US cable corporation Comcast found itself the victim of a cracker attack on Wednesday that left customers unable to access the company's homepage – which cut them off from their webmail service.
According to an article on Wired
, the attack took place late on Wednesday and continued until early Thursday. The attack didn't actually touch the Comcast servers themselves and was designed to redirect visitors to the Comcast homepage to a spoof page boasting of the cracker group's exploits. This was achieved by altering the DNS records for the website in order to point to a completely different server – rather akin to turning a roadsign around and sending people in the wrong direction.
The attack, which was allegedly carried out by “Defiant” and “EBK” of the cracker group Kryogeniks according to the target page for the DNS redirect, was certainly embarrassing but left no real damage after the event. As the crackers never gained access to any Comcast servers, the cleanup was quick (resetting the DNS records) and no customer data was at risk during the attack.
That said, if the crackers had put up a spoof Comcast page instead of just a defaced page proclaiming how they “RoXed Comcast
” it would have been easy to gather customer data from users logging in to the site – including usernames and passwords, various account details, and even credit card information.
What isn't clear so far is how
the crackers managed to alter the DNS records for the site. According to Network Solutions, the company responsible for managing the DNS records for Comcast's web presence, the records were changed by an individual who logged in to the Comcast control panel using a valid username and password with no failed login attempts that would indicate a brute-force attempt. Whether the group obtained this key, without which they would not have been able to carry out the attack, from an employee of either company via social engineering isn't yet clear.
Although Comcast has come under fire recently
for filtering certain traffic and censoring its customers' Internet connections, there appears to have been no political motive behind the attack – just a group of bored script kiddies looking for a high-traffic site to spray-paint their name across.
Do any of our American readers use Comcast for their connectivity? Did anyone try to visit the site during its unfortunate outage? Share your thoughts over in the forums