Multi-Attack Detection: Domain Hijacking, Man-In-The-Middle & Pharming.
http://www.razorpoint.com/rz.datawatchTwo articles that appeared regarding the Comcast compromise. They outline the hack and what was done.
(article #1: wired and article #2: torrentfreak )
The attackers used a combination of technical and social engineering attacks to compromise Comcast's domain registration information. After successfully changing the registration information, the attackers had control of Comcast's domain. Once they had control, the attackers pointed the traffic for Comcast's domain services to their servers.
The attackers then noticed there was way too much traffic for their servers to handle, so they started re-pointing the domain information to other servers over and over. All these changes required host, DNS and IP address alterations -- all things Rz.DataWatch monitors for. Eventually Comcast caught on, however...