Skip

"But once we were in, it was, like, fuck it."
May 31, 2008 12:48 AM   Subscribe

On May 29th two hackers infiltrated Comcast, gaining control of over 200 domain names, for nearly six hours. Was it revenge for Comcast's recent sabotage of BitTorrent networks? Or was it merely a "generic attack?" Either way, it's been forty eight hours and the police have yet to come knocking. Freaked, yet proud they hackers have given an exclusive interview to Wired.
posted by PostIronyIsNotaMyth (51 comments total) 4 users marked this as a favorite

 
wait a second... a 19-year old pot-smoking high school dropout can figure out how to do this shit?

i give up.
posted by teletype1 at 1:21 AM on May 31, 2008 [1 favorite]


Ooh. Color me impressed. Two hundred entire domain names? Six whole hours?

...

Actually, I did have a hilarious and humiliating punchline, but I just realized those two guys, or hackers like them, might be able to do something like that to my website.

So.

Those guys are alright!

Why would anyone want to ever insult such fine upstanding young gentlemen? I'm sure it was just some kinda misunderstanding and I certainly wouldn't want to hope the police knock on their door or anything like that! God bless hackers who may or may not sabotage websites or hijack corporate servers, but who wouldn't ever leave a person's front page with "Zach is a big douche and likes to suck cock" in gigantic letters for all the world to see! They're the best!
posted by ZachsMind at 1:28 AM on May 31, 2008 [1 favorite]


I did what now?
posted by eyeballkid at 1:32 AM on May 31, 2008 [1 favorite]


The defacement message was short and simple: "KRYOGENICS Defiant and EBK RoXed Comcast," it read. "sHouTz to VIRUS Warlock elul21 coll1er seven."

This is something I don't get. These guys are smart enough to pull stunts like this but when they get there all they do is scribble some banal bathroom graffiti?
posted by elgilito at 2:05 AM on May 31, 2008 [4 favorites]


I'm on Comcast where I'm living and I couldn't get on last night at all, which made a few hours of insomnia a little more work than usual. Wondered if there was something up.

On one hand, I'm kindof cranky if this was screwing up the service.

On the other hand, p0wnz0r1n Comcast!
posted by weston at 2:17 AM on May 31, 2008


"I slept in my clothes, because the last time they [law enforcement] came, I was in my underwear with my dong hanging out and shit," says Defiant.

No words.
posted by farishta at 2:35 AM on May 31, 2008 [5 favorites]


1998: l33t
2008: 63+ 0|=|= |\/|`/ |@\X/|\|
posted by hal9k at 2:45 AM on May 31, 2008 [4 favorites]


His day gig as a plumber sucks.
posted by hal9k at 2:55 AM on May 31, 2008


wait a second... a 19-year old pot-smoking high school dropout can figure out how to do this shit? i give up.

You're assuming that all pot-smokers and high school dropouts are idiots. They aren't all idiots. But they do have time. Social standing, and intelligence for that matter, are secondary to perseverance. By all means give up, but realise that it's precisely that these guys didn't give up that lead to their achievement (the rightness or wrongness of it aside). They have done something big, and through their experience and its repurcussions, will have considerable educational value: probably more than finishing high school when you consider high school wasn't working for them.

"This is something I don't get. These guys are smart enough to pull stunts like this but when they get there all they do is scribble some banal bathroom graffiti?

The hack itself is the message. It's the end as well as the means. And nothing will annoy Comcast more than the fact that it was two kids with a banal message that were at work, here.
posted by nthdegx at 3:26 AM on May 31, 2008 [10 favorites]


hal9k, I'm not sure, but it looks like a pig and a cow kissing while the hayfield burns.
posted by zippy at 3:31 AM on May 31, 2008 [2 favorites]


I don't why, but reading this story it felt like I was reading TheOnion and I'm not sure why
posted by munchbunch at 4:19 AM on May 31, 2008


That Wired link shows a photograph of one of the miscreants toking on a bong... under the headline "defiant."

Nothing like taunting the Federal Government to show how clever you are.

Enjoy your time in prison boys.
posted by three blind mice at 4:21 AM on May 31, 2008


zippy, if you hold it to your nose, cross your eyes, then slooowly move away from the picture, you will clearly see an armchair.
posted by eponymouse at 4:26 AM on May 31, 2008 [1 favorite]


I'm probably just a cranky, old, uncool person, but: "Stop fucking with my e-mail you little bastards."

Thanks, I feel better.
posted by mmahaffie at 4:50 AM on May 31, 2008


Was this some localized attack? Oh, wait, they hacked Comcast's home page (where they pimp their fine services) and their webmail site. I'm on Comcast and while it still pains me to pay what they are asking, I've had no service interruption.
posted by fixedgear at 4:56 AM on May 31, 2008


They hacked comcast.net, which is what we comcast customers use for web mail access. Comcast.com, the sales and cable site was not affected.

And direct POP3 (I think?) access to e-mail was not affected. But my ability to access my home e-mal account, while at work, was compromised. And in this age of multi-tasking, not being able to keep up on my Lewes Planning Commission business, family and genealogy stuff, and the like, during breaks at the office, was a pain in the ass.

Hence my grumpiness above. I wonder if this is my sign to switch completely to gmail?
posted by mmahaffie at 5:10 AM on May 31, 2008


This is the revolutio we were promised?
posted by blue_beetle at 5:17 AM on May 31, 2008


...not being able to keep up on my Lewes Planning Commission business, family and genealogy stuff, and the like, during breaks at the office, was a pain in the ass.

Could you please come down to HR? Obviously, you have too much free-time on your hands and company policy clearly states there is to be no personal business during office hours.
posted by Thorzdad at 5:27 AM on May 31, 2008 [1 favorite]


Well, I don't know exactly what they were hoping to achieve, but I know where they will end up.
posted by triv at 5:39 AM on May 31, 2008


wait a second... a 19-year old pot-smoking high school dropout can figure out how to do this shit?

Who do you think built the first personal computer?



Also, teh haxxor kids these days are crazy. I'm at once jealous and contemptful. Back in my days we were impressed when someone could crack a single computer running Major BBS over a phoneline, or write a small assembly demo ware, or build a redbox or something. Hey, great you cracked very simple copy protection on a game, sweet.

Now kids routinely play with heavy iron the way I used to poke around in BASIC or very crude assembly programming on 8 bit machines. They're doing cryptographic challenges and exploits, botnets, DDoS attacks, man-in-the-middle attacks, all kinds of really arcane, difficult and outright deeply scientific shit.

And we've actually benefited from it. Information/computer security is now a much more mature science thanks to these annoying kids.

Please, try to look at it this way:

Networked computing is an ecology with no known natural predators - or predation. There's nothing organically inherent about computer science or computing that demands that security measures improve or evolve in the real world.

In an "ideal" world, everyone would be not only perfectly ethical and well behaved - but perfectly competent and educated. In that ideal world, there would be no need at all for computer security.

But this isn't an ideal world. Such an ideal computer or network in our un-ideal world would not only be vulnerable to very simple malicious attacks, but they would also be extrememly vulnerable to mere accidents, like user errors. Like accidentally deleting important things. Or petty vandalism. Or destructive software bugs - also accidents.

So, hackers and hacking serve an ecological purpose in information technology. They harden the systems and help them evolve. They force people to rethink the way they think about computing, to not rely on security through obscurity.

It is valuable to all of us for hackers to poke around like this because a properly designed system that carries almost all of your valuable, private communication and transactions should most certainly be as secure and as private as possible.

Why? For peace of mind, for freedom, for privacy - we should be able to be assured that these things are upheld and reliable.

Why? Because, frankly, the internet is the largest and most important science, social, economic and engineering experiment of all human history and for the forseeable future. Even if we can't actually see it nothing has changed the human landscape more drastically since fire and tools.

So, yes, this is the revolution we were promised. But keep in mind we're still just knapping flint.
posted by loquacious at 5:56 AM on May 31, 2008 [29 favorites]


"Yes, I am a criminal. My crime is that of curiosity.... and I sleep with my pants on in case I get busted with my dong hanging out."
posted by fearfulsymmetry at 6:17 AM on May 31, 2008 [4 favorites]


The hackers say the attack began Tuesday, when the pair used a combination of social engineering and a technical hack to get into Comcast's domain management console at Network Solutions. They declined to detail their technique, but said it relied on a flaw at the Virginia-based domain registrar.

Network Solutions spokeswoman Susan Wade disputes the hackers' account. "We now know that it was nothing on our end," she says. "There was no breach in our system or social engineering situation on our end."


Well, I know who I believe. Network Solutions' history is just plain horrible.
posted by mediareport at 6:18 AM on May 31, 2008


And direct POP3 (I think?) access to e-mail was not affected.

Two of my friends could not access their POP3 e-mail (or webmail) for a day. They contacted Comcast customer service which acknowledged the problem. Late yesterday delayed e-mails started to trickle in.
posted by ericb at 6:26 AM on May 31, 2008


This is something I don't get. These guys are smart enough to pull stunts like this but when they get there all they do is scribble some banal bathroom graffiti?

Doing what they did really isn't that hard (as in, you don't need to be all that clever). You just have to be persistent.
posted by phrontist at 6:37 AM on May 31, 2008


Why... couldn't I be that freakin cool! I hope they get no more than 1 year, and some paper. They're young and having fun. And servin the MAN!
posted by Flex1970 at 6:52 AM on May 31, 2008


They declined to detail their technique, but said it relied on a flaw at the Virginia-based domain registrar.

So 35.00 dollars a year for a domain name rakes in enough profits to sustain these juicy flaws?

I am sorry -- I have grown to hate Netsol.

About the message.... the message they left -- one might ( like me who knows little about all that hacking and response stuff ) imagine a brief message would be advised -- depending on the response time of the Hacked. Some sites might notice right away... and fix it. So if one places some Manifesto up there, their glory might only be memorialized in a few screencaps?

Comcast -- I was not so keen on them for their 2 GB newsgroup binary cap.
posted by RubberHen at 7:06 AM on May 31, 2008


Great, now Comcast is probably going to use this incident as an excuse to raise rates again. "Security fee" or some such nonsense. Thanks guys.
posted by Ziggy Zaga at 7:17 AM on May 31, 2008 [1 favorite]


Metafilter: But once we were in it was, like, fuck it.
posted by imperium at 7:34 AM on May 31, 2008


Coming up next: local glue sniffers sneak out at 3am and tag their local Comcast office. Just revenge for being forced to buy the Style Network along with the Sci-Fi Channel? People magazine gets an exclusive interview, complete with photos of their paint-stained hands.
posted by Nelson at 8:43 AM on May 31, 2008


Agreed. Regarding the "banal bathroom grafitti", they don't have time to write anything substantial. They want it to be known they were there, but they don't want the bad guys to know who they are specifically, so they put up something that others of like mind will see and go "booyah!" but will leave the rest of the universe scratching their heads.

Kinda like when we put a flag on the moon.
posted by ZachsMind at 10:43 AM on May 31, 2008


It's easier for me to believe that Comcast just had incredibly poor security. These kids do not strike me as young Bruce Schneiers.
posted by mullingitover at 10:44 AM on May 31, 2008


That bong looks really fragile with those weird bends in it.

As a protip for hackers, don't give interviews to Wired where you reveal all sorts of clues and put up a somewhat identifying picture of you ripping a bong. You thought you were getting caught before, but now you've made sure of it.
posted by TheOnlyCoolTim at 10:54 AM on May 31, 2008


Yeah, quit fucking with my Internet service, please, but still—I admire these dipshits on some level.

Outlaws have always held a certain anti-hero status in our imaginations (is this a peculiarly American thing?). Crackers (not hackers, thank you very much) aren't quite outlaws (though they'd certainly like to think they are)—but the spirit is there.

On the one hand, they're just a bunch of dumb slacker kids whose social status is based around their ability to scrawl "OMG FAGS LOL" on the sign in front of the telco's headquarters, and ultimately, they're probably not doing much good.

At the same time, they're expressing a widely held resentment against a powerful and largely invulnerable entity. They're sticking it to the Man—and we like that. I mean, who wouldn't like to rip a few bong hits and chuck a few Molotovs at AOL/McDonald's/Clear Channel/[insert your least favorite corporation here]? It might not help anything, but it sure would feel good.
posted by greenie2600 at 11:02 AM on May 31, 2008 [2 favorites]


Hackers help security in the same way rapists help women take self-defense classes.

Im really sick of seeing this admiration for criminals. Even without the random clever teenager we'd still be in the same situation security-wise. Joe Stoner hasnt solved our issues with spam, phishing, etc. In fact, his botnet sends out all this spam so he can make a little extra money. I just sick of all thise BS credit being given to these kids by people who should know better.
posted by damn dirty ape at 11:02 AM on May 31, 2008


Hackers help security in the same way rapists help women take self-defense classes.

I wish the action of more "rapists" was to say to a woman "Hey, we're not supposed to talk about 'asking for it' but it's probably not the best idea to be wandering around this incredibly dangerous part of town naked by yourself at midnight; you probably should take these certain safety measures," and if the woman doesn't have the sense to listen, to pull a mostly harmless prank on her.
posted by TheOnlyCoolTim at 11:20 AM on May 31, 2008 [5 favorites]


Hackers help security in the same way rapists help women take self-defense classes.

You're comparing computer problems with rape?

You aren't entitled to this digital wonderland. If they were fucking around with pacemakers or the power grid I'd be more upset. These kids are definitely being annoying, but it's just a website, or a bit of net access outage. It seems pretty harmless in terms of it's net effect, and sometimes we admire people for their cleverness, even if it's not put to good use.
posted by phrontist at 11:38 AM on May 31, 2008


Thanks for the rational and accurate analogy, TheOnlyCoolTime. You saved me the effort.

These guys are white hats, or at the worst gray. They could have stolen all sort of personal info and didn't. Compared to the antics of the Black Hat SEO chumps (much of it completely legal), these guys are Gandalf.

a 19-year old pot-smoking high school dropout can figure out how to do this shit

You're assuming that pot smokers and/or high-school dropouts are not intelligent and/or talented. That's a misconception.

who wouldn't like to rip a few bong hits and chuck a few Molotovs at AOL/McDonald's/

Me. I'll take the bong hits, but pass on the molotovs. I would like to temporarily replace the mcdonalds.com front page with satellite images of the Amazon, however.

These guys are not heroes, nor villains. They just are what they are.
posted by mrgrimm at 11:39 AM on May 31, 2008


Outlaws have always held a certain anti-hero status in our imaginations (is this a peculiarly American thing?).

England has Robin Hood.
China has the Outlaws of the Marsh.

No, not peculiar at all.

We all acknowledge and prefer to live in an ordered society, and realize that this is best for the many. But sometimes, when order leads to an end you do not quite agree with, fantasy takes over and you wish you could just say, "That ain't right", pull out your shotgun and go to town. Real life criminals, however violent or, in this case, immature, who manage to do something that primarily affects the establishment make us smile, even if we do agree they need to go to jail.. eventually.

The key part is that they piss off the establishment and leave the public mostly unharmed and inconvenienced. This is why bank robbers and hackers who take down major corporations are hero-worhsipped versus serial killers and rapists.
posted by linux at 11:42 AM on May 31, 2008


Those of you who are not affected can be philosophical. We have no outgoing email again today. Use my gmail, Yahoo! or Comcast web mail? Sure, but my 734 item address book is in OE. And I have notices to send.
Call in? Did that yesterday and just spent another 20 minutes on the phone with Comcast.
posted by Cranberry at 11:57 AM on May 31, 2008


Those of you who are not affected can be philosophical. We have no outgoing email again today.

At this point it feels more likely that's just Comcast sucking than any DNS records these kids messed with.

Comcast webmail users, even if they got a bit disrupted, should realize that these guys sort of did them a big favor. They tried to get Comcast to fix this vulnerability by telling them, and when Comcast wouldn't listen they forced them to fix it via public embarrassment. If they hadn't done this, perhaps the next group to notice the vulnerability would not be a bunch of potheads in it for the lulz, but a bunch of Russian Mafia dudes in it for your passwords, identity, and money.
posted by TheOnlyCoolTim at 12:03 PM on May 31, 2008


Wow, what a big favor. Geez, yes, everyone who is shut out of their Comcast email should be thrilled that 2 script kiddies gave them such a leg up. Whee! Just like all the Windows users whose computers are messed up every time they get a new virus should also cherish the experience and be grateful to those who are "just showing how M1cr0s0ft sux0rz." Yippee.
posted by Lynsey at 12:39 PM on May 31, 2008 [2 favorites]


Hey, if you'd rather lose your bank account than lose a few hours of e-mail access as a side effect of these guys making Comcast fix their shit when Comcast wouldn't listen it's your choice.
posted by TheOnlyCoolTim at 1:09 PM on May 31, 2008


Receptionist: Network Solutions, how may I help you?

Caller: Uhh, I'm from...Comcast, and, uhh, we forgot our password...

(Background: Yeah! Yeah!)

Receptionist: We're going to need you to confirm your identity by answering some slightly obscure security questions.

Caller: heh heh heh...you said firm...

(Background: Yeah!)

Caller (away from phone): Shut *up* Butthead, I'm, like, trying to hack the Internet here...
posted by Bokononist at 1:10 PM on May 31, 2008 [1 favorite]


Enlighten me, The Only Cool Tim. How would Russian hackers empty my bank account which is not online and has nothing to do with Comcast?
posted by Cranberry at 1:17 PM on May 31, 2008


Thank you so much, cranberry. I had composed an almost identical post, but deleted it. Even if my banking is online, how does a couple of kids using some brute force tool that they didn't even write on Comcast's web mail interface affect me? No snark, I want to be enlightened.
posted by fixedgear at 1:20 PM on May 31, 2008


For example, because they have your bank account password since it's the same as your Comcast password and when you go to pay your bill you give them your bank account number.

There's a lot of information they'd be able to pick up pretty easily. They may or may not be able to get or target you specifically, but over Comcast's entire customer base they'd get a lot of identity theft information.
posted by TheOnlyCoolTim at 1:21 PM on May 31, 2008


(I'm talking about what black hats could do with control of the DNS, not what these kids did.)
posted by TheOnlyCoolTim at 1:22 PM on May 31, 2008


So the FDIC would have to reimburse me, but my email would still work?
posted by Cranberry at 1:33 PM on May 31, 2008


Read up on phishing/pharming and how many people lose their shit to it.

If some bad guys had gotten hold of comcast.com, they'd have, I think, an unprecedentedly dangerous opportunity for this attack. If I happened to pay my bill at the time hypothetical black hats had owned comcast.com, I'd honestly be pretty damn close to losing my own bank account and I'm not usually the one to get taken by this type of stuff.
posted by TheOnlyCoolTim at 1:47 PM on May 31, 2008


Actually, I wouldn't be pretty damn close, because the HTTPS wouldn't work right, but a damn lot of people wouldn't notice they're putting their bank account number over an HTTP connection or would just click through the warning.
posted by TheOnlyCoolTim at 1:50 PM on May 31, 2008


Comcastic!
posted by Eideteker at 8:03 PM on May 31, 2008 [1 favorite]


« Older For the birders   |   Rhetorical Terms Newer »


This thread has been archived and is closed to new comments



Post