Comcast Briefly Loses Control of Its Domain Name

← Back to Stories (view on slashdot.org)

Comcast Briefly Loses Control of Its Domain Name

Posted by kdawson on Friday May 30, 2008 @12:54AM from the old-skool-pwned dept.

Fallen Andy notes that Comcast, one of the largest US ISPs, lost control of its domain name to what appeared to be juvenile social engineers of the old school — i.e. not in it for the money. The intruders got into Comcast's registrar account at Network Solutions and repointed the domain's DNS records. A blog entry at SANS points out how trivially easy this can be. Reader ElvenKnight points out an insightful interview up at Wired with the two young guys who perpetrated the hack.

31 of 222 comments (clear)

Min score:

Reason:

Sort:

The consequences might not be as fun by Rosco+P.+Coltrane · 2008-05-30 00:57 · Score: 5, Insightful

the two kids who perpetrated the hack

How much do you bet the feds will come down hard on the kids and charge then with felony, cyber-"terrorism" or some other preposterous computer crime? I used to do harmless hacks for fun in years past, but these days it's not really wise.

--
"A door is what a dog is perpetually on the wrong side of" - Ogden Nash
1. Re:The consequences might not be as fun by Scutter · 2008-05-30 01:01 · Score: 5, Insightful
  
  How much do you bet the feds will come down hard on the kids and charge then with felony, cyber-"terrorism" or some other preposterous computer crime? I used to do harmless hacks for fun in years past, but these days it's not really wise.
  
  That was hardly a "harmless hack". There is a lot of money tied to that domain and when it's down, it's a serious problem for a lot of people. That said, I agree that charging them as cyber-terrorists would be severe overkill.
  
  --
  
  "Tell me doctor, with all of your defenses, are there any provisions for an attack by killer bees?"
2. Re:The consequences might not be as fun by shawn(at)fsu · 2008-05-30 01:10 · Score: 4, Insightful
  
  I personally couldn't care less what they charge them with. If you going to do something so high profile you better expect that your punishment is going to be equally if not more so. I hope for them it was worth it.
  
  --
  500 dollar reward for tip(s) leading to the arrest of the person(s) who stole my sig.
3. Re:The consequences might not be as fun by bconway · 2008-05-30 01:24 · Score: 3, Insightful
  
  It was hardly harmless. They changed all the important host entries, including mail servers, and harvested logins of customers. I don't think many people would be happy if pop.gmail.com was redirected unbeknownst to user and their password was given away with a click (or auto refresh).
  
  --
  Interested in open source engine management for your Subaru?
4. Re:The consequences might not be as fun by parcel · 2008-05-30 01:25 · Score: 5, Insightful
  
  It was a terrorist attack intended to disrupt a major part of the infrastructure, period. Methinks you have an overly broad definition of "terrorist attack". One really ought not to put "couldn't check e-mail for 3 hours in the middle of the night" in the same category as the willful destruction of human life.
5. Re:The consequences might not be as fun by D+Ninja · 2008-05-30 01:36 · Score: 3, Insightful
  
  No, it does not seem fair. But, as the GP poster pointed out, life isn't always fair. People/companies with a high profile want to set an example out of people like these two guys so it doesn't happen again.
  
  Hopefully the judicial system will dish out the appropriate punishment and won't get caught up in the hype. I wouldn't hold my breath, though.
6. Re:The consequences might not be as fun by Scutter · 2008-05-30 01:39 · Score: 4, Insightful
  
  since when "what they were thinking" is an excuse to break law?
  
  It's not an excuse and that's why they should be charged with something. However, intent is a huge factor when determining what to charge someone with. For example, it's the difference between first degree murder and involuntary manslaughter. Either way, someone's dead, but one crime involves a possible death penalty for the perpetrator.
  
  --
  
  "Tell me doctor, with all of your defenses, are there any provisions for an attack by killer bees?"
7. Re:The consequences might not be as fun by Dan541 · 2008-05-30 01:39 · Score: 2, Insightful
  
  Messing with someone's domain is hardly a "harmless" activity.
  
  --
  An SQL query goes to a bar, walks up to a table and asks, "Mind if I join you?"
8. Re:The consequences might not be as fun by AioKits · 2008-05-30 01:42 · Score: 5, Insightful
  
  These days everything is a terrorist attack...Cause you know, I guess it's better to live in uninformed fear than to point out something foolish, cause the later would be unpatriotic and something terrorists do! >.>
  
  --
  "Quote me as saying I was mis-quoted." -Groucho Marx
9. Re:The consequences might not be as fun by quanticle · 2008-05-30 01:43 · Score: 3, Insightful
  
  How do you know it wasn't a couple of punk kids just screwing around and not realizing what they were getting themselves into?
  These kids used social engineering to deliberately steal the domain name of one of the largest ISPs in the nation. This isn't equivalent to a kid stumbling across a XSS or SQL injection attack in some web app.
  
  --
  We all know what to do, but we don't know how to get re-elected once we have done it
10. Re:The consequences might not be as fun by DigDuality · 2008-05-30 01:44 · Score: 4, Insightful
  
  A terrorist attack would imply one of two things. A) Someone got harmed or B) Terror was instilled in a mass population due to the threat of being harmed. Other than creating some headaches over at comcast for a few hours, no one was harmed. Get a grip on reality.
11. Re:The consequences might not be as fun by Anonymous Coward · 2008-05-30 01:54 · Score: 1, Insightful
  
  except if they had their MX set to catch all incoming email during that time and intercepted a few juicy ones, things could get interesting ;)
12. Re:The consequences might not be as fun by Stewie241 · 2008-05-30 01:57 · Score: 2, Insightful
  
  Can we stop calling them kids? Age of majority is 18 in the states, isn't it? These two were 18 and 19 years old. Young, sure, but kids, no. These are adults.
13. Re:The consequences might not be as fun by Mizchief · 2008-05-30 02:16 · Score: 3, Insightful
  
  They should throw the book at these kids. Given how easy it is to do these types of attacks the fear of punishment is needed.
14. Re:The consequences might not be as fun by Hoi+Polloi · 2008-05-30 02:21 · Score: 5, Insightful
  
  Since when did vandalism and theft become terrorism? The definition of terrorism has become so wide and vauge that anything that affects a group of people gets the terrorism lable slapped on it. It is like how the definitions of addiction or sex crime have become catch-all nets. Terrorism is a violent act intended to cause intimidation to achieve a goal. These kids just wanted to show off and feel powerful. I have no sympathy for them or their obnoxious, selfrightious attitudes but they aren't terrorists.
  
  --
  It is by the juice of the coffee bean that thoughts acquire speed, the teeth acquire stains. The stains become a warning
15. Re:The consequences might not be as fun by Hoi+Polloi · 2008-05-30 02:35 · Score: 2, Insightful
  
  Yes, yes it does. So if they burnt down someone's business they should get the same punishment as if they burnt down an abandoned shack in the woods? They may be clever enough to turn off the fire alarm so they lets them off the hook?
  
  --
  It is by the juice of the coffee bean that thoughts acquire speed, the teeth acquire stains. The stains become a warning
16. Re:The consequences might not be as fun by egyptiankarim · 2008-05-30 02:44 · Score: 2, Insightful
  
  It's totally fair. An abandoned building has little to no value and if these kids managed to hack some squatted domain, they probably wouldn't get much flack.
  
  The Washington Monument is a highly visible, highly valuable, historic landmark and if you deface it it affects a lot more people.
  
  I don't know about anyone else, but your analogy just made it easier for me to see fault in these kids' actions.
  
  --
  Eek!
17. Re:The consequences might not be as fun by SomeoneGotMyNick · 2008-05-30 03:01 · Score: 2, Insightful
  
  Since when did vandalism and theft become terrorism? Since society and officials are too lazy to secern those things.
  
  Blowing your nose in public threatens to spread pathogens to innocent bystanders, too.
18. Re:The consequences might not be as fun by Anonymous Coward · 2008-05-30 03:02 · Score: 5, Insightful
  
  How do you know it wasn't a couple of punk kids just screwing around and not realizing what they were getting themselves into?
  These kids used social engineering to deliberately steal the domain name of one of the largest ISPs in the nation. This isn't equivalent to a kid stumbling across a XSS or SQL injection attack in some web app.
  The government and Comcast can come down hard on these kids - but that's not justice, what it is is covering their asses.
  
  We base our economy upon something this fragile, and then when someone points it out we come down on them really hard.
  
  Imagine if a real attack takes place?
  
  They should thank the kids, ask them not to do it again, and takes steps to prevent it from happening again.
  
  But will that happen - don't make me laugh.
  
  It's like the rest of the U.S. phoney as can be when it comes to real domestic security.
19. Re:The consequences might not be as fun by TapeCutter · 2008-05-30 03:05 · Score: 4, Insightful
  
  "there is no question about it being intentional harm with wide impact, and therefore terrorism"
  
  Okaaaaaayyyy.... So tell us who was 'terrified', and what was it that 'terrified' them?
  
  --
  And did you exchange a walk on part in the war for a lead role in a cage? - Pink Floyd.
20. Re:The consequences might not be as fun by Akita24 · 2008-05-30 03:09 · Score: 2, Insightful
  
  While I in no way condone what they did, I do see a certain amount of poetic justice in the assholes who "hijack" their users packets getting hijacked themselves. How do you like it when they do it to you you greedy f*cks? Not fun is it CommieCast?
21. Re:The consequences might not be as fun by Anonymous+Psychopath · 2008-05-30 03:26 · Score: 4, Insightful
  
  ...there is no question about it being intentional harm with wide impact, and therefore terrorism... Wow, I didn't realize that's how terrorism is defined. With my newfound knowledge, here are some other examples of terrorism:
  
  Pollution
  2girls1cup
  Enron
  goatse.cx
  PATRIOT Act
  DMCA
  The Pirate Bay
  
  Incredible. We can call almost anything terrorism now! Thank you!
  
  --
  Eagles may soar, but weasels don't get sucked into jet engines.
22. Re:The consequences might not be as fun by mR.bRiGhTsId3 · 2008-05-30 03:33 · Score: 2, Insightful
  
  While analogies are useful, I think this one is stretched beyond usefulness. Neither George W's lawn or my lawn has any economic value. Comcast's domain name does, as its serves whatever percentage of their customer base actually have it set as their homepage.
23. Re:The consequences might not be as fun by cliffski · 2008-05-30 04:46 · Score: 3, Insightful
  
  they should thank the kids, if they had NOT gone through with the hack, but informed those in authority how it had become possible.
  As it was, they inconvenienced tens of thousands of people. And they didn't put up a sign that said
  "We have briefly changed this page to point out a serious flaw in the security of this system. Sorry for the inconvenience.
  it said:
  
  "KRYOGENICS Defiant and EBK RoXed Comcast
  sHouTz to VIRUS Warlock elul21 coll1er seven"
  
  yes, very helpful.
  
  --
  DRM-free indie games for the PC and Mac: Positech Games
24. Re:The consequences might not be as fun by Tinyn · 2008-05-30 04:53 · Score: 2, Insightful
  
  Why isn't it? Because Comcast is big? If so, that sounds like one law for the rich and one for the poor. Comcast should be treated exactly the same as Bob's Online Pottery Store.
Re:Thats just sad.... by antifoidulus · 2008-05-30 01:31 · Score: 4, Insightful

And its even more sad when a person commenting on something being sad doesn't know the difference between "tripod" and "tricorder"

--
Monstar L
What about Network Solutions liability by penguin_dance · 2008-05-30 02:26 · Score: 3, Insightful

Technically they didn't break into Comcast, they broke into Network Solutions. They're the weak link. I like to bash Comcast as much as the next, but it was a breakdown in security at Network Solutions that allowed them to get into Comcast's registar and repoint their URLs.

--
If you've never been modded as "flamebait" or "troll," you've never tried to argue a minority viewpoint here!
Re:If Comcast had sense... by Lobster+Quadrille · 2008-05-30 03:14 · Score: 2, Insightful

You hire Kevin Mitnicks and Frank Abignales. You don't hire these morons.

--
"The cup is in turn designed for holding hot or cold liquids, and has an open rim and closed base." --US Patent #5425497
Re:Better hack by oahazmatt · 2008-05-30 03:16 · Score: 2, Insightful

Better yet, they should have redirected it to BitTorrent.com, or piratebay. No, they actually were smart not to do that.

Say these kids did just that. Now the question is, why did they do that? Were they told to do that? Are they working with or for Piratebay or Bittorrent?

Given the current torrent (...that was an unfortunate rhyme, I apologize) situation, even trying to associate this event with either of the aforementioned sites would have benefited no one except Comcast.

--
Those who believe the Internet is private,
find their privates are on the Internet.
Re:Some lessons from all this. by Bryansix · 2008-05-30 04:01 · Score: 2, Insightful

Best advice? Don't use your own computer to do the hacking from.
Re:If Comcast had sense... by ScentCone · 2008-05-30 04:18 · Score: 3, Insightful

If Comcast has any sense they will try to hire the guys rather than drag them through the courts. We need people like this looking for and fixing flaws rather than exploiting them.

I have discovered that I can throw bricks through windows. But strangely, no glass manufacturers want to hire me to give them advice on the specifics of engineering brick-proof glass.

--
Don't disappoint your bird dog. Go to the range.