How was Comcast.net hijacked?

Summary:It's official, even a pothead can social engineer Network Solutions.

It's official, even a pothead can social engineer Network Solutions. In an in-depth interview with the hijackers, featuring

ComcastÂ’s DNS records hijacked, redirect to hacked page
some screenshots showing they had access to the complete portfolio of over 200 domain names controlled by Comcast, the details of how they did it, and why they did it are now coming straight from the source of the attack :

The hackers say the attack began Tuesday, when the pair used a combination of social engineering and a technical hack to get into Comcast's domain management console at Network Solutions. They declined to detail their technique, but said it relied on a flaw at the Virginia-based domain registrar. Network Solutions spokeswoman Susan Wade disputes the hackers' account. "We now know that it was nothing on our end," she says. "There was no breach in our system or social engineering situation on our end."

However they got in, the intrusion gave the pair control of over 200 domain names owned by Comcast. They changed the contact information for one of them, Comcast.net, to Defiant's e-mail address; for the street address, they used the "Dildo Room" at "69 Dick Tard Lane." Comcast, they said, noticed the administrative transfer and wrested back control, forcing the hackers to repeat the exploit to regain ownership of the domain. Then, they say, they contacted Comcast's original technical contact at his home number to tell him what they'd done.

Following ICANN's recently released advisory on preventing the very same impersonation attacks, it appears that even a first-tier domain registrar is still susceptible to registrant impersonation attacks. Makes you wonder on the state of understanding, detecting, and preventing social engineering attacks on the rest of the domain registrars.

Topics: Social Enterprise

About

Dancho Danchev is an independent security consultant and cyber threats analyst, with extensive experience in open source intelligence gathering, and cybercrime incident response. He's been an active security blogger since 2007, and maintains a popular security blog sharing real-time threats intelligence data with the rest of the community... Full Bio

zdnet_core.socialButton.googleLabel Contact Disclosure

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Related Stories

The best of ZDNet, delivered

You have been successfully signed up. To sign up for more newsletters or to manage your account, visit the Newsletter Subscription Center.
Subscription failed.