Two hackers convicted of defacing Comcast’s website two years ago were sentenced Friday to 18 months in prison.
Christopher Lewis, 20, and Michael Nebel, 28, were part of a telephone hacking group called Kryogeniks that took control of the Comcast.net website in May 2008.
After taking over an account used to manage Comcast’s Domain Name System information, they redirected visitors to their own website for several hours. Comcast.net drew about 5 million visitors per day at the time.
During the incident, visitors who went to the site were greeted with the message “KRYOGENICS Defiant and EBK RoXed Comcast. sHouTz to VIRUS Warlock elul21 coll1er seven.”
The two men were sentenced Friday by Judge Robert Kelly in U.S. District Court for the Eastern District of Pennsylvania. Lewis, also known as EBK, and Nebel, a.k.a. Slacker, must also pay almost US$90,000 in restitution to Comcast.
A third hacker, James Black, who also goes by the name Defiant, was sentenced last month to four months in prison.
The attack was one of several in recent years that have shown how weak controls over corporate DNS accounts can lead to major problems. Earlier this year, Chinese search giant Baidu was taken offline in a similar hack.
In the case of Comcast, the hackers used social engineering techniques to trick an employee into giving them information that helped them access Comcast’s DNS account with Network Solutions.
According to Black’s plea agreement in March this year, the Kryogeniks crew gained administrative access to the Network Solutions account on May 27, 2008, and redirected Comcast traffic to their own website.
It cost Comcast about $90,000 to recover from the attack.