A former member of the hacker gang Kryogeniks was sentenced to four months in prison Monday for his role in a 2008 stunt that replaced Comcast’s homepage with a shout-out to other hackers.
James Robert Black Jr., 21,was known as “Defiant” when he and two other hackers hijacked Comcast’s domain name in May of 2008 — a prank that took down the cable giant’s homepage and webmail service for more than five hours, and allegedly cost the company over $128,000.
Visitors to Comcast.net had been redirected to a simple page reading “KRYOGENIKS EBK and DEFIANT RoXed COMCAST sHouTz To VIRUS Warlock elul21 coll1er seven.”
“Mr. Black and his Kryogenicks crew created risks to all of these millions of e-mail customers for the simple sake of boosting their own childish egos,” Assistant United States Attorney Kathryn Warma told the court, according to a press release. “The callous disregard of the dangers posed to others, as well as the arrogance and recklessness displayed by these, and other hackers in committing such crimes should be considered by the Court as a factor that weighs in favor of a significant prison sentence.”
In sentencing Black, U.S. District Judge Benjamin H. Settle in Tacoma, Washington took into account the hacker’s cooperation in the case. Black provided information on his fellow hackers, Christopher “EBK” Allen Lewis, and Michael “Slacker” Paul Nebel, and made monitored, recorded phone calls to them for the feds, according to a sentencing memorandum filed by his lawyer (.pdf), who’d asked for probation. Black has also been working as an informant in other cases for the last two years, according to his lawyer, who detailed the cooperation in a separate filing under seal.
In addition to the jail time, Black got three years of supervised release, the first four months of which will be under house arrest with electronic monitoring. Settle also ordered him to perform 150 hours of community service and pay $128,557 in restitution.
E. J. Hilbert, one-time FBI cybercrime agent who knows Black, argues that the sentence is excessive, because Black voluntarily cooperated with Comcast, and later the government. “He’s a hacker, don’t get me wrong, and he’s done some bad stuff along the way,” says Hilbert. “But he’s really smart, and he’s … grown up a lot.”
Hilbert became acquainted with Black while working as director of security enforcement at MySpace; Black provided information on hacking issues at the social networking site, says Hilbert. Black reached out to him after the Comcast prank for help locating a security contact at the broadband company.
“I put him in touch with the guys at Comcast, and he shared with them everything that happened,” says Hilbert. “The things I’ve dealt with him on, he’s been straightforward and a straight shooter with me … and now he’s getting screwed.”
As described in the indictment (.pdf) in the case, Black and his compatriots got control of the Comcast.net domain with two phone calls, and an e-mail sent to the company’s domain registrar, Network Solutions, from a hacked Comcast e-mail account.
That gave them entry to the Network Solutions control panel for Comcast’s 200 domains.
In an interview the day after the attack, Black and Lewis, who then identified themselves as Defiant and EBK, told Threat Level that they didn’t initially set out to redirect the site’s traffic. Instead, they merely changed the contact information for the Comcast.net domain to Black’s e-mail address; for the street address, they used the “Dildo Room” at “69 Dick Tard Lane.”
Then, the hackers said, they contacted Comcast’s original technical contact at his home number to tell him what they’d done. It was only when the Comcast manager scoffed at their claim and hung up on them, that Lewis decided to take the more drastic measure of redirecting the site’s traffic to servers under the hackers’ control.
“I was trying to say we shouldn’t do this the whole damn time,” said Black at the time.
“But once we were in,” added Lewis, “it was, like, fuck it.”
The indictment confirmed that the hackers phoned the Comcast official at home.
In the 2008 interview , the hackers expressed some shock over the attention the attack garnered.
“The situation has kind of blown up here, a lot bigger than I thought it would,” said Black at the time. “I wish I was a minor right now because this is going to be really bad.”
Lewis and Nebil have also both pleaded guilty and are awaiting sentencing, according to court records.