Slashdot Mirror

← Back to Stories (view on slashdot.org)

Comcast Briefly Loses Control of Its Domain Name

Posted by kdawson on from the old-skool-pwned dept.

Fallen Andy notes that Comcast, one of the largest US ISPs, lost control of its domain name to what appeared to be juvenile social engineers of the old school — i.e. not in it for the money. The intruders got into Comcast's registrar account at Network Solutions and repointed the domain's DNS records. A blog entry at SANS points out how trivially easy this can be. Reader ElvenKnight points out an insightful interview up at Wired with the two young guys who perpetrated the hack.

19 of 222 comments (clear)

  1. The consequences might not be as fun by Rosco+P.+Coltrane · · Score: 5, Insightful

    the two kids who perpetrated the hack

    How much do you bet the feds will come down hard on the kids and charge then with felony, cyber-"terrorism" or some other preposterous computer crime? I used to do harmless hacks for fun in years past, but these days it's not really wise.

    --
    "A door is what a dog is perpetually on the wrong side of" - Ogden Nash
    1. Re:The consequences might not be as fun by Scutter · · Score: 5, Insightful

      How much do you bet the feds will come down hard on the kids and charge then with felony, cyber-"terrorism" or some other preposterous computer crime? I used to do harmless hacks for fun in years past, but these days it's not really wise.

      That was hardly a "harmless hack". There is a lot of money tied to that domain and when it's down, it's a serious problem for a lot of people. That said, I agree that charging them as cyber-terrorists would be severe overkill.

      --

      "Tell me doctor, with all of your defenses, are there any provisions for an attack by killer bees?"
    2. Re:The consequences might not be as fun by shawn(at)fsu · · Score: 4, Insightful

      I personally couldn't care less what they charge them with. If you going to do something so high profile you better expect that your punishment is going to be equally if not more so. I hope for them it was worth it.

      --
      500 dollar reward for tip(s) leading to the arrest of the person(s) who stole my sig.
    3. Re:The consequences might not be as fun by bconway · · Score: 3, Insightful

      It was hardly harmless. They changed all the important host entries, including mail servers, and harvested logins of customers. I don't think many people would be happy if pop.gmail.com was redirected unbeknownst to user and their password was given away with a click (or auto refresh).

      --
      Interested in open source engine management for your Subaru?
    4. Re:The consequences might not be as fun by parcel · · Score: 5, Insightful

      It was a terrorist attack intended to disrupt a major part of the infrastructure, period. Methinks you have an overly broad definition of "terrorist attack". One really ought not to put "couldn't check e-mail for 3 hours in the middle of the night" in the same category as the willful destruction of human life.
    5. Re:The consequences might not be as fun by D+Ninja · · Score: 3, Insightful

      No, it does not seem fair. But, as the GP poster pointed out, life isn't always fair. People/companies with a high profile want to set an example out of people like these two guys so it doesn't happen again.

      Hopefully the judicial system will dish out the appropriate punishment and won't get caught up in the hype. I wouldn't hold my breath, though.

    6. Re:The consequences might not be as fun by Scutter · · Score: 4, Insightful

      since when "what they were thinking" is an excuse to break law?

      It's not an excuse and that's why they should be charged with something. However, intent is a huge factor when determining what to charge someone with. For example, it's the difference between first degree murder and involuntary manslaughter. Either way, someone's dead, but one crime involves a possible death penalty for the perpetrator.

      --

      "Tell me doctor, with all of your defenses, are there any provisions for an attack by killer bees?"
    7. Re:The consequences might not be as fun by AioKits · · Score: 5, Insightful

      These days everything is a terrorist attack...Cause you know, I guess it's better to live in uninformed fear than to point out something foolish, cause the later would be unpatriotic and something terrorists do! >.>

      --
      "Quote me as saying I was mis-quoted." -Groucho Marx
    8. Re:The consequences might not be as fun by quanticle · · Score: 3, Insightful

      How do you know it wasn't a couple of punk kids just screwing around and not realizing what they were getting themselves into?

      These kids used social engineering to deliberately steal the domain name of one of the largest ISPs in the nation. This isn't equivalent to a kid stumbling across a XSS or SQL injection attack in some web app.

      --
      We all know what to do, but we don't know how to get re-elected once we have done it
    9. Re:The consequences might not be as fun by DigDuality · · Score: 4, Insightful

      A terrorist attack would imply one of two things. A) Someone got harmed or B) Terror was instilled in a mass population due to the threat of being harmed. Other than creating some headaches over at comcast for a few hours, no one was harmed. Get a grip on reality.

    10. Re:The consequences might not be as fun by Mizchief · · Score: 3, Insightful

      They should throw the book at these kids. Given how easy it is to do these types of attacks the fear of punishment is needed.

    11. Re:The consequences might not be as fun by Hoi+Polloi · · Score: 5, Insightful

      Since when did vandalism and theft become terrorism? The definition of terrorism has become so wide and vauge that anything that affects a group of people gets the terrorism lable slapped on it. It is like how the definitions of addiction or sex crime have become catch-all nets. Terrorism is a violent act intended to cause intimidation to achieve a goal. These kids just wanted to show off and feel powerful. I have no sympathy for them or their obnoxious, selfrightious attitudes but they aren't terrorists.

      --
      It is by the juice of the coffee bean that thoughts acquire speed, the teeth acquire stains. The stains become a warning
    12. Re:The consequences might not be as fun by Anonymous Coward · · Score: 5, Insightful

      How do you know it wasn't a couple of punk kids just screwing around and not realizing what they were getting themselves into?

      These kids used social engineering to deliberately steal the domain name of one of the largest ISPs in the nation. This isn't equivalent to a kid stumbling across a XSS or SQL injection attack in some web app.

      The government and Comcast can come down hard on these kids - but that's not justice, what it is is covering their asses.

      We base our economy upon something this fragile, and then when someone points it out we come down on them really hard.

      Imagine if a real attack takes place?

      They should thank the kids, ask them not to do it again, and takes steps to prevent it from happening again.

      But will that happen - don't make me laugh.

      It's like the rest of the U.S. phoney as can be when it comes to real domestic security.
    13. Re:The consequences might not be as fun by TapeCutter · · Score: 4, Insightful

      "there is no question about it being intentional harm with wide impact, and therefore terrorism"

      Okaaaaaayyyy.... So tell us who was 'terrified', and what was it that 'terrified' them?

      --
      And did you exchange a walk on part in the war for a lead role in a cage? - Pink Floyd.
    14. Re:The consequences might not be as fun by Anonymous+Psychopath · · Score: 4, Insightful

      ...there is no question about it being intentional harm with wide impact, and therefore terrorism... Wow, I didn't realize that's how terrorism is defined. With my newfound knowledge, here are some other examples of terrorism:

      Pollution
      2girls1cup
      Enron
      goatse.cx
      PATRIOT Act
      DMCA
      The Pirate Bay

      Incredible. We can call almost anything terrorism now! Thank you!
      --

      Eagles may soar, but weasels don't get sucked into jet engines.

    15. Re:The consequences might not be as fun by cliffski · · Score: 3, Insightful

      they should thank the kids, if they had NOT gone through with the hack, but informed those in authority how it had become possible.
      As it was, they inconvenienced tens of thousands of people. And they didn't put up a sign that said
      "We have briefly changed this page to point out a serious flaw in the security of this system. Sorry for the inconvenience.
      it said:

      "KRYOGENICS Defiant and EBK RoXed Comcast
      sHouTz to VIRUS Warlock elul21 coll1er seven"

      yes, very helpful.

      --
      DRM-free indie games for the PC and Mac: Positech Games
  2. Re:Thats just sad.... by antifoidulus · · Score: 4, Insightful

    And its even more sad when a person commenting on something being sad doesn't know the difference between "tripod" and "tricorder"

    --
    Monstar L
  3. What about Network Solutions liability by penguin_dance · · Score: 3, Insightful

    Technically they didn't break into Comcast, they broke into Network Solutions. They're the weak link. I like to bash Comcast as much as the next, but it was a breakdown in security at Network Solutions that allowed them to get into Comcast's registar and repoint their URLs.

    --
    If you've never been modded as "flamebait" or "troll," you've never tried to argue a minority viewpoint here!
  4. Re:If Comcast had sense... by ScentCone · · Score: 3, Insightful

    If Comcast has any sense they will try to hire the guys rather than drag them through the courts. We need people like this looking for and fixing flaws rather than exploiting them.

    I have discovered that I can throw bricks through windows. But strangely, no glass manufacturers want to hire me to give them advice on the specifics of engineering brick-proof glass.

    --
    Don't disappoint your bird dog. Go to the range.