This morning many people will be celebrating as reports circulate that in the last few hours Comcast has been the subject of a hacking which defaced its homepage (mirror here).

The hackers appear to have changed the Comcast DNS/WHOIS records which were pointing at a non-Comcast address. Although back to normal now, for a while the records displayed this data:

Administrative Contact:
Domain Registrations, Comcast kryogenicsdefiant@gmail.com
Defiant still raping 2k8 ebk
69 dick tard lane
dildo room
PHILADELPHIA, PA 19103
US
4206661870 fax: 6664200187

Technical Contact:
Comcast Corporation kryogenicsdefiant@gmail.com
1500 Market Street
Philadelphia, PA 19102
US
215-320-8774 fax: 215-564-0132

Record expires on 24-Sep-2008.
Record created on 25-Sep-1997.
Database last updated on 28-May-2008 23:48:08 EDT.

Domain servers in listed order:

NS21.WORLDNIC.COM 205.178.190.11
NS22.WORLDNIC.COM 205.178.144.11

A Comcast employee said: “The servers are fine and are reachable if the DNS server you are using is pointing to the correct place. As far as we can tell, the hack was a one shot deal, not an ongoing event.”

There are reports that concerned users telephoning to inform Comcast were summarily disconnected, with a level of panic centered round the security of the Comcast email system with reports that the hackers were picking off Comcast user’s usernames and passwords. As yet, this is unconfirmed.

Others claim they were treated politely by Comcast and told to use a temporary site in the meantime, located at http://beta.comcast.net/a/. The Comcast forums also went down and then started diverting to http://www6.comcast.net/a/.

There are rumors circulating that the group responsible for the hack previously targeted Justin Timberlake and Hilary Duff.

More on this story as we get it.

Source: Comcast Hacked in BitTorrent Throttling Payback?

The backup -seeded from a Harvard IP address (and others)- carries many files, passwords and what appears to be a full directory structure for the site. Three other major database files are mentioned specifically, details as follows:

1. joomla.sql – claims to be the database for the Harvard site

2. contacts.sql – claims to be a database of contacts

3. hgs.sql – stated as ‘other minor thing’

The .NFO file included with the release says in broken English: “Maybe you don’t like it but this is to demonstrate that persons like tgatton(admin of the server) in they don’t know how to secure a website.”

A file included with the release labeled password.txt carries a message:

Thomas gatton….stupid people, you don’t use a secure password

username: Password:

tgatton *removed by TF*

jmartinez *removed by TF*

This appears to be a reference to Thomas Gatton, Systems Administrator and User Support Specialist at Harvard.

This is not the first time Harvard has been hacked. In 2005, a man using the name ‘Brookbond’ helped applicants to several universities get access to admissions records on their websites, an action described by the school as a “serious breach of trust”.

These files certainly appear to be ‘the real deal’. More on this breaking news story as we get it.

Update: The website in question seems to be down now. They are most likely trying to fix the security breach.

Source: Harvard Site Hacked and Leaked on BitTorrent