Cable giant Comcast was the victim of a DNS hijacking beginning late Wednesday and into early Thursday, in which its internet homepage, Comcast.net, was redirected to a page boasting of the attack.

Hackers "Defiant" and "EBK" – members of the hacker group Kryogeniks – claimed credit for the stunt, which blocked Comcast customers from the company's webmail service. While the attack could theoretically have been used to trap passwords or intercept e-mail, a spokesman for the Philadelphia-based cable concern said there was "no evidence" that it was anything but a defacement.

Most of Comcast's 14 million customers are now able to access their webmail accounts from the homepage, which had read:

KRYOGENIKS Defiant and EBK RoXed Comcast sHouTz to VIRUS Warlock elul21 coll1er seven

The shout out to "Virus" refers to another Kryogeniks member, 18-year-old Mike Nieves, who was charged as a minor last year for a hacking spree at AOL.

Defiant and EBK apparently acquired the username and password for Comcast's domain management account with Network Solutions, the cable company's registrar. Using that, they changed Comcast's server settings. There was no broad penetration of Network Solutions, said a spokeswoman for the Herndon, Virginia-based registrar, which has some seven million domains.

"Somebody was able to log into the account using the username and password. It was an unauthorized access," said spokeswoman Susan Wade. "It wasn't like somebody hacked into it. The Network Solutions account was not hacked. "

But it was unclear how the hijackers obtained the user name and password to redirect to servers in Germany. Wade didn't rule out the possibility that Network Solutions may have released the information in a social engineering attack.

"They ping us and say this is my domain and say, 'I'd like to reset my password,'" Wade said. "It could have been compromised through e-mail. They could have gotten it if they acted as the customer. We're not clear."

Wade added that, "Somebody could have come in and requested it. All of the authorizations checked out."

Wade said engineers were working to find the location of the online account that accessed Network Solutions to change Comcast's settings. For its part, Comcast said it was working with law enforcement authorities in a bid to find out how the security breach occurred.

"We are doing all kinds of forensic analysis of the records to see what exactly happened," said Charlie Douglas, a Comcast spokesman. "Somebody logged into the account at Network Solutions and made alterations to our settings and account information and redirected Comcast.net to another site. Whoever did it was not authorized to do that."

See Also: