Hackers knocked Comcast.net offline late Wednesday night, preventing customers from getting to their Comcast Web mail and account records on the company's Internet portal.
The criminals somehow got their hands on passwords used to alter domain-name registration information with Comcast's registrar, Network Solutions, said Susan Wade, a Network Solutions spokeswoman. With access to the Comcast.net record, the hackers were able to switch the DNS (Domain Name System) servers associated with Comcast.net and redirect Internet traffic to their own server. They also added offensive comments to the Comcast.net record.
Visitors who went to Comcast's portal between approximately 11 p.m. Eastern time Wednesday and 12:30 a.m. Thursday were greeted with either a "Site under construction" message or a cryptic note reading: "KRYOGENIKS EBK and DEFIANT RoXed COMCAST sHouTz To VIRUS Warlock elul21 coll1er seven," an apparent reference to the hackers who had compromised the site and to their friends.
This attack is connected to recent defacement of the MySpace.com profiles of Justin Timberlake, Hilary Duff and Tila Tequila, said security researcher Dancho Danchev.
No one knows how the hackers gained access to Comcast's Network Solutions account. In the past, registrars have been tricked into handing over control of Internet domains. But Danchev said that lately, criminals have also been using phishing attacks to try to take control of Web domains.
Throughout Thursday, the Comcast.net Web page continued to experience problems. For many visitors, the page was missing graphics and had the look and feel of an early 1990s Web site.
"We believe that our registration information at the vendor that registers the Comcast.net domain address was altered, which redirected the site, and is the root cause of today’s continued issues as well," Comcast said Tuesday in a statement. " We have alerted law enforcement authorities and are working in conjunction with them.”
Neither Comcast nor Network Solutions can say how the hackers got their hands on the Comcast password, but this type of problem is not unheard of, Wade said. "It's not frequent, but it does happen," she said.
There are steps that companies can take to secure their domain name registration accounts, Wade said. "We tell folks, especially big companies, to consolidate domains so you have someone in charge of all the domains," she said. "We encourage people to update their passwords on a regular basis and make sure the passwords are complicated."
Get the independent advice and expertise you need to support a virtual workforce.
The increase in Linux popularity has increased the frequency and sophistication of malware attacks. Read this 2 page white paper now to learn how you can protect your Linux environment with real-time protection that is certified by all major Linux vendors.
Download now »
Ensuring acceptable application delivery will become even more difficult over the next few years. As a result, IT organizations need to ensure that the approach that they take to resolving the current application delivery challenges can scale to support the emerging challenges. This handbook elaborates on the key tasks associated with planning, optimization, management and control and provides decision criteria to help IT organizations choose appropriate solutions.
Download now »
A common misconception is that mid-range storage requirements are dramatically different than that of a larger enterprise. Mid-range storage users may require less capacity, but they have similar functionality and management requirements. This ESG paper examines mid-range storage needs and reviews a new solution that adjusts size while retaining value, performance and functionality.
Download now »
Sign up to receive Security Resource Alerts
This white paper provides guidance on how to develop a strategic approach to managing and monitoring logs, a key function required for compliance with many regulatory mandates and a critical defense against security threats.
Download now! »
Learn about the processes and technologies that support security information management (SIM) operations, as well as the business case for SIM. The series examines different options for implementing SIM and gives you evaluation criteria for selecting the best option for your organization.
Download now! »
Learn the strategies, actions, and capabilities that Best-in-Class organizations employ and technologies they choose to obtain superior performance against various security performance metrics. This report provides guidelines for identifying which security solutions to consume as a MSS and defines best practices for choosing and managing MSSPs.
Download now! »
10 Recommendations
