Daily cyber threats and internet security news: network security, online safety and latest security alerts
May 29th, 2008

Hacked Leaves Users Without Email Access, the portal of US communications provider Comcast, was hacked on Wednesday night. As a result of the attack Comcast subscribers were unable to access their email or other services through the portal for more than two hours. Comcast is the second biggest ISP in the US and a major provider of cable TV services.

The front page was replaced by a greeting from hackers on May 28. The defacement was removed after more than two hours. Users were then confronted by a “page under construction” message before the site was restored in the early hours of Thursday morning. The site remained intermittently unavailable even after this time. The exact mechanism of the attack is still unclear, though an injected iFrame that served up content from sites under the control of hackers is suspected. Some form of DNS redirection attack may also have been involved.

Normally defacement attacks simply involve some text message or an image on a website. However, in the case of the Comcast attack it seems some attempt may have been made to snoop on its users’ login credentials.

There are still a lot of speculations about the details of this and why this happened. The defacement was claimed by 2 hackers who left the following message on a white blank page of “KRYOGENIKS Defiant and EBK RoXed COMCAST sHouTz To VIRUS Warlock elul21 coll1er seven”.

Update: Not only  the hackers hijacked Comcast’s domain name for three hours overnight, they also sent subscribers who tried to access webmail and other services to a rogue site that bragged of the exploit.

Comcast lost control of the address after the attackers changed registration information stored by its domain registrar, Network Solutions. The unauthorized change redirected people attempting to visit the site to a page that read: “KRYOGENIKS Defiant and EBK RoXed COMCAST. sHouTz To VIRUS Warlock elul21 coll1er seven.” The page was displayed after the attackers altered the site’s IP resolution information, replacing Comcast’s IP address with the rogue address In addition to their cryptic defacement, they altered the address for Comcast’s administrative contact to “69 dick tard lane, dildo room.”

Comcast said there was no immediate evidence that the attackers’ page tried to install malware or steal user credentials. But some reports claimed that email clients were redirected to the impostor address, requesting their login name and password.

It’s still unclear how the attackers accessed the registration settings on store with Network Solutions. A Network Solutions spokeswoman said the company is working with Comcast to figure out how the hackers obtained the login credentials to the account. Comcast is also working with unnamed law enforcement agencies to track down the attackers.

Share this item with others:

More on CyberInsecure:
  • Hacked And Members Information Publicly Exposed
  • Hackers Hijack Sarah Palin’s Yahoo Account, E-mails Published Online
  • SpyPhone iPhone App Can Silently Harvest And Email Personal Data
  • U.S. Military Contractor Booz Allen Hamilton Hacked, Emails And Sensitive Data Exposed
  • Chinese Spammers Target US And UK Firms, 40000 RIBA Members Warned

  • If you found this information useful, consider linking to it from your own website.
    Just copy and paste the code below into your website (Ctrl+C to copy)
    It will look like this: Hacked Leaves Users Without Email Access

    2 Responses to “Hacked Leaves Users Without Email Access”

    1. Brandon Cosio Says:
      May 29th, 2008 at 9:46 pm

      Honestly, do hackers have a freakin life or do they spend their whole day sitting at a computer trying to f*** up peoples lives. How am I supposed to know i I got the job at Best Buy. Hackers need to get a life and needto get laid!

    2. CyberInsecure Says:
      May 30th, 2008 at 2:56 am

      According to DSLReports forums, the outage is still going on, for 24 hours already.

      Thanks, Keith, for bringing this to our attention.

    Leave a Reply

    Comments with unsolicited links to other resources will be marked as spam. DO NOT leave links in comments. Please leave your real email, it wont be published.

    To prove you’re a person (not a spam script), type the security word shown in the picture. Click on the picture to hear an audio file of the word.