Comcast Briefly Loses Control of Its Domain Name

Fallen Andy notes that Comcast, one of the largest US ISPs, lost control of its domain name to what appeared to be juvenile social engineers of the old school — i.e. not in it for the money. The intruders got into Comcast's registrar account at Network Solutions and repointed the domain's DNS records. A blog entry at SANS points out how trivially easy this can be. Reader ElvenKnight points out an insightful interview up at Wired with the two young guys who perpetrated the hack.

The consequences might not be as fun

[Rosco+P.+Coltrane]

the two kids who perpetrated the hack

How much do you bet the feds will come down hard on the kids and charge then with felony, cyber-"terrorism" or some other preposterous computer crime? I used to do harmless hacks for fun in years past, but these days it's not really wise.

Re:The consequences might not be as fun

[Scutter]

How much do you bet the feds will come down hard on the kids and charge then with felony, cyber-"terrorism" or some other preposterous computer crime? I used to do harmless hacks for fun in years past, but these days it's not really wise.

That was hardly a "harmless hack". There is a lot of money tied to that domain and when it's down, it's a serious problem for a lot of people. That said, I agree that charging them as cyber-terrorists would be severe overkill.

Re:The consequences might not be as fun

[parcel]

It was a terrorist attack intended to disrupt a major part of the infrastructure, period. Methinks you have an overly broad definition of "terrorist attack". One really ought not to put "couldn't check e-mail for 3 hours in the middle of the night" in the same category as the willful destruction of human life.

Re:The consequences might not be as fun

[AioKits]

These days everything is a terrorist attack...Cause you know, I guess it's better to live in uninformed fear than to point out something foolish, cause the later would be unpatriotic and something terrorists do! >.>

Re:The consequences might not be as fun

[Hoi+Polloi]

Since when did vandalism and theft become terrorism? The definition of terrorism has become so wide and vauge that anything that affects a group of people gets the terrorism lable slapped on it. It is like how the definitions of addiction or sex crime have become catch-all nets. Terrorism is a violent act intended to cause intimidation to achieve a goal. These kids just wanted to show off and feel powerful. I have no sympathy for them or their obnoxious, selfrightious attitudes but they aren't terrorists.

Re:The consequences might not be as fun

[daliman]

terrorism You keep using that word. I do not think it means what you think it means. ...

Re:The consequences might not be as fun

[sgbett]

Man, if I had mod points you'd be getting -1 Terrorist for those kind of subversive opinions!

Re:The consequences might not be as fun

How do you know it wasn't a couple of punk kids just screwing around and not realizing what they were getting themselves into?

These kids used social engineering to deliberately steal the domain name of one of the largest ISPs in the nation. This isn't equivalent to a kid stumbling across a XSS or SQL injection attack in some web app.

The government and Comcast can come down hard on these kids - but that's not justice, what it is is covering their asses.

We base our economy upon something this fragile, and then when someone points it out we come down on them really hard.

Imagine if a real attack takes place?

They should thank the kids, ask them not to do it again, and takes steps to prevent it from happening again.

But will that happen - don't make me laugh.

It's like the rest of the U.S. phoney as can be when it comes to real domestic security.

Re:The consequences might not be as fun

[Viceroy+Potatohead]

Exactly.

Just the other day, I had a fast food burger, and the terrorists left out the pickle. Then I went to get gas, but the pump had been broken by terrorists. After finally getting gas, I discovered the terrorists have been jacking up fuel prices so I didn't have enough cash. The terrorists must have been disrupting the banking system, because it took several minutes to access my funds by debit card. The terrorists had been messing with the stop lights as well, since they were completely out of sync.

Finally, I got home and discovered my wife must be a terrorist, since she overcooked the roast. Then I tried watching the news, but terrorists kept interrupting it with ads for things I didn't want to buy. Disillusioned, I decided to go throw a ball around with my son Billy. It's one of the few pleasures I can still find in this dangerous, terror-infested world. You wouldn't believe what happened! My son threw the ball badly, and I got a grass stain on my slacks when diving for it. I'm afraid I'll have to call DHS and get them to start a dossier on Billy now.

I hope the terrorists don't turn off my alarm clock in the night again. If I'm late for one more day of work, I'm pretty sure the terrorists in human resources are going to fire me.

Network Solutions seems to be the common trend.

[Flamora]

Other websites that I know of have had this happen in the past, and the common trend seems to be that Network Solutions has been their domain registrar. The largest site in recent memory that this occurred to other than Comcast was SomethingAwful.

Perhaps it's a sign of a more underlying flaw in Network Solutions' security?

These guys are my heroes

[Spy+der+Mann]

Wanna know why? Because they called Comcast and could get in touch with a HUMAN!

Now *THAT'S* hacking.

Re:These guys are my heroes

[DriedClexler]

How come no one's made the obvious joke yet?

Comcast: OMG!!! Outrageous!!! Some HACKERS denied us access to our OWN DOMAIN NAME!!!! Get them!!!!
FBI: Why? They didn't take anything that belongs to you.
Comcast: What??? Out contract with ICANN gives us unlimited access to the Comcast domain!
FBI: Right. And what does unlimited mean?
Comcast: Look, it's right here in Websters: "without any ..."
FBI: No, no, not that one, use your own internal glossary.
Comcast: Okay then, "unlimited: " ... ah, okay, see your point there.

Re:Expiring domains

[Flamora]

It wasn't even that Comcast's domain expired. The pair involved in this managed to gain access to Comcast's Network Solutions control panel and had full authoritative control over the domains.

Apparently, according to the linked articles, they pulled it off twice, too. This wasn't a case of "oh sweet, that's not registered anymore, yoink", it was a case of actual wresting of control.

The question is if the weakness in security lies with Comcast (i.e. a weak password for the panel) or Network Solutions (i.e. weakness in their portal, weak transmission of passwords, etc).

Everything old is new again.

[Rob+T+Firefly]

Recent memory, my eye. This same thing happened to my old zine in 1999, and the trick was already old hat back then. We even published a how-to article about it, since our specialty was old tricks everyone already thought were lame.

The best part: Network Solutions were of absolutely no help to us in getting our own domain back from the hijackers, so we ended up having to use the same trick to just steal it back again. Three times.

Ubuwalker's 6 pronged guide to terrorism

[ubuwalker31]

Actually, what you describe (violent act intending to cause intimidation) is not necessarily terrorism. It could be the legitimate use of force, the result of an armed robbery, or a simple assault.

This is why I developed:

Ubuwalker's 6 pronged guide to determining if a person or entity is a terrorist:

1) Did they intend to cause mass terror? [This is an objective test; just because something is scary, doesn't make it terrorism.]

2) Did they use violence or threat of violence? [This rules out non-violent protesters, but includes activities related to violence, like arson]

3) Did they deliberately (and routinely) target non-combatant civilians? [Actions that target military personnel aren't terrorism. An entity which is involved in isolated and infrequent acts which meet criteria 1-6 are more characteristic of war crimes, rather than terrorism, as they might be revenge attacks or guerrilla attacks of opportunity, or of splinter cells, or accidental engagements of civilian target, or engagements of legitimate military targets where civilian combatant are killed, and thus would not be indicative of a systematic policy of engaging in terrorism]

4) Are they a non-governmental organization? [otherwise the action is a war-crime or crime against humanity or piracy or the actor is a State Sponsor of Terrorism]

5) Did they have a political goal? [This rules out ordinary criminals and vandals and street thugs and normal military action]

6) Do they disguise themselves or pretend that they are ordinary civilians? [This goes to the fundamentally unlawful nature of terrorism, by not acting under the color of the laws of war or international law, and thereby putting civilians at risk of attack or collateral damage]

If you don't meet all of these criteria, or find yourself arguing that a group doesn't meet a prong, then you might be dealing with something other than terrorism. Like Piracy (missing prong 5), ordinary military action (lacking 3 and 4 and 6), covert government operations (lacking 4), war crimes (lacking 4), paramilitary/freedom fighters/insurgents (lacking 1, 3).

A State Sponsor of Terrorism provides support to non-governmental entities engaged in terrorist activities. It is fair to say that a leader who supports terrorism is himself a terrorist, sort of like how its fair to say an accessory to murder is a murderer. However, deliberately targeting civilians/ethnic cleansing/genocide is a war crime, and calling war criminals terrorists just confuses the issue.

Hackers and script kiddies are just ordinary criminals. If Al Queda launched a cyber attack to knock out a hospitals computer infrastructure, that would be terrorism.