up approximately 50 web hosting accounts to handle the traffic load - as one account reached its bandwidth limit, they would open another one to take its place.

But while the pair were initially fairly happy at their success, the Wired interviewer writes that the duo pretty much expect the police to be busting down their door in the near future.

main page ATTRITION feedback