"A hacker or group of hackers diverted Internet traffic from millions of Comcast high-speed Internet customers Wednesday night, fouling up access to Comcast's Web e-mail service as the nation's largest cable company tried to restore its Web site Thursday."
"Comcast said Thursday that law enforcement authorities are investigating and that it has no evidence that customer information was compromised. But local Internet security experts called it a major security breach that was both breathtaking in scope and baffling at the same time. Comcast is the major provider of cable Internet in the Twin Cities.
The hacker could have intercepted Comcast e-mail and account information by creating a look-alike Comcast site that would trick users into entering their user names and passwords. Later, the hackers could comb through the information to access Comcast Web page and e-mail accounts.
Instead, the hackers appeared to be content to simply post a message on a Web page saying, "KRYOGENICS Defiant and EBK RoXed Comcast." "He's just taunting them," said Mike Endrizzi, founder of Security Evolution, an Internet consulting company in Apple Valley.
"This is pretty major. This isn't like hacking some mom-and-dad Web site. Essentially, this is a security breach," said Jason Miller, security and data team manager for Shavlik Technologies, a security patch management software company in Roseville.
The incident began about 10 p.m., Wednesday, when "an unauthorized person" redirected Web traffic away from Comcast.net and toward a third-party site, Comcast spokeswoman Mary Beth Schubert said.
Instead of attacking Comcast's site, the hacker focused on Network Solutions, a Herndon, Va., company that acts like a directory or Yellow Pages for the Internet.
The person logged in as a Comcast system administrator and changed the flow of Internet traffic away from Comcast.net to an unfinished site under construction at first, and later, apparently, to the site that carried the hacker message, said Susan Wade, director of public relations for Network Solutions.
"We don't know how anybody got access to that information," Wade said, referring to the system administrator login name and password. "It is unusual that this happened."
Network Solutions engineers monitoring the network noticed an unusual spike in traffic diverted from the Comcast account and got it pointed in the right direction again within two hours, Wade said.
However, Comcast's 14.1 million customers had only "intermittent" access to Comcast.net throughout Thursday, Schubert said.
"Network engineers continue to work to resolve the issue," she said. "It is a top priority to get access back to our customers and we apologize for the inconvenience this has caused."
Customers could access the rest of the Internet and their Comcast Web mail by downloading it to services like Microsoft Outlook, she said.
Endrizzi and Miller advised Comcast customers to check their e-mail to see if they are missing messages that they were expecting at that time or missing a large chunk of Web traffic. Companies in particular should not store passwords or sensitive information in their e-mail, they said.
In spite of themselves, the experts were impressed by the audacity of the attack.
"That's a beautiful hack," Endrizzi said. "This guy is going to brag about it."
"They've found a way to go after Comcast without going after Comcast," Miller said.
"Whoever's done this has definitely walked themselves out there on a plank," he added. "Someone was doing this for notoriety and notoriety is what they're going to get. But it's not going to be the kind of notoriety they'll want."
Comcast had it coming.