Comcast.net Hacked By High-School Dropouts
Move over Microsoft; Comcast is taking over the role as being perceived as the next "evil empire." Just ask hackers, Defiant and EBK, who managed to take over Comcast's Web portal for over five hours Wednesday night and into Thursday morning:
Thursday, the pair were dealing with their newfound fame, laughing over the press coverage with a mix of glee and nervous excitement. Some reports have speculated that the hackers were retaliating for Comcast's recent sabotage of BitTorrent traffic; Defiant and EBK say that's false: they just hate Comcast in general. "I'm sure they hate us too," says Defiant.
"Comcast is just a huge corporation, and we wanted to take them out, and we did," he says.
The pair claim that through social engineering and exploiting a flaw with Comcast.net's domain management console at Network Solutions, they were able to redirect the DNS servers for Comcast.net to sites of their choosing, starting at about 11:00pm ET Wednesday night. In addition to taking over the Comcast.net site, the duo's actions also took down Comcast's webmail service as well. "Even when Comcast regained control, it took hours longer for the change to fully propagate through the DNS, leaving some customers without webmail access as late as 11:30 Thursday morning."
Defiant and EBK are members of a hacker group that calls itself Kryogeniks. Wired was able to get in touch with the pair through "Mike 'Virus' Neives, an 18-year-old New Yorker who pleaded guilty as a minor last year to hacking AOL. Neives, who was on the call, is also a member of Kryogeniks, though he and his compatriots say he's stopped hacking."
Both Defiant and EBK claim that while they could have tried to get access to personal user data, such as usernames and passwords, they chose not to. Comcast corroborated that that no personal information of its customers was compromised during the attack. On a more ominous note, the hackers claim that the flaw with domain registrar Network Solutions still exists, leaving plenty of other large sites just as susceptible to being similarly attacked. Network Solutions denies that such a flaw exists. If the pair don't wind up in jail or with their equipment impounded, we might just learn who is telling the truth.