« When Poor Deprovisioning Practices Attack | Main | Apple Releases Leopard Security Guide »
June 2, 2008
Lesson: Be Nice to Random Strangers Claiming to Have Owned Your DNS
A pair of hackers compromised over 200 Comcast domains claiming a combination of technical hackery and social engineering:
“Network Solutions spokeswoman Susan Wade disputes the hackers’ account. ‘We now know that it was nothing on our end,’ she says. ‘There was no breach in our system or social engineering situation on our end.’
“However they got in, the intrusion gave the pair control of over 200 domain names owned by Comcast. They changed the contact information for one of them, Comcast.net, to Defiant’s e-mail address; for the street address, they used the ‘Dildo Room’ at ‘69 Dick Tard Lane.’
“Comcast, they said, noticed the administrative transfer and wrested back control, forcing the hackers to repeat the exploit to regain ownership of the domain. Then, they say, they contacted Comcast’s original technical contact at his home number to tell him what they’d done.
“When the Comcast manager scoffed at their claim and hung up on them, 18-year-old EBK decided to take the more drastic measure of redirecting the site’s traffic to servers under their control. (Comcast would neither confirm nor deny the warning phone call.)
“‘If he wasn’t such a prick, he could have avoided all of that,’ says EBK. ‘I wasn’t even really thinking. Plus, I’m just so mad at Comcast. I’m tired of their shitty service.’”
I have no idea how Network Solutions “knows” there was no social engineering involved. Did they just send out an e-mail to everyone saying “Slide your name under HR’s door before work starts tomorrow and no harm will come to you”?
“If he wasn’t such a prick, he could have avoided all of that” sounds like something I’d like to have as a needlepoint sampler on my wall.
(Link)
Posted by mhall at 11:10 PM | Add Comment
Leave a comment