Three indicted for Comcast hack last year
By Nancy Gohring
November 20, 2009 07:36 AM ET
IDG News Service -
Three hackers have been indicted for redirecting the Comcast.net Web site to a page of their own making in 2008.
When Comcast customers visited the Comcast.net site during the attack on May 28, 2008, they were redirected to a Web site that displayed a message attributing the attack to members of the Kryogeniks hacker gang.
Because the site redirected to that page, customers were unable to access their Comcast e-mail accounts through the Comcast.net site. At that time, about 5 million people connected to the Web site each day, the U.S. Department of Justice said in a statement.
Instead of the Comcast page, customers saw the message: �KRYOGENIKS Defiant and EBB RoXed COMCAST sHouTz to VIRUS Warlock elul21 coll1er seven.�
Immediately after Comcast was able to address the hack, the ISP (Internet service provider) and Network Solutions, the registrar, said they didn�t know how the hackers managed to get the passwords necessary to switch the DNS servers and redirect the site.
The indictment sheds only a bit of light on how they did it. The suit said that one of the defendants, Christopher Allen Lewis, made two phone calls through which he got the information that he and his friends used to access Comcast�s DNS information.
Another of the defendants, Michael Paul Nebel, allegedly logged onto a specific Comcast e-mail account that allowed him to communicate with Comcast�s DNS registrar. Lewis was then able to sign onto Comcast�s account at the registrar and point the Comcast.net Web site to the page he and the others made, according to the filing.
During the attack, one of the defendants, Lewis, called a Comcast employee at his home and asked if the company�s domains were working properly, the indictment alleges.
Comcast claims that it lost US$128,578 due to the attacks.
James Robert Black Jr. is the third defendant named in the indictment. The men are charged with one count each of conspiracy to intentionally damage a protected computer system. The charges were filed in the U.S. District Court for the Eastern District of Pennsylvania on Thursday.
If convicted they each face a five-year prison sentence and a $250,000 fine.
Free Insider Guide