14 DAY TRIAL // Three individuals were charged on November 19 for their role in an attack, which involved hijacking the comcast.net domain name and redirecting its traffic to a rogue website. According to the indictment, the defendants used social engineering in order to obtain information that facilitated their plans to alter the domain's DNS records.
In May 2008, the comcast.net domain name, belonging to one of the largest Internet service providers in the United States, started redirecting to a Web page reading "KRYOGENIKS Defiant and EBK RoXed COMCAST sHouTz to VIRUS Warlock elul21 coll1er seven.” This made it impossible for Comcast customers to use Web-based services provided by the company, such as email or digital voicemail for several hours.
The subsequent FBI investigation led authorities to 19-year-old Christopher Allen Lewis, a.k.a EBK, of Newark, Delaware, 20-year-old James Robert Black, JR., a.k.a. Defiant, of Tumwater, Washington, and 27-year-old Michael Paul Nebel, a.k.a. Slacker, of Kalamazoo, Michigan. All three were identified as members of the Kryogeniks hacker group.
The hackers were indicted in the United States District Court for the Eastern District of Pennsylvania, where Comcast is headquartered. The defendants "conspired and agreed to commit an offense against the United States, that is, to knowingly cause the transmission of a program, information, code, and command, and as a result of such conduct, intentionally cause damage without authorization to a protected computer, and thereby disrupt the availability of the computer network operating the website www.comcast.net," the indictment (PDF) reads.
Not many details about how the attack was instrumented were revealed, but it is clearly specified that the Domain Name System (DNS) records were altered. The attackers apparently called a Comcast employee who was listed as contact person for the comcast.net domain name, at home multiple times and asked him questions regarding fearnet.com, a different domain name belonging to the company.
Using this information, they succeeded in hacking into a specific Comcast e-mail address associated with the domain's information. From this e-mail address, the attackers contacted Network Solutions, the registrar used by Comcast, and obtained access to the account used to administer the domain.
The attackers proceeded to log into this account and change the DNS records, as well as the domain registration information. As Comcast was trying to get back ownership of the domain, Christopher Allen Lewis called the employee again and arrogantly asked him if the domain was working properly.
If convicted, each of the three hackers face a maximum sentence of five years in prison followed by three years of supervised release and a fine of $250,000. The case will be prosecuted by Assistant United States Attorneys Albert S. Glenn and Alexander T.H. Nguyen.