[ISN] Comcast's DNS records hijacked by pair of young hackers

From: InfoSec News (alerts@private)
Date: Sat May 31 2008 - 01:27:00 PDT


By Humphrey Cheung 
TG Daily   
May 30, 2008

Philadelphia (PA) - Comcast's homepage and webmail were unavailable for 
several hours from Wednesday to Thursday after a pair of young hackers 
hijacked the company's DNS records.  The hackers, going by the names of 
Defiant and EBK, also defaced the Comcast.net homepage after they tried 
warning Comcast's technical contact about the intrusion.  By Thursday 
night, all Comcast services seemed to be working normally.

Comcast users reported having problems with their webmail accounts 
starting on Wednesday night.  According to an interview done by Wired, 
the hackers used a security vulnerability and a bit of social 
engineering to gain access to Comcast's DNS management page at Network 
Solutions.  At first, Defiant and EBK just changed some of the DNS 
contact information, but then escalated to much more drastic actions 
after trying to warn a Comcast manager about the vulnerability - that 
manager apparently hung up on the hackers, a very very bad move on his 
part if true.

Throughout Wednesday night, the hackers repointed Comcast's DNS entries 
and defaced the Comcast.net homepage with "KRYOGENIKS Defiant and EBK 
RoXed Comcast sHouTz to VIRUS Warlock elul21 coll1er seven".  In all the 
hackers had to set up approximately 50 web hosting accounts to handle 
the traffic load - as one account reached its bandwidth limit, they 
would open another one to take its place.

But while the pair were initially fairly happy at their success, the 
Wired interviewer writes that the duo pretty much expect the police to 
be busting down their door in the near future.

Attend Black Hat USA, August 2-7 in Las Vegas, 
the world's premier technical event for ICT security experts.
Featuring 40 hands-on training courses and 80 Briefings 
presentations with lots of new content and new tools.
Network with 4,000 delegates from 50 nations.  
Visit product displays by 30 top sponsors in 
a relaxed setting. http://www.blackhat.com

This archive was generated by hypermail 2.1.3 : Sat May 31 2008 - 01:39:52 PDT