Comcast Hijackers Say They Warned the Company First
By Kevin Poulsen May 29, 2008 | 7:44:07 PMCategories: Crime, Hacks And Cracks
The computer attackers who took down Comcast’s homepage and webmail service for more than five hours Thursday say they didn’t know what they were getting themselves into.
In an hour-long telephone conference call with Threat Level, the hackers known as “Defiant” and “EBK” expressed astonishment over the attention their DNS hijacking has garnered. In the call, the pair bounded freely between jubilant excitement over the impact of their attack, and fatalism that they would soon be arrested for it.
“The situation has kind of blown up here, a lot bigger than I thought it would,” says Defiant, a 19-year-old man whose first name is James. “I wish I was a minor right now because this is going to be really bad.”
The two hackers are members of the underground group Kryogeniks. The interview was arranged by Mike “Virus” Nieves, an 18-year-old New Yorker who pleaded guilty as a minor last year to hacking AOL. Neives, who was on the call, is also a member of Kryogeniks, though he and his compatriots say he’s stopped hacking.
Nieves vouched for the identities of the hackers. Threat Level also confirmed Defiant’s identity over AOL instant messenger, on a handle that’s known to belong to Defiant.
Neither hacker would identify their full names or locations. Defiant’s MySpace profile lists him in Cashville, Tennessee, but he says that’s incorrect. His girlfriend lists herself in New York. Threat Level expects both hackers’ names and locations will emerge soon.
The hackers say the attack began Tuesday, when the pair used a combination of social engineering and a technical hack to get into Comcast’s domain management console at Network Solutions. They declined to detail their technique, but said it relied on a flaw at the Virginia-based domain registrar.
Network Solutions spokeswoman Susan Wade disputes the hackers’ account. “We now know that it was nothing on our end,” she says. “There was no breach in our system or social engineering situation on our end.”
However they got in, the intrusion gave the pair control of over 200 domain names owned by Comcast. They changed the contact information for one of them, Comcast.net, to Defiant’s e-mail address; for the street address, they used the “Dildo Room” at “69 Dick Tard Lane.”
Comcast, they said, noticed the administrative transfer and wrested back control, forcing the hackers to repeat the exploit to regain ownership of the domain. Then, they say, they contacted Comcast’s original technical contact at his home number to tell him what they’d done.
When the Comcast manager scoffed at their claim and hung up on them, 18-year-old EBK decided to take the more drastic measure of redirecting the site’s traffic to servers under their control. (Comcast would neither confirm nor deny the warning phone call.)
“If he wasn’t such a prick, he could have avoided all of that,” says EBK. “I wasn’t even really thinking. Plus, I’m just so mad at Comcast. I’m tired of their shitty service.”
“They called me back five minutes later and said, ‘We got Comcast’,” recalls Nieves.
The defacement message was short and simple: “KRYOGENICS Defiant and EBK RoXed Comcast,” it read. “sHouTz to VIRUS Warlock elul21 coll1er seven.”
Fellow hackers, relying on press reports claiming that customer data may have been compromised, are hitting up the duo for passwords to Comcast e-mail accounts, which they say they don’t have. “Nobody was listening in on the ports to try and get usernames and password,” says Defiant. “We could have, but we didn’t.” (On this point, Comcast and the hackers agree).
The hackers say the flaw they exploited still exists, and that other large websites are equally vulnerable. Asked if they plan to attack anyone else, EBK says, “Who knows. Only Kryogeniks knows”
The elder hacker in the team says he was reluctant to use his access to take over Comcast.net, and emphasizes that the pair tried to warn Comcast about the flaw.
“I was trying to say we shouldn’t do this the whole damn time,” says Defiant.
“But once we were in,” adds EBK, “it was, like, fuck it.”
(David Kravets contributed to this report)