How was Comcast.net hijacked?

How was Comcast.net hijacked?

Summary: It's official, even a pothead can social engineer Network Solutions.

SHARE:
4

It's official, even a pothead can social engineer Network Solutions. In an in-depth interview with the hijackers, featuringComcastÂ’s DNS records hijacked, redirect to hacked page some screenshots showing they had access to the complete portfolio of over 200 domain names controlled by Comcast, the details of how they did it, and why they did it are now coming straight from the source of the attack :

The hackers say the attack began Tuesday, when the pair used a combination of social engineering and a technical hack to get into Comcast's domain management console at Network Solutions. They declined to detail their technique, but said it relied on a flaw at the Virginia-based domain registrar. Network Solutions spokeswoman Susan Wade disputes the hackers' account. "We now know that it was nothing on our end," she says. "There was no breach in our system or social engineering situation on our end."

However they got in, the intrusion gave the pair control of over 200 domain names owned by Comcast. They changed the contact information for one of them, Comcast.net, to Defiant's e-mail address; for the street address, they used the "Dildo Room" at "69 Dick Tard Lane." Comcast, they said, noticed the administrative transfer and wrested back control, forcing the hackers to repeat the exploit to regain ownership of the domain. Then, they say, they contacted Comcast's original technical contact at his home number to tell him what they'd done.

Following ICANN's recently released advisory on preventing the very same impersonation attacks, it appears that even a first-tier domain registrar is still susceptible to registrant impersonation attacks. Makes you wonder on the state of understanding, detecting, and preventing social engineering attacks on the rest of the domain registrars.

Topic: Social Enterprise

Dancho Danchev

About Dancho Danchev

Dancho Danchev is an independent security consultant and cyber threats analyst, with extensive experience in open source intelligence gathering, malware and cybercrime incident response.

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

4 comments
Log in or register to join the discussion
  • I saw the date 2010

    I was wondering if hackers advanced the date to confound systems.
    BALTHOR
  • RE: How was Comcast.net hijacked?

    I'm not sure where your looking, but that's probably just the expiration date. Which is nothing unusual. Really I have a feeling this was just poor security from a registrar with a history of security issues. If Comcast had gone with a registrar that is set up for corporations, I would bet this never would have happened.
    vertchlngd
  • Master Joe Says...

    Didn't you read the post? The spokeswoman, Susan, says that there was no issue on Network Solutions' end. What a joke. What is it about today's society that causes no one to accept liability and accountability for their actions? Every commercial I hear about getting out of debt, bein goverweight, and not being able to stick to a diet ahs teh same message. It's nto your fault. This is no different. Basically, Susan says, "It's not our fault." Well, although I do not know the specifics, I am willing to bet that there is a strong possibility that there was at least SOME blame on Network Solutions' end. The facts are simple. The hijack happened. There is blame on both Comcast's part and Network Solutions' part. The event is over. Those responsible should and need to accept liability. There are domains hacked on a daily basis, and Comcast jsut happens to be a big one. I personally don't understand the purpose of hijacking, defacing, or otherwise harming a domain, but that is just me. I think that it gives the term hacker a negative conotation, and generalizes the term. Those people who do this type of activity are either cyber terrorists, script kiddies, or, to put it bluntly, morons. Hackers are those who actually KNOW what they are doing, and use the information gathered to assist in securing the domains, rather than deface them.

    --Master Joe
    SteelCityPC
  • RE: How was Comcast.net hijacked?

    It is scary that this could happen and this vulnerability still exist now. I think that Master Joe is correct that blame could be casted on both Comcast and Network Solutions in this case. Network Solutions for not securing their system and being proactive to prevent such security breaches. Comcast for not believing they were about to cracked (the proper term for hacking for bad purposes) and not taking appropriate measures to prevent this happening.
    However I disagree with Master Joe considering these people "morons". These people are very intelligent people that are that have no proper outlet for their creative work. Remember that these "kids" contacted Comcast and Comcast shun them thinking they were fooling around. After many years in many countries I discovered many intelligent people some may call "morons" but if you allow them to properly vent creative ideas and properly channel them then you can use it to for good and if we properly pay them for talent then you will have something good to come out of this. Master Joe is correct that these people should vent their intelligence on good but most company and people shun them so they have "no choice" but to do "bad" to show good they are. Companies today are too greedy to know something good in front of them and we are losing much from that type of thinking.

    Here is my quote:
    Bored dumb people with technology don't harm many people, it is the bored intelligent people that do.
    phatkat