Dear Visitor,

Our system has found that you are using an ad-blocking browser add-on.

We just wanted to let you know that our site content is, of course, available to you absolutely free of charge.

Our ads are the only way we have to be able to bring you the latest high-quality content, which is written by professional journalists, with the help of editors, graphic designers, and our site production and I.T. staff, as well as many other talented people who work around the clock for this site.

So, we ask you to add this site to your Ad Blocker’s "white list" or to simply disable your Ad Blocker while visiting this site.

Continue on this site freely
  HOME     MENU     SEARCH     NEWSLETTER    
CUSTOMER RELATIONSHIP MANAGEMENT NEWS. UPDATED 11 MINUTES AGO.
You are here: Home / Viruses & Malware / Comcast Hijackers Expose DNS Flaws
Comcast Hijackers Expose Flaws in Internet's DNS
Comcast Hijackers Expose Flaws in Internet's DNS
By Richard Koman / CRM Daily Like this on Facebook Tweet this Link thison Linkedin Link this on Google Plus
PUBLISHED:
MAY
30
2008
Teenage hackers temporarily hijacked and defaced several Comcast Web sites and redirected user e-mail in an exploit that appears to expose fundamental weaknesses in the Internet's Domain Name System. The hackers, known as Defiant and EBK, apparently used "social engineering" -- persuading insiders to hand over account information -- to break into Comcast's account at domain registrar Network Solutions.

Comcast.net -- Comcast's main Web site -- was down for more than two hours, sporting a pink-on-white message that "KYROGENIX Defiant and EBK RoXed COMCAST sHouTz To VIRUS Warlock elul21 coll1er seven."

In addition, the WHOIS database of domain ownership spewed out a stream of obscenities when queried for information on Comcast sites.

Domain Jacking

Andrew Storms, director of security operations at nCircle Network Security, explained the nature of the exploit in an e-mail. "While we haven't seen all the details on exactly what did transpire, more than likely the hackers performed what would be considered a well-known and understood attack called domain hijacking," Storms said.

"The persons who maintain control over the centrally housed domain-name information with a registrar have the ability to control the DNS information for that domain. Once you have control over DNS, it's quite simple to propagate information into the Internet, telling computers where a Web site can be found."

In essence, the hackers could reroute the proper IP address for comcast.net to some other IP address -- and every time Comcast corrected the information, the hackers were able to reroute the domain.

'Really Bad'

It doesn't appear that the hackers did much more than deface Comcast's Web site and interrupt users' access to e-mail. With the level of control they had, "they could have done a lot worse," Storms said. "Instead of displaying a defacement, they could have just as easily used their control to set up a fake Webmail site to capture login information or launch phishing attacks."

In an interview with Wired's Threat Level blog, the hackers expressed fear that what may have been intended as a stunt to prove their hacking prowess could land them in trouble. "The situation has kind of blown up here, a lot bigger than I thought it would," 19-year-old Defiant told writer Kevin Poulsen. "I wish I was a minor right now, because this is going to be really bad."

The hackers said they exploited a flaw at Network Solutions, but the registrar denies any lapse. "We now know that it was nothing on our end," spokesperson Susan Wade said. "There was no breach in our system or social-engineering situation on our end."

Comcast Hatred

According to Wired, Defiant and EBK managed to get control of more than 200 Comcast domains. They said that when they initially broke in, they called the Comcast employee listed as technical contact at home to tell him what they had done. When he hung up on them, they started redirecting Comcast domains to servers under their control. They said they went through more than 50 servers in a matter of hours. "You know how hard it is to find hosting handling that kind of traffic?" EBK asked Wired. "The first one went in two minutes."

The hackers denied speculation that the hack was retribution for Comcast's blocking of BitTorrent traffic. "I'm sure they hate us, too," says Defiant. "Comcast is just a huge corporation and we wanted to take them out, and we did."

Tell Us What You Think
Comment:

Name:

Like Us on FacebookFollow Us on Twitter
MORE IN VIRUSES & MALWARE
CRM DAILY
NEWSFACTOR NETWORK SITES
NEWSFACTOR SERVICES
© Copyright 2017 NewsFactor Network. All rights reserved. Member of Accuserve Ad Network.