Saturday, May 31, 2008

Comcast Hijackers Speak Out: Hack Was Unrelated to P2P Throttling

Thursday the Comcast site was hacked, or to be more precise, Comcast's complete portfolio of over 200 domain names was hijacked, enabling the perpetrators to redirect visitors to Comcast.net to a site they controlled.

In an interview allegedly with the pair involved, the two admitted not just their guilt, but also the reasons behind the attack and the means with which they did it.

According to the interview with Threat Level, the pair, the hackers known as "Defiant" and "EBK":
used a combination of social engineering and a technical hack to get into Comcast's domain management console at Network Solutions. They declined to detail their technique, but said it relied on a flaw at the Virginia-based domain registrar.

Network Solutions spokeswoman Susan Wade disputes the hackers' account. "We now know that it was nothing on our end," she says. "There was no breach in our system or social engineering situation on our end."
For those not in the know, social engineering means they talked their way past a Network Solutions rep, and into the account. It's basically the same method that HP used to gain access to board members’ private telephone records in their "pretexting scandal."

In the interview, Defiant, who's now 19 and whose first name is James, said "I wish I was a minor right now because this is going to be really bad."

Come on, you knew you would eventually be caught and that it would have to be bad. So a) why are you making it easier on authorities by having a MySpace page (pics reportedly from Defiant's MySpace profile) and doing interviews, b) why do it in the first place?

According to Defiant, it wasn't Comcast's P2P throttling that was at the heart of the attack. Rather, he just hates Comcast. Defiant said:
"I'm sure they hate us too. Comcast is just a huge corporation, and we wanted to take them out, and we did."
One other point: apparently the pair called a Comcast manager - the one who had been the original technical contact on Comcast's domain - and told him what they had done, but he scoffed at them. Until then they had just taken control of the domain. It was then they got royally ticked off and pulled the redirection stunt.

Lesson: don't scoff at hackers without checking things out first.


Posted by Tech-Ex at 5/31/2008 12:01:00 AM
Labels: , , , ,

0 comments:

Post a Comment

Subscribe to: Post Comments (Atom)