http://blog.wired.com/27bstroke6/2008/05/comcast-hijacke.html

The computer attackers who took down Comcast's homepage and webmail service for more than five hours Thursday say they didn't know what they were getting themselves into.

In an hour-long telephone conference call with Threat Level, the hackers known as "Defiant" and "EBK" expressed astonishment over the attention their DNS hijacking has garnered.

And just for your interest:

http://torrentfreak.com/comcast-hacked-in-bittorrent-throttling-packback-080529/

Administrative Contact:
Domain Registrations, Comcast kryogenicsdefiant@gmail.com
Defiant still raping 2k8 ebk
69 dick tard lane
dildo room
PHILADELPHIA, PA 19103
US
4206661870 fax: 6664200187

Technical Contact:
Comcast Corporation kryogenicsdefiant@gmail.com
1500 Market Street
Philadelphia, PA 19102
US
215-320-8774 fax: 215-564-0132

Record expires on 24-Sep-2008.
Record created on 25-Sep-1997.
Database last updated on 28-May-2008 23:48:08 EDT.

Domain servers in listed order:

NS21.WORLDNIC.COM 205.178.190.11
NS22.WORLDNIC.COM 205.178.144.11

lol thats kind of funny.

But someone will be getting their hand slapped, VERY hard. :P

Coulden't have happened to a more deserving company.

:P have to admire the kids

Seems the attack was taken against comcast's registrar (netsol)...


If Comcast was able to get stolen through Network Solutions, This only makes one wonder what else is at risk.

and security and safety was their excuse to charge $35/year...

The article is a load of bull though.
"Social engineering and a technical vulnerability in the registrars console."
Yeah right. What possible combo of exploiting is that?

They had to have had the login before they gained access.
NetSol makes it so you can use any login name you want, and how could they specifically target comcasts account when they had no idea what the login was?
They would in such a case need a list of all logins/accounts netsol has.

I rather think they got the login another way.

The article is a load of bull though.
"Social engineering and a technical vulnerability in the registrars console."
Yeah right. What possible combo of exploiting is that?

They had to have had the login before they gained access.
NetSol makes it so you can use any login name you want, and how could they specifically target comcasts account when they had no idea what the login was?
They would in such a case need a list of all logins/accounts netsol has.

I rather think they got the login another way.

I beg to differ. If you have any idea, or actual understanding of social engineering (aside from textfiles and articles) You would understand that getting what you want is the POINT. I don't see it being that difficult to do on a account-to-account basis. Simply getting them to change the email would serve for multiple purposes such as resetting the password.

As for Social Engineering (Socialing) being a technical vulnerability, I don't think thats the proper category. I think it falls more under human flaw, And EVERYBODY is vulnerable to it.

Hey, whatever they did certainly works, and one of the most well known hackers (Kevin Mitnick) in the world used social engineering, so it's a pretty proven technique. can't say that I feel bad for comcast as a customer, they are sort of deserving for the way they treat their customers but i am disappointed with netsol still being so vulnerable.

I beg to differ. If you have any idea, or actual understanding of social engineering (aside from textfiles and articles) You would understand that getting what you want is the POINT. I don't see it being that difficult to do on a account-to-account basis. Simply getting them to change the email would serve for multiple purposes such as resetting the password.

As for Social Engineering (Socialing) being a technical vulnerability, I don't think thats the proper category. I think it falls more under human flaw, And EVERYBODY is vulnerable to it.

Yeah exactly. You need to read what you type.
How can they know which account to social engineer info out of?
"hey i work for comcast and we lost our login and password, and i cant reset my email, whats my login name?"

They didn't social engineer the account name, they just couldn't have, unless NetSol is stupid beyond all repair.
They had to have gotten the login, and probably the password too, from another source.

Yeah exactly. You need to read what you type.
How can they know which account to social engineer info out of?
"hey i work for comcast and we lost our login and password, and i cant reset my email, whats my login name?"

They didn't social engineer the account name, they just couldn't have, unless NetSol is stupid beyond all repair.
They had to have gotten the login, and probably the password too, from another source.

You would be surprised. Just because how you play it in your head doesn't make sense, doesn't mean somebody else doesn't have a plan.

They could, for one, social bits of information at a time. Or maybe even reset the email on the account - They do give @comcast.net emails out for free... I could probably make netops@comcast.net and ******** my way to getting the email reset.

Theres endless ways. But i doubt that they socialed a login to netsol (being as to its more than likely behind a vpn / vlan)
Not impossible, But unlikely.

Also, i believe account names with netsol go by email as well. /whois comcast.net


There is endless possibilities. Just don't rule things out because it doesn't make sense to you.

If Comcast was able to get stolen through Network Solutions, This only makes one wonder what else is at risk.

Heh, anything's at risk. And I agree possibilities are endless.

Too bad we'll probably never know how exactly Comcast.net was compromised. At least theirs was rectified arguably quickly, unlike panix.com.

If you read the book of Kevin Mitnick about social engineering, you can understand how this whole thing work (for some people it is very easy to get the information they want - especially non technical staff is very vulnerable to such attacks).

You would be surprised. Just because how you play it in your head doesn't make sense, doesn't mean somebody else doesn't have a plan.

They could, for one, social bits of information at a time. Or maybe even reset the email on the account - They do give @comcast.net emails out for free... I could probably make netops@comcast.net and ******** my way to getting the email reset.

Theres endless ways. But i doubt that they socialed a login to netsol (being as to its more than likely behind a vpn / vlan)
Not impossible, But unlikely.

Also, i believe account names with netsol go by email as well. /whois comcast.net


There is endless possibilities. Just don't rule things out because it doesn't make sense to you.

Emails dont go by email, I don't use that at least.
But either way, you may be right, it just seems very stupid of netsol if its so.

I'm just wondering why comcast had a Network Solutions account. Even google is ICANN accredited and what to they have, like 3 domains? (I know they have a few more than that but you get the point). I don't think the non-refundable $2,500 application fee would be a problem for comcast. Or is it because VeriSign is the Registry Operator for .com and .net names?

I'm just wondering why comcast had a Network Solutions account. Even google is ICANN accredited and what to they have, like 3 domains? (I know they have a few more than that but you get the point). I don't think the non-refundable $2,500 application fee would be a problem for comcast. Or is it because VeriSign is the Registry Operator for .com and .net names?

commonly asked... and i think google has a bit more than 3 ;)
http://www.webhosting.info/webhosts/reports/total_domains/GOOGLE.COM

This isn't anything new. This was released 4+ years ago:
/*
* Networksolutions domain name proof-of-concept cracker
* by bysin@efnet
*
* Netsol was notified several times to fix this problem,
* and no action was taken. Therefore, I take it upon myself
* to release this source code in order for them to get
* their **** straight.
*
* Usage:
* ./domain <userid> [number of threads]
* Ex:
* ./domain 66666666 1
*
* --------------------------------------
*
* The security question network solution asks is, by default
* the last 4 digits of your social security #. This can
* easily be cracked by an attacker. By going to
*
* http://www.networksolutions.com/en_US/manage-it/forget-login.jhtml
*
* and entering the userid of the domain. Then guessing the
* 4 digit number, an attacker can easily change the password
* for the domain, then transfer the domain to them.
*
* This program speeds up the process by guessing all 4 digit
* combinations.
*
* --------------------------------------
*
* To receive the userid of a domain, visit
*
* https://www.networksolutions.com/en_US/manage-it/forget-login.jhtml
*
* and enter the domain name under "Enter a domain name" and hit
* continue. Select a random domain contact if prompted and hit
* continue. There is an option to enter an email address, select
* that option, then enter your email address and hit continue.
* It sometimes takes a few trys of going back and hitting continue
* until the email is sent. Wait 2 minutes and the userid is in
* your email box.
*
* --------------------------------------
*
* DO NOT USE THIS ON A DOMAIN YOU DONT OWN
* THAT IS ILLEGAL AND IMMORAL!
*
* ^^ This is your warning, I will not take any responsibility
* for illegal activity done by running this program.
*/

.....


Networksolutions solution to this exploit was placing a CAPTCHA in place to prevent brute forcing of the SSN. If someone was committed enough they could crack the login info for a domain using the last 4 of SSN manually.

I tried that thing and I needed to update via FAX process. So it doesn't work exactly as stated.. Of course I'm not going to try the fax thing cause that would be illegal :P

Call them and furiously scream that your email doesnt work and that you are loosing big cash etc for a while and when they just wanna hang up quickly ask them to reset the password "because it worked the last time" and they will reset the password before you have time to say "open sesame"...

...would probably not work ;P