In an hour-long telephone conference call with Threat Level, the hackers known as "Defiant" and "EBK" expressed astonishment over the attention their DNS hijacking has garnered. In the call, the pair bounded freely between jubilant excitement over the impact of their attack, and fatalism that they would soon be arrested for it.
"The situation has kind of blown up here, a lot bigger than I thought it would," says Defiant, a 19-year-old man whose first name is James. "I wish I was a minor right now because this is going to be really bad." The two hackers are members of the underground group Kryogeniks. The interview was arranged by Mike "Virus" Neives, an 18-year-old New Yorker who pleaded guilty as a minor last year to hacking AOL. Neives, who was on the call, is also a member of Kryogeniks, though he and his compatriots say he's stopped hacking.
Neives vouched for the identities of the hackers. Threat Level also confirmed Defiant's identity over AOL instant messenger, on a handle that's known to belong to Defiant. Neither hacker would identify their full names or locations. Defiant's MySpace profile lists him in Cashville, Tennessee, but he says that's incorrect. His girlfriend lists herself in New York. Threat Level expects both hackers' names and locations will emerge soon.
The hackers say the attack began Tuesday, when the pair used a combination of social engineering and a technical hack to get into Comcast's domain management console at Network Solutions. They declined to detail their technique, but said it relied on a flaw at the Virginia-based domain registrar.
Network Solutions spokeswoman Susan Wade disputes the hackers' account. "We now know that it was nothing on our end," she says. "There was no breach in our system or social engineering situation on our end." However they got in, the intrusion gave the pair control of over 200 domain names owned by Comcast. They changed the contact information for one of them, Comcast.net, to Defiant's e-mail address; for the street address, they used the "Dildo Room" at "69 Dick Tard Lane."
Comcast, they said, noticed the administrative transfer and wrested back control, forcing the hackers to repeat the exploit to regain ownership of the domain. Then, they say, they contacted Comcast's original technical contact at his home number to tell him what they'd done. When the Comcast manager scoffed at their claim and hung up on them, 18-year-old EBK decided to take the more drastic measure of redirecting the site's traffic to servers under their control. (Comcast would neither confirm nor deny the warning phone call.) "If he wasn't such a prick, he could have avoided all of that," says EBK. "I wasn't even really thinking. Plus, I'm just so mad at Comcast. I'm tired of their shitty service."
"They called me back five minutes later and said, 'We got Comcast'," recalls Neives.
The defacement message was short and simple: "KRYOGENICS Defiant and EBK RoXed Comcast," it read. "sHouTz to VIRUS Warlock elul21 coll1er seven."
Comcast boasts 14 million subscribers nationwide, and handling the massive traffic aimed at Comcast.net was no easy task. The hackers stayed up most of the night opening new webhosting accounts, and constantly moving the DNS to follow them. In all, they claim, they burned through 50 different hosts to keep their defacement alive. "You know how hard it is to find hosting handling that kind of traffic?" says EBK "The first one went in two minutes." The attack began at around 11:00 p.m. Eastern time, and the hackers owned Comcast.net until 4 or 5 a.m. Even when Comcast regained control, it took hours longer for the change to fully propagate through the DNS, leaving some customers without webmail access as late as 11:30 Thursday morning.
EBK slept for an hour Wednesday night; Defiant for 20 minutes. Even as the attack was in progress, the hackers began to feel the weight of their actions. Both say they've been raided by law enforcement before. "I slept in my clothes, because the last time they came, I was in my underwear with my dong hanging out and shit," says Defiant.
"I feel like he did it for the publicity," says Luis "Auto" Alicea, a former member of Kryogeniks, who runs a website hosting screenshots of hacks in progress. "The fame."
Defiant began hacking about three years ago, when he was kicked out of high school for possession of narcotics at the age of 16. "I wound up assaulting the school resource office," he says. He entered a home schooling program, but didn't take to it, and gravitated to the internet. There he "bumped into the wrong people." EBK, too, says he dropped out of high school.
Thursday, the pair were dealing with their newfound fame, laughing over the press coverage with a mix of glee and nervous excitement. Some reports have speculated that the hackers were retaliating for Comcast's recent sabotage of BitTorrent traffic; Defiant and EBK say that's false: they just hate Comcast in general. "I'm sure they hate us too," says Defiant. "Comcast is just a huge corporation, and we wanted to take them out, and we did," he says.
Fellow hackers, relying on press reports claiming that customer data may have been compromised, are hitting up the duo for passwords to Comcast e-mail accounts, which they say they don't have. "Nobody was listening in on the ports to try and get usernames and password," says Defiant. "We could have, but we didn't." (On this point, Comcast and the hackers agree).
The hackers say the flaw they exploited still exists, and that other large websites are equally vulnerable. Asked if they plan to attack anyone else, EBK says, "Who knows. Only Kryogeniks knows"
The elder hacker in the team says he was reluctant to use his access to take over Comcast.net, and emphasizes that the pair tried to warn Comcast about the flaw.
"I was trying to say we shouldn't do this the whole damn time," says Defiant. "But once we were in," adds EBK, "it was, like, fuck it."