Hackers disrupt Comcast Internet

Some customers were without e-mail Thursday evening. The company has no evidence that personal info was compromised.

By STEVE ALEXANDER, Star Tribune

Last update: May 29, 2008 - 9:26 PM

A hacker attack on cable company Comcast Corp. late Wednesday brought down the company's Comcast.net website and its Web-based e-mail service, affecting thousands of people in the Twin Cities and possibly millions nationwide.

The attack by two anonymous hackers about 10:30 p.m. redirected Internet traffic from Comcast.net and Comcast's e-mail software to an outside website. There, the hackers used nicknames to brag that they had "roXed Comcast."

After the attack was discovered, the message was erased and Comcast customers saw what appeared to be a blank page, but Comcast's webmail service remained "intermittent" Thursday evening, Comcast spokeswoman Mary Beth Schubert said.

Comcast said it had no evidence that customer information had been compromised, and that customers didn't need to take any action. It also said it had notified law enforcement and an investigation was continuing.

However, Chuck Smith of Wisconsin security firm LockNet Inc. said that, as a precaution, Comcast Internet customers should change their e-mail passwords.

He also suggested running anti-spyware software in case the substitute website had used a feature of Internet Explorer called "Active X" to download malicious software, such as a program that records and transmits keystrokes, to Comcast customer PCs.

Two Comcast Internet customers, Lynette Nelson of Burnsville and Rob Walker of Woodbury, said their usernames and passwords couldn't have been compromised because they were unable to type them into the blank page that greeted them Thursday morning.

Comcast doesn't disclose how many Internet customers it has in the Twin Cities, but it is believed to be some fraction of its 550,000 cable TV customers here. Comcast said it didn't know what percentage of its e-mail users were hit by the outage, which struck only people accessing their accounts through Comcast's Web software. Those using Microsoft Outlook or other independent e-mail software were unaffected.

The attack did not breach Comcast's servers, but instead used an administrative password from an unknown source to take over a server at Virginia-based Network Solutions, a company that manages the Internet's address system for website domain names -- such as Comcast.net.

The BroadbandReports.com blog reported that Comcast.net traffic had been rerouted to Germany and other locations.

Smith said the compromised server at Network Solutions had the potential to lead to attacks on other companies' websites later, depending on what information was stolen from it.

"Two things alarm me," Smith said. "They were able to compromise an administrative-level server at Network Solutions, and were able to change domain name server information. They could have planted malicious software on that server, and whatever information was on the server may have been stolen as well."

Steve Alexander • 612-673-4553