Teenage hackers temporarily hijacked and defaced several Comcast Web sites and redirected user e-mail in an exploit that appears to expose fundamental weaknesses in the Internet’s Domain Name System. The hackers, known as Defiant and EBK, apparently used “social engineering” — persuading insiders to hand by history info — to break into Comcast’s history at domain registrar Network Solutions.

Comcast.net — Comcast’s main Web site — was down for more than two hours, sporting a pink-on-white note that “KYROGENIX Defiant and EBK RoXed COMCAST sHouTz To VIRUS Warlock elul21 coll1er seven.”

In addition, the WHOIS database of domain ownership spewed out a stream of obscenities when queried for info on Comcast sites.

Domain Jacking

Andrew Storms, director of protection operations at nCircle Network defense, explained the nature of the exploit in an e-mail. “While we haven’t seen all the details on precisely what did transpire, more than likely the hackers performed what would be considered a well-known

and understood attack called domain hijacking,” Storms said.

“The persons who maintain control by the centrally housed domain-name knowledge with a registrar have the ability to control the DNS knowledge for that domain. Once you have control by DNS, it’s quite simple to propagate info into the Net, telling computers where a Web site can be found.”

In essence, the hackers could reroute the proper IP address for comcast.net to some other IP address — and every moment Comcast corrected the data, the hackers were able to reroute the domain.

‘Really Bad’

It doesn’t seem that the hackers did much more than deface Comcast’s Web site and interrupt users’ access to e-mail. With the level of control they had, “they could have done a lot worse,” Storms said. “Instead of displaying a defacement, they could have just as easily used their control to set up a fake Webmail site…

Original post by Top Tech News