Threat Management, Vulnerability Management

Comcast.net hacker pleads guilty

A Delaware man on Wednesday pleaded guilty to his role in a hack that took down Comcast's homepage and email service for several hours in 2008

Christopher Allen Lewis, a.k.a. “EBK,” 20, of Newark, Del., pleaded guilty Wednesday to conspiring to disrupt service at Comcast corporation's website in May 2008. Lewis is scheduled to be sentenced on May 21 and faces a maximum sentence of five years in prison, a $250,000 fine and up to three years of supervised release.

Lewis and alleged co-conspirators, James Black, 20, of Tumwater, Wash., and Michael Nebel, 27, of Kalamazoo, Mich., each were charged in November 2009 with redirecting traffic destined for www.comcast.net to a site of their choosing, which claimed responsibility for the attack, according to an indictment. Black and Nebel are awaiting court dates.

The defendants, part of the hacker group Kryogeniks, were able to redirect visitors by changing Comcast's DNS records, maintained by Network Solutions, a third-party registrar, prosecutors said.

According to the plea memorandum, Lewis called a Comcast employee at his home in Clifton Heights, Pa., on May 27, 2008 and used a social engineering ruse to obtain the information needed to break into Comcast's DNS account. This information allowed the hackers to access the DNS information for comcast.net and change the internet protocol (IP) address that was reached by using the domain name comcast.net.

The hackers accessed Comcast's account on May 28, 2008 and changed the DNS records so that users who intended to visit comcast.net were redirected to a site the hackers had prepared that displayed a message indicating that “Kryogenics” had successfully “hijacked” the comcast.net domain name. In addition, they changed the publicly available contact information for comcast.net, including the email address, which was changed to [email protected].

To hide their location, Lewis and co-conspirators executed the hack through a virtual private network (VPN) based in Sweden.

As a result of the hack, comcast.net was offline for “at least” 90 minutes, the plea memorandum states. Philadelphia-based Comcast lost $128,578 as a result of the prank, which prevented customers from retrieving their email, voicemail and other services, the indictment stated.

Not long after the attack, Wired conducted an interview with two of the defendants, who admitted their role. They said they decided to proceed with the traffic redirection only after a Comcast IT manager, who they tried to reach to explain what they were doing, hung up on them.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.