×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Comcast Briefly Loses Control of Its Domain Name

kdawson posted more than 5 years ago | from the old-skool-pwned dept.

Security 222

Fallen Andy notes that Comcast, one of the largest US ISPs, lost control of its domain name to what appeared to be juvenile social engineers of the old school — i.e. not in it for the money. The intruders got into Comcast's registrar account at Network Solutions and repointed the domain's DNS records. A blog entry at SANS points out how trivially easy this can be. Reader ElvenKnight points out an insightful interview up at Wired with the two young guys who perpetrated the hack.

cancel ×
This is a preview of your comment

No Comment Title Entered

Anonymous Coward 1 minute ago

No Comment Entered

222 comments

The consequences might not be as fun (5, Insightful)

Rosco P. Coltrane (209368) | more than 5 years ago | (#23598267)

the two kids who perpetrated the hack

How much do you bet the feds will come down hard on the kids and charge then with felony, cyber-"terrorism" or some other preposterous computer crime? I used to do harmless hacks for fun in years past, but these days it's not really wise.

Re:The consequences might not be as fun (5, Insightful)

Scutter (18425) | more than 5 years ago | (#23598297)

How much do you bet the feds will come down hard on the kids and charge then with felony, cyber-"terrorism" or some other preposterous computer crime? I used to do harmless hacks for fun in years past, but these days it's not really wise.

That was hardly a "harmless hack". There is a lot of money tied to that domain and when it's down, it's a serious problem for a lot of people. That said, I agree that charging them as cyber-terrorists would be severe overkill.

Re:The consequences might not be as fun (-1, Flamebait)

pz (113803) | more than 5 years ago | (#23598473)

That was hardly a "harmless hack". There is a lot of money tied to that domain and when it's down, it's a serious problem for a lot of people. That said, I agree that charging them as cyber-terrorists would be severe overkill.
And if they had been from China, Iran, Pakistan, or Syria, would you still think the same thing? It was a terrorist attack intended to disrupt a major part of the infrastructure, period. If these two are indeed guilty as accused, they should be charged and punished appropriately.

Re:The consequences might not be as fun (4, Interesting)

Scutter (18425) | more than 5 years ago | (#23598541)

It was a terrorist attack intended to disrupt a major part of the infrastructure, period.

Oh, really? You were there? You know what they were thinking? How do you know it wasn't a couple of punk kids just screwing around and not realizing what they were getting themselves into?

I never said they shouldn't be charged. I (and the parent I responded to) both just said that they will likely be charged with much more than the crime warrants.

Re:The consequences might not be as fun (0, Interesting)

Anonymous Coward | more than 5 years ago | (#23598669)

since when "what they were thinking" is an excuse to break law?

Re:The consequences might not be as fun (4, Insightful)

Scutter (18425) | more than 5 years ago | (#23598701)

since when "what they were thinking" is an excuse to break law?

It's not an excuse and that's why they should be charged with something. However, intent is a huge factor when determining what to charge someone with. For example, it's the difference between first degree murder and involuntary manslaughter. Either way, someone's dead, but one crime involves a possible death penalty for the perpetrator.

Re:The consequences might not be as fun (1)

pthor1231 (885423) | more than 5 years ago | (#23598817)

It isn't, which is why your parent wasn't suggesting not prosecuting, but rather using the "what were they thinking" as a mitigating factor in determining what punishment is appropriate.

Re:The consequences might not be as fun (3, Insightful)

quanticle (843097) | more than 5 years ago | (#23598755)

How do you know it wasn't a couple of punk kids just screwing around and not realizing what they were getting themselves into?

These kids used social engineering to deliberately steal the domain name of one of the largest ISPs in the nation. This isn't equivalent to a kid stumbling across a XSS or SQL injection attack in some web app.

Re:The consequences might not be as fun (0, Troll)

pz (113803) | more than 5 years ago | (#23599079)

Did you read TFA? They had to work very hard, all night long to maintain their redirected pages, cycling through 50 different (presumably free) hosting accounts, repeatedly moving the DNS entry. They could have just given back the registration, but instead they worked for hours to maintain the disruption, going without or sleeping very little. That sounds like evidence of intent to cause harm. But, if the quote in the Wired article is genuine, there is no question about it being intentional harm with wide impact, and therefore terrorism: "Comcast is just a huge corporation, and we wanted to take them out, and we did."

Re:The consequences might not be as fun (5, Insightful)

Hoi Polloi (522990) | more than 5 years ago | (#23599227)

Since when did vandalism and theft become terrorism? The definition of terrorism has become so wide and vauge that anything that affects a group of people gets the terrorism lable slapped on it. It is like how the definitions of addiction or sex crime have become catch-all nets. Terrorism is a violent act intended to cause intimidation to achieve a goal. These kids just wanted to show off and feel powerful. I have no sympathy for them or their obnoxious, selfrightious attitudes but they aren't terrorists.

Re:The consequences might not be as fun (5, Funny)

sgbett (739519) | more than 5 years ago | (#23599439)

Man, if I had mod points you'd be getting -1 Terrorist for those kind of subversive opinions!

Re:The consequences might not be as fun (5, Funny)

daliman (626662) | more than 5 years ago | (#23599419)

terrorism
You keep using that word. I do not think it means what you think it means. ...

Re:The consequences might not be as fun (1, Informative)

phoenixwade (997892) | more than 5 years ago | (#23599137)

It was a terrorist attack intended to disrupt a major part of the infrastructure, period.

Oh, really? You were there? You know what they were thinking? How do you know it wasn't a couple of punk kids just screwing around and not realizing what they were getting themselves into?

I never said they shouldn't be charged. I (and the parent I responded to) both just said that they will likely be charged with much more than the crime warrants.
The Wired article indicates that they were retaliating because some Comcast dweeb was rude on the phone. It also indicates that they were stupid enough to be surprised by how big and loud this blew up. Further, it indicates this is a repeat offense for both "hackers". If all that is true, then I submit there is very little chance they are going to be charged with more than the crimes warrant. Repeat offenders and that kind of petty extortion should be slapped as hard as possible.

Re:The consequences might not be as fun (5, Insightful)

parcel (145162) | more than 5 years ago | (#23598545)

It was a terrorist attack intended to disrupt a major part of the infrastructure, period.
Methinks you have an overly broad definition of "terrorist attack". One really ought not to put "couldn't check e-mail for 3 hours in the middle of the night" in the same category as the willful destruction of human life.

Re:The consequences might not be as fun (5, Insightful)

AioKits (1235070) | more than 5 years ago | (#23598739)

These days everything is a terrorist attack...Cause you know, I guess it's better to live in uninformed fear than to point out something foolish, cause the later would be unpatriotic and something terrorists do! >.>

Re:The consequences might not be as fun (4, Insightful)

DigDuality (918867) | more than 5 years ago | (#23598777)

A terrorist attack would imply one of two things. A) Someone got harmed or B) Terror was instilled in a mass population due to the threat of being harmed. Other than creating some headaches over at comcast for a few hours, no one was harmed. Get a grip on reality.

Re:The consequences might not be as fun (4, Funny)

Hoi Polloi (522990) | more than 5 years ago | (#23599367)

Excuse me but after seeing Rachel Ray in her Hamas video (don't tell me it was a scarf!) it is critical that we watch for 5th column terrorists everywhere. Fox News and all the other right-wing nut jobs told me so.

Excuse me while I listen to Barry Goldwater rolling in his grave.

Re:The consequences might not be as fun (1, Insightful)

Anonymous Coward | more than 5 years ago | (#23598897)

except if they had their MX set to catch all incoming email during that time and intercepted a few juicy ones, things could get interesting ;)

Re:The consequences might not be as fun (1)

Pazy (1169639) | more than 5 years ago | (#23598967)

Hardly a terrorist activity, since they never intented to cause terror :| They were messing around and got over there head, they need some sort of punishment but not "Cyber Terrorism". Plus after words if Comcast (or anyone else) has any sense they need to hire them and get to them to fix flaws rather than exploit them (which according to the wired article one of them wanted to report it anyways).

Re:The consequences might not be as fun (3, Funny)

kv9 (697238) | more than 5 years ago | (#23599029)

It was a terrorist attack intended to disrupt a major part of the infrastructure, period.
so they haven't found a cure for acute kneejerk yet, eh?

Re:The consequences might not be as fun (0, Flamebait)

wattrlz (1162603) | more than 5 years ago | (#23599073)

That was hardly a "harmless hack". There is a lot of money tied to that domain and when it's down, it's a serious problem for a lot of people. That said, I agree that charging them as cyber-terrorists would be severe overkill.
And if they had been from China, Iran, Pakistan, or Syria, would you still think the same thing? ...

Well, of course not! Those countries are all theocracies. Theocracies are evil, or so my Christian leader tells me... This is a joke, obviously, but what interest would Syrian hackers have in Comcast?

Re:The consequences might not be as fun (2, Informative)

Pantero Blanco (792776) | more than 5 years ago | (#23599349)

It was a terrorist attack intended to disrupt a major part of the infrastructure, period.

Terrorism, by definition, has to have some sort of political goal in mind (wanting power, autonomy, etc), and has to have the intention of intimidation. This has neither.

I don't see anyone shaking in fear over Comcast's website being inaccessible...

It's just a regular crime, not terrorism.

Re:The consequences might not be as fun (1, Interesting)

Anonymous Coward | more than 5 years ago | (#23599191)

Stuff like this needs to happen so that corporate America can wake the $uck up! It also points out how much risk these companies are willing to take on security all with our money.

Since terrorism is the new buzz word, if nothing else that is what they will be labeled. Agree with it or not the real issue here is how blatantly our Government has the backs of companies and not the people, scary times are here -

Re:The consequences might not be as fun (4, Insightful)

shawn(at)fsu (447153) | more than 5 years ago | (#23598383)

I personally couldn't care less what they charge them with. If you going to do something so high profile you better expect that your punishment is going to be equally if not more so. I hope for them it was worth it.

Re:The consequences might not be as fun (0)

Anonymous Coward | more than 5 years ago | (#23598455)

that's if they get caught. hope they don't

Re:The consequences might not be as fun (1, Funny)

Anonymous Coward | more than 5 years ago | (#23598509)

Good job not even reading TFS.

Re:The consequences might not be as fun (2, Interesting)

morgan_greywolf (835522) | more than 5 years ago | (#23598527)

So some kid who "tags" an abandoned building and gets caught gets to spend the night in jail, but throw the book at some kid who, through some feat of ingenuity, manages to "tag" the Washington Monument?

That seem fair to you?

Re:The consequences might not be as fun (3, Insightful)

D Ninja (825055) | more than 5 years ago | (#23598685)

No, it does not seem fair. But, as the GP poster pointed out, life isn't always fair. People/companies with a high profile want to set an example out of people like these two guys so it doesn't happen again.

Hopefully the judicial system will dish out the appropriate punishment and won't get caught up in the hype. I wouldn't hold my breath, though.

Re:The consequences might not be as fun (1)

quanticle (843097) | more than 5 years ago | (#23598855)

Well, yeah. Saying that the effect of tagging an abandoned warehouse is the same as the effect of tagging the Washington Monument is like saying the cost of denting a rusted out Geo Metro is the same as the cost of denting a brand new Ferrari.

Re:The consequences might not be as fun (1)

morgan_greywolf (835522) | more than 5 years ago | (#23599293)

Well, yeah. Saying that the effect of tagging an abandoned warehouse is the same as the effect of tagging the Washington Monument is like saying the cost of denting a rusted out Geo Metro is the same as the cost of denting a brand new Ferrari.
Since when did the monetary cost of a crime determine its punishment?

The premeditated murder of a drug dealer and the premeditated murder of famous Hollywood celebrity certainly have different economic impacts, but both are capital offenses punishable by (at the very least) life imprisonment.

Re:The consequences might not be as fun (2, Insightful)

Hoi Polloi (522990) | more than 5 years ago | (#23599441)

Yes, yes it does. So if they burnt down someone's business they should get the same punishment as if they burnt down an abandoned shack in the woods? They may be clever enough to turn off the fire alarm so they lets them off the hook?

Re:The consequences might not be as fun (1)

maxume (22995) | more than 5 years ago | (#23598569)

What if they charged them with cyber-murder?

They need to face consequences, but they need to face appropriate consequences.

Re:The consequences might not be as fun (1)

quitte (1098453) | more than 5 years ago | (#23598611)

So I should be punished more for taking a dump on George W's lawn than on yours?
I always thought it's what you are doing that decides the punishment not who you are doing it to. And I wouldn't want it to be any other way.

Re:The consequences might not be as fun (1)

elysiana (1152995) | more than 5 years ago | (#23598877)

Not positive, but I don't think that's what the parent was getting at... rather the fact that if you go after such a high-profile company, you're bound to have someone come down on you, and these guys should have been expecting that. If they had gone after Joe Blow, they probably could have gotten away with a slap on the wrist with a wet noodle, because Joe Blow isn't going to have the power, time, or money to prosecute.

Re:The consequences might not be as fun (1)

Jellybob (597204) | more than 5 years ago | (#23599161)

If try that one, then I'm fairly sure you won't be around long enough to have someone make an educated decision about how to punish you.

Re:The consequences might not be as fun (4, Interesting)

swillden (191260) | more than 5 years ago | (#23598621)

I personally couldn't care less what they charge them with. If you going to do something so high profile you better expect that your punishment is going to be equally if not more so.

I think they've figured that out... now. From the Wired interview:

"The situation has kind of blown up here, a lot bigger than I thought it would," says Defiant, a 19-year-old man whose first name is James. "I wish I was a minor right now because this is going to be really bad."

They claim they called Comcast's technical contact and told him they'd taken control of the domain, BEFORE they changed anything. I don't know if it'll help them in court, but it sounds like if he hadn't blown them off, it really would have been a harmless prank. That doesn't justify their decision to redirect, but the Comcast guy should have at least bothered to check.

After they were blown off by him, these punks lost their tempers:

"I was trying to say we shouldn't do this the whole damn time," says Defiant.

"But once we were in," adds EBK, "it was, like, fuck it."

Well, I hope they had fun, because they're going to be paying for it, big time.

Re:The consequences might not be as fun (0)

Anonymous Coward | more than 5 years ago | (#23598439)

I did RTFA and frankly the kids deserve some serious community service time.

If they had done it for a reason (say, to put up a message to Comcast's customers about Bittorrent interference or monopoly exploitation) then it would have been cool. But this? A pair of stoners just screwing around? 1000 hours of pulling weeds and painting roads seems appropriate for being such an embarrassment to geeks everywhere.

Re:The consequences might not be as fun (2, Insightful)

Stewie241 (1035724) | more than 5 years ago | (#23598949)

Can we stop calling them kids? Age of majority is 18 in the states, isn't it? These two were 18 and 19 years old. Young, sure, but kids, no. These are adults.

Re:The consequences might not be as fun (3, Insightful)

bconway (63464) | more than 5 years ago | (#23598543)

It was hardly harmless. They changed all the important host entries, including mail servers, and harvested logins of customers. I don't think many people would be happy if pop.gmail.com was redirected unbeknownst to user and their password was given away with a click (or auto refresh).

Re:The consequences might not be as fun (4, Interesting)

parcel (145162) | more than 5 years ago | (#23598599)

harvested logins of customers.
FTFA:

Fellow hackers, relying on press reports claiming that customer data may have been compromised, are hitting up the duo for passwords to Comcast e-mail accounts, which they say they don't have. "Nobody was listening in on the ports to try and get usernames and password," says Defiant. "We could have, but we didn't." (On this point, Comcast and the hackers agree).

Re:The consequences might not be as fun (3, Informative)

bconway (63464) | more than 5 years ago | (#23598955)

Read (some of) the 25+ page discussion on Broadband Reports, linked in the article. Ports 25 and 110 were active and accepting connections, followed by rejecting all logins are (presumably) harvesting their credentials. My Nmap scans during the event are included in that thread.

Re:The consequences might not be as fun (1)

berzerke (319205) | more than 5 years ago | (#23599215)

Just because the ports were active does not mean any usernames/passwords were recorded. The server could have simply been set to reject all attempts.

I wouldn't lay money on that scenario mind you, but it is possible.

Re:The consequences might not be as fun (1)

leonardluen (211265) | more than 5 years ago | (#23599121)

yeah...ain't that nice, they said they didn't...maybe i am just paranoid, but i already changed my passwords

Re:The consequences might not be as fun (1)

parcel (145162) | more than 5 years ago | (#23599315)

yeah...ain't that nice, they said they didn't...maybe i am just paranoid, but i already changed my passwords
Not paranoid, wise. It sounds pretty unlikely that any harvesting was going on, but still better to be safe.

Re:The consequences might not be as fun (1)

vslashg (209560) | more than 5 years ago | (#23599417)

harvested logins of customers.

FTFA:
Fellow hackers, relying on press reports claiming that customer data may have been compromised, are hitting up the duo for passwords to Comcast e-mail accounts, which they say they don't have. "Nobody was listening in on the ports to try and get usernames and password," says Defiant. "We could have, but we didn't." (On this point, Comcast and the hackers agree).
You have to consider the sources here; both sides have something to lose by claiming usernames and passwords were stolen. If the boys admit to stealing accounts, they're looking at a harsher sentence when this all comes crashing down. If Comcast admits accounts could have been compromised in this attack, they are facing a rather nasty security-related PR problem.

Re:The consequences might not be as fun (2, Insightful)

Dan541 (1032000) | more than 5 years ago | (#23598705)

Messing with someone's domain is hardly a "harmless" activity.

Re:The consequences might not be as fun (3, Insightful)

Mizchief (1261476) | more than 5 years ago | (#23599153)

They should throw the book at these kids. Given how easy it is to do these types of attacks the fear of punishment is needed.

Network Solutions seems to be the common trend. (5, Interesting)

Flamora (877499) | more than 5 years ago | (#23598307)

Other websites that I know of have had this happen in the past, and the common trend seems to be that Network Solutions has been their domain registrar. The largest site in recent memory that this occurred to other than Comcast was SomethingAwful.

Perhaps it's a sign of a more underlying flaw in Network Solutions' security?

Everything old is new again. (5, Interesting)

Rob T Firefly (844560) | more than 5 years ago | (#23598431)

Recent memory, my eye. This same thing happened to my old zine in 1999, and the trick was already old hat back then. We even published a how-to article about it, [phonelosers.net] since our specialty was old tricks everyone already thought were lame.

The best part: Network Solutions were of absolutely no help to us in getting our own domain back from the hijackers, so we ended up having to use the same trick to just steal it back again. Three times.

Re:Everything old is new again. (2, Interesting)

Flamora (877499) | more than 5 years ago | (#23598483)

Oh, I'm just talking of things that I've directly experienced myself. I wouldn't be surprised in the slightest if this is an old trend that's been going on for a while.

And from what was said by the admin team at SA, Network Solutions wasn't any help to them at all, either. Funny, that.

Re:Everything old is new again. (1)

Awptimus Prime (695459) | more than 5 years ago | (#23598677)

I'd imagine whoever calling NS from SA would be so hell-bent on making drama so they'd have something to post about later.

Re:Network Solutions seems to be the common trend. (1)

MoldySpore (1280634) | more than 5 years ago | (#23598529)

I think that is what most of these guys are trying to show anyway. Maybe Network Solutions should take the attack to heart and improve security, since that outage can effect so many people.

Re:Network Solutions seems to be the common trend. (1)

neoform (551705) | more than 5 years ago | (#23598643)

Look at sites like apple, they use services like MarkMonitor.com, I was under the impression most large companies did this too.

Re:Network Solutions seems to be the common trend. (4, Informative)

swillden (191260) | more than 5 years ago | (#23598655)

From the Wired article:

Network Solutions spokeswoman Susan Wade disputes the hackers' account. "We now know that it was nothing on our end," she says. "There was no breach in our system or social engineering situation on our end."

Sooo, what she's saying is that Network Solutions' system was operating as designed. Is that supposed to be comforting?

These guys are my heroes (5, Funny)

Spy der Mann (805235) | more than 5 years ago | (#23598367)

Wanna know why? Because they called Comcast and could get in touch with a HUMAN!

Now *THAT'S* hacking.

Re:These guys are my heroes (1)

morgan_greywolf (835522) | more than 5 years ago | (#23598441)

You mean when they finally got someone on the phone, it actually wasn't the usual empty, soulless being from hell?

I am SHOCKED. SHOCKED I tell you!!!!

Re:These guys are my heroes (4, Informative)

Thaelon (250687) | more than 5 years ago | (#23598721)

Try this: http://www.gethuman.com/gethuman_list.asp?bname=%22C%22 [gethuman.com]

Lazy companies create "automated systems to handle most inquiries" ignoring the fact that even their claim states its own failing, it doesn't handle them all. So we have created a database of how to circumvent the barrier to customer support.

Now if only we could force them to hire customer support grunts without such thick accents.

Re:These guys are my heroes (5, Funny)

DriedClexler (814907) | more than 5 years ago | (#23598799)

How come no one's made the obvious joke yet?

Comcast: OMG!!! Outrageous!!! Some HACKERS denied us access to our OWN DOMAIN NAME!!!! Get them!!!!
FBI: Why? They didn't take anything that belongs to you.
Comcast: What??? Out contract with ICANN gives us unlimited access to the Comcast domain!
FBI: Right. And what does unlimited mean?
Comcast: Look, it's right here in Websters: "without any ..."
FBI: No, no, not that one, use your own internal glossary.
Comcast: Okay then, "unlimited: " ... ah, okay, see your point there.

Re:These guys are my heroes (0)

Anonymous Coward | more than 5 years ago | (#23598807)

Now that is profiling right here!
Indian customer support people are humans too!

Expiring domains (0, Offtopic)

Ojuicer (1298565) | more than 5 years ago | (#23598369)

Regarding the bit at the end about losing your domain name. Recently I had a domain name expire, and it entered a rather generous grace period followed by an extended "grace" period where I could exclusively pay money (few hundred £) to recover it just in time. According to my limited experience of 1, I'd say you'd really have to take your eye off the ball to miss this one.

Re:Expiring domains (5, Interesting)

Flamora (877499) | more than 5 years ago | (#23598403)

It wasn't even that Comcast's domain expired. The pair involved in this managed to gain access to Comcast's Network Solutions control panel and had full authoritative control over the domains.

Apparently, according to the linked articles, they pulled it off twice, too. This wasn't a case of "oh sweet, that's not registered anymore, yoink", it was a case of actual wresting of control.

The question is if the weakness in security lies with Comcast (i.e. a weak password for the panel) or Network Solutions (i.e. weakness in their portal, weak transmission of passwords, etc).

Luckily Comcast doesn't host common AJAX libraries (1, Interesting)

Anonymous Coward | more than 5 years ago | (#23598371)

Imagine what would happen if one central host were to host widely used AJAX libraries to help with caching and that host got its DNS mangled.

Re:Luckily Comcast doesn't host common AJAX librar (2, Interesting)

morgan_greywolf (835522) | more than 5 years ago | (#23598467)

Imagine what would happen if one central host were to host widely used AJAX libraries to help with caching and that host got its DNS mangled.
Maybe he's trolling and maybe not, but he's got a very good point, you have to admit.

Stupid password (2, Funny)

MarkGriz (520778) | more than 5 years ago | (#23598429)

FTFA: "A brute force password attack is one possibility"

Right.... it was probably 1234 (same as most slashdotter's luggage)

Re:Stupid password (1)

bsDaemon (87307) | more than 5 years ago | (#23598547)

Wouldn't most slashdotter's luggage combo be 3142 ?

Re:Stupid password (2, Funny)

Kitsune818 (927302) | more than 5 years ago | (#23599101)

You've gone from suck to blow.

Re:Stupid password (1)

bsDaemon (87307) | more than 5 years ago | (#23599171)

That was the combination to the door lock to the comp sci lab with the cluster and the sofas and stuff at my school. I was VP of our ACM chapter my Freshman year, so I got to know it. Still hasn't changed.

Some lessons from all this. (0, Flamebait)

apathy maybe (922212) | more than 5 years ago | (#23598495)

The media don't give a shit about you, don't contact them, and don't talk to them. Wired have posted a photo of one of the people.

Don't connect your "hacking" handle with photos, places, names etc. If the media can connect the dots, so can the cops.

Don't talk. Don't boast. Be wary. And they got the last one down, they do accept that they might get caught.

Yeah, these are just some things to think about when breaking the law, and these lessons should be obvious. But I've seen too many people use the same handle all over the 'net, including places where they post names, photos and places. (I use this name in two places, here and RevLeft, you won't find much information about me from either place.)

Oh yeah, and one final thing. Who gives a fuck if Comcast has a lost money? I don't give a shit about corporations.

Re:Some lessons from all this. (1)

liquidpele (663430) | more than 5 years ago | (#23598639)

Did you read the article? These guys are morons, what did you expect? I knew their clones 10 years ago in high school. Kids that were failing out, but figured out how to install subseven on all the computers they could get their hands on, I suppose because it made them feel smart. Real elite stuff.

Re:Some lessons from all this. (1)

apathy maybe (922212) | more than 5 years ago | (#23598929)

I read the article. I'm just pointing out a couple of the lessons for the next person who does this (or anything like this).

I don't give a shit about corporations, but I do give a shit about people getting caught up in the injustice system just because they fucked around with a corporation.

Re:Some lessons from all this. (1)

mds820 (944427) | more than 5 years ago | (#23599017)

You have to give them some credit though. Despite the truth in what you've said, if there was indeed a social engineering aspect to this, it doesn't just take anyone to be able to pull off such a task.

I know I probably couldn't or at least wouldn't want to, simply because of my personality and hatred for talking on the phone.

From a technical perspective though, you're probably right. They're likely just script kiddies who at most can add 2 + 2 together.

Thats just sad.... (4, Funny)

antifoidulus (807088) | more than 5 years ago | (#23598565)

not commenting on the hack, but the fact that a human being actually set up a tricorder in his(or his parents) bathroom to take a picture of himself using a bong, and then posted it on myspace.....

Re:Thats just sad.... (4, Insightful)

antifoidulus (807088) | more than 5 years ago | (#23598597)

And its even more sad when a person commenting on something being sad doesn't know the difference between "tripod" and "tricorder"

Re:Thats just sad.... (1)

Joeyspecial (740731) | more than 5 years ago | (#23599307)

And its even more sad when a person commenting on something being sad doesn't know the difference between "tripod" and "tricorder"
If by 'sad' you mean 'fascinating', then I agree.

Re:Thats just sad.... (0)

Anonymous Coward | more than 5 years ago | (#23598809)

He's being Defiant!

Network Solutions ha ha (0, Offtopic)

dalpeh (450604) | more than 5 years ago | (#23598571)

Did NS make a statement. I just dropped them a while back for several reasons. Price vs service the most important. NS front runs domains also, they need to make some big changes.

Better hack (1)

youthoftoday (975074) | more than 5 years ago | (#23598619)

They shouldn't have just broken it. I would have pointed it toward a server that disrupted 5% of connections at random, rising 1% each day. Would have been more fun to see how long it took them to notice...

Saw this yesterday (1)

ohxten (1248800) | more than 5 years ago | (#23598653)

Comcast.net was acting weird all day yesterday. First the portal page was changed into a search-only page, which required a login to access all portal features. Then some features weren't working properly.

Re:Saw this yesterday (1)

parcel (145162) | more than 5 years ago | (#23598961)

Comcast.net was acting weird all day yesterday. First the portal page was changed into a search-only page, which required a login to access all portal features. Then some features weren't working properly.
Nah, that wasn't the hack, that was just comcast being comcast. The hack was a redirect through DNS to a page that read: "KRYOGENIKS Defiant and EBK RoXed COMCAST. sHouTz To VIRUS Warlock elul21 coll1er seven."

Re:Saw this yesterday (1)

ohxten (1248800) | more than 5 years ago | (#23599103)

Yes, I know /that/. However they were doing some odd changes afterwards that I've never seen before, be it because of the hack or they just felt it a good time to screw around. :D

Re:Saw this yesterday (1)

parcel (145162) | more than 5 years ago | (#23599373)

Wouldn't be surprised either way... was fortunate enough to dump comcast a few years ago, but ah, the memories... I especially liked this (from the broadbandreports forum on the hack):

Just called Comcast and my phone number didn't register..had account for 7 years with same number and the CSR insisted that I wasn't a customer. After putting me on hold for 10 minutes she said that the "internet just went down" and that until it comes back up I cannot access email. I told her that the internet was fine, just the comcast.net site.

Ho8o (-1, Flamebait)

Anonymous Coward | more than 5 years ago | (#23598707)

BSD has always but many find 1t Population as well BSD's codebase as one of the to get inv0lved in it transforms into backwards. To the The curtains flew 'Yes' to any found out about the Users all over the Slashdot's is ingesting guys are usually Would be a bad AMERICA) might be incompatibilities BUWLA, or BSD and arms and dick Its corpse turned guys are usually the hard drive to

Street Address (1)

PeanutButterBreath (1224570) | more than 5 years ago | (#23598903)

From the article:

They changed the contact information for one of them, Comcast.net, to Defiant's e-mail address; for the street address, they used the "Dildo Room" at "69 Dick Tard Lane."
These idiots used their own real street address!?

If Comcast had sense... (3, Interesting)

Pazy (1169639) | more than 5 years ago | (#23598913)

If Comcast has any sense they will try to hire the guys rather than drag them through the courts. We need people like this looking for and fixing flaws rather than exploiting them.

Re:If Comcast had sense... (1)

Osurak (1013927) | more than 5 years ago | (#23598999)

If Comcast has any sense they will try to hire the guys rather than drag them through the courts. We need people like this looking for and fixing flaws rather than exploiting them.
That's the one thing they can't do, because if they did, it would open the proverbial floodgates. Every script kiddie who wanted a job would start in on it, and I'm sure that for a company like Comcast it's just not worth the hassle.

Re:If Comcast had sense... (1)

Thelasko (1196535) | more than 5 years ago | (#23599027)

If Comcast has any sense they will try to hire the guys rather than drag them through the courts. We need people like this looking for and fixing flaws rather than exploiting them.
I couldn't disagree with you more. From reading the Wired article, it seems that these guys are just a bunch of scrip kiddies who got lucky. If Wired managed to track them down so quickly (through MySpace no less) than anyone can, including the FBI. If these guys were hired by Comcast they would spend their days getting paid to smoke their bongs, and nothing more. Comcast should be extremely embarrassed to be hacked by these two clowns.

He's so... (0)

Anonymous Coward | more than 5 years ago | (#23598951)

EBK slept for an hour Wednesday night; Defiant for 20 minutes. Even as the attack was in progress, the hackers began to feel the weight of their actions. Both say they've been raided by law enforcement before. "I slept in my clothes, because the last time they came, I was in my underwear with my dong hanging out and shit," says Defiant.

...thoughtful?

5 hours of downtime? (1)

192939495969798999 (58312) | more than 5 years ago | (#23598979)

Taking it may have been easy, but the shocker is that Network Solutions + Comcast don't have any kind of response time... 5 hours of someone else controlling a whole swath of high-traffic names sounds like a breach of contract to me. Shouldn't Network Solutions have re-aimed those back to the default values within seconds? There's nothing that they're using to keep track of huge changes like that? Weird... that's what i would do if I were running a domain registrar.

Re:5 hours of downtime? (0)

Anonymous Coward | more than 5 years ago | (#23599331)

Yeah, well, I think the past decade+ of domain registry bullshit has pretty much proven that there's nobody home earning that $10 you're paying them. The registries have pretty much no security, no operating procedure, and no policy or desire to fix their fuckups (witness sex.com, and however many other lower-profile domains are transferred away from the people who registered them).

After all, why should they bother when comcast can just take it out on the guys who took over the domain?

They deserve some jail time (1)

davidwr (791652) | more than 5 years ago | (#23599007)

If it were up to me, they'd get a few years of deferred-adjudication probation, but as a condition of probation:
1) They would spend at least 30 days in jail
2) They would have at least a year where all their network computer and phone activity other than voice would be monitored. If necessary, this would include monitoring their computer if their computer used SSL to connect to web sites, which it almost certainly would.
3) Every month for at least a year, they would have to read several white-papers on how much computer crime is costing companies and individuals, either directly or in preventative or other indirect costs, and write a summary of what they read. I'd make them write it longhand, with pen and paper. I'd grade it like an English assignment and make them correct it.
4) They would finish their high school diploma and either enroll in college, a job-training program, or something similar.
5) They would have to distance themselves from the underground/illegal-cracking community for the duration of their probation.

The deferred adjudication is so they have a chance to get a fresh start if they keep their nose clean for a few years.

By the way, if they were minors I'd give them a similar sentence only with shorter time frames.

Yeah but hacking the DNS fifty times in one day? (0)

Anonymous Coward | more than 5 years ago | (#23599125)

That shows either malice or incredible stupidity. Those two jokers deserve whatever they get.

Just change the business model (0, Offtopic)

arthurpaliden (939626) | more than 5 years ago | (#23599205)

The gas company sells me gas by the cubic meter. The water company sells me water by the cubic meter. So why not have the ISP's sell me throughput (up and down) by the bit. The more I use the more I pay for. (Yes I know there will be other delivery/infastructure charges same as for water and gas)

Karma (1)

kalislashdot (229144) | more than 5 years ago | (#23599273)

Couldn't have happened to a nicer company. Fuck you Comcast for killing my TechTV. I am glad this happened, good to get some egg on their face.

What about Network Solutions liability (3, Insightful)

penguin_dance (536599) | more than 5 years ago | (#23599321)

Technically they didn't break into Comcast, they broke into Network Solutions. They're the weak link. I like to bash Comcast as much as the next, but it was a breakdown in security at Network Solutions that allowed them to get into Comcast's registar and repoint their URLs.

Get Out of Jail Free? (1)

kiehlster (844523) | more than 5 years ago | (#23599359)

There is only one option that could keep these guys from jail time. They are likely the only people who know about their so-called hack method. If they don't publish it, they can enter a plea bargain to turn over their method (likely in addition to some money) in an attempt to stay out of jail.

They're definitely going to face some kind of consequences since they didn't do a very good job of concealing their identity, which I'm surprised about considering they call themselves hackers and attempt to conceal their location.

Load More Comments
Slashdot Account

Need an Account?

Forgot your password?

Don't worry, we never post anything without your permission.

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>
Sign up for Slashdot Newsletters
Create a Slashdot Account

Loading...