bit-tech.net

Comcast hit by DNS attack

Comcast hit by DNS attack

Comcast's homepage, which was unavailable for a little over twelve hours, is now back to normal.

US cable corporation Comcast found itself the victim of a cracker attack on Wednesday that left customers unable to access the company's homepage – which cut them off from their webmail service.

According to an article on Wired, the attack took place late on Wednesday and continued until early Thursday. The attack didn't actually touch the Comcast servers themselves and was designed to redirect visitors to the Comcast homepage to a spoof page boasting of the cracker group's exploits. This was achieved by altering the DNS records for the website in order to point to a completely different server – rather akin to turning a roadsign around and sending people in the wrong direction.

The attack, which was allegedly carried out by “Defiant” and “EBK” of the cracker group Kryogeniks according to the target page for the DNS redirect, was certainly embarrassing but left no real damage after the event. As the crackers never gained access to any Comcast servers, the cleanup was quick (resetting the DNS records) and no customer data was at risk during the attack.

That said, if the crackers had put up a spoof Comcast page instead of just a defaced page proclaiming how they “RoXed Comcast” it would have been easy to gather customer data from users logging in to the site – including usernames and passwords, various account details, and even credit card information.

What isn't clear so far is how the crackers managed to alter the DNS records for the site. According to Network Solutions, the company responsible for managing the DNS records for Comcast's web presence, the records were changed by an individual who logged in to the Comcast control panel using a valid username and password with no failed login attempts that would indicate a brute-force attempt. Whether the group obtained this key, without which they would not have been able to carry out the attack, from an employee of either company via social engineering isn't yet clear.

Although Comcast has come under fire recently for filtering certain traffic and censoring its customers' Internet connections, there appears to have been no political motive behind the attack – just a group of bored script kiddies looking for a high-traffic site to spray-paint their name across.

Do any of our American readers use Comcast for their connectivity? Did anyone try to visit the site during its unfortunate outage? Share your thoughts over in the forums.

13 Comments

Discuss in the forums Reply
Veles 31st May 2008, 08:00 Quote
Shame they just did a 'I wuz ere' could have been quite funny to do a spoof site taking the piss out of their throttling, etc.
salesman 31st May 2008, 10:34 Quote
I'm an American but i have charter cable not comcast, I don't go to charters web page even still.
woodshop 31st May 2008, 10:43 Quote
Comcast here.. first i've heard of it.. never ever even accessed via webmail once.. heck.. i've never even been to the site lol. got to love pop service.
ChromeX 31st May 2008, 14:03 Quote
Quote:
Originally Posted by salesman
I'm an American but i have charter cable not comcast, I don't go to charters web page even still.

ey, I cant remember the last time I was on orange's webpage (my isp)
ChurchofVirus 31st May 2008, 20:53 Quote
I have Comcast, I never once have went to their site. Most people who would use Comcast mail are generally the less than savvy pc users. Pretty wild stuff though. MSN and Hotmail myself.
pendragon 1st June 2008, 05:22 Quote
i have Comcast as well.. I don't use their webmail, though a coworker of mine uses it ... he was a little concerned at first and sent me out an email about it.. .glad they didn't actually hack their mail servers.
Fozzy 2nd June 2008, 05:54 Quote
I have comcast. I'm glad it wasn't harmful to any of the customers but it would have been better if they did something really funny. It would be great if somebody hacked wow and put their guild name in the corner of every user's screen hahaha
devdevil85 2nd June 2008, 16:20 Quote
that's Comcastic!!
TGImages 2nd June 2008, 16:34 Quote
Comcast is strictly a connection for me. Mail is hosted elsewhere and I don't need/use their site. Didn't even know about this until reading it here.
Neogumbercules 2nd June 2008, 23:39 Quote
Cox cable here. I don't use any of the web features they provide, and I can't really remember the last time I went to their site, either :D
DannyDirect 18th June 2008, 16:29 Quote
What the hell, I was reading this article, fell as leep a little bit, thought I went to work, but no, i just dream it, thanks alot, now I still have to go to work.
Gareth Halfacree 18th June 2008, 16:52 Quote
Quote:
Originally Posted by DannyDirect
What the hell, I was reading this article, fell as leep a little bit, thought I went to work, but no, i just dream it, thanks alot, now I still have to go to work.
Wow. My writing is that scintillating, huh?
juantete 12th February 2009, 07:01 Quote
Quote:
Originally Posted by DannyDirect
What the hell, I was reading this article, fell as leep a little bit, thought I went to work, but no, i just dream it, thanks alot, now I still have to go to work.

What the hell Danny, seems that you worked twice then... next time an article is boring to you, dream you are dreaming... :-)
Log in

You are not logged in, please login with your forum account below. If you don't already have an account please register to start contributing.



Discuss in the forums