Slashdot Mirror

← Back to Stories (view on slashdot.org)

Mediacom Using DPI To Hijack Searches, 404 Errors

Posted by CmdrTaco on from the well-thats-not-cool dept.

Verteiron writes "Cable company Mediacom recently began using deep packet inspection to redirect 404 errors, Google and Bing searches to their own, ad-laden 'search engine.' Despite repeated complaints from customers, Mediacom continues this connection hijacking even after the user has opted out of the process. Months after the problem was first reported, the company seems unwilling or unable to fix it and has even experimented with injecting their own advertising into sites like Google. How does one get a company infamous for its shoddy customer service and comfortable, state-wide cable monopolies to act on an issue like this?"

31 of 379 comments (clear)

  1. HTTPS by The+MAZZTer · · Score: 4, Informative

    Can't touch this!

    1. Re:HTTPS by betterunixthanunix · · Score: 4, Insightful

      $10 says that ISPs will encourage their customers to use special "installation disks," which add an ISP's signing certificate to the list of trusted CAs and then start using MITM attacks. It takes more than HTTPS, it takes users who both care and understand what they are doing.

      --
      Palm trees and 8
    2. Re:HTTPS by cultiv8 · · Score: 3, Informative
      Yes they can. From SonicWall's Press Release:

      SonicOS 5.6 adds a new deep packet inspection (DPI) engine for SSL encrypted traffic, which has increasingly become a blind spot in many firewall, content filtering and data leak protection schemes today. Bad guys have begun using encryption technologies against the very security communities that made them popular, using encryption to avoid the HTTPS protocol to bypass filters and expose networks to malware attacks.

      --
      sysadmins and parents of newborns get the same amount of sleep.
    3. Re:HTTPS by betterunixthanunix · · Score: 3, Informative

      ....and yet, Mediacom is hijacking search queries. Why is adding an MITM attack any more illegal than hijacking the queries in the first place?

      --
      Palm trees and 8
    4. Re:HTTPS by sverdlichenko · · Score: 4, Insightful

      No they can't. HTTPS inspection works only if user installed "trusted" certificate on his computer. This can be done in corporate environment, but not for home users.

    5. Re:HTTPS by Scott+Laird · · Score: 3, Informative

      That's not exactly true; SNI allows for HTTPS multihoming, and it's supported by the HTTPS on pretty much every modern platform, *except* for Windows XP. Browsers that use Window's HTTPS code (most of them, IIRC) can't cope with SNI on XP, so no one actually uses it anywhere yet.

    6. Re:HTTPS by mjeffers · · Score: 3, Insightful

      No they can't. HTTPS inspection works only if user installed "trusted" certificate on his computer. This can be done in corporate environment, but not for home users.

      That makes it sound like all an ISP would have to do is to put this certificate into an installer that provides it's users with "valuable connection tools and internet utilities". Ship a few CDs to customers and you'll get a large number of people installing and clicking through whatever dialogs pop up because they think they'll need to in order to get online.

    7. Re:HTTPS by david.emery · · Score: 5, Insightful

      Short answer, yes. When I'm working on software/systems architecture standards, etc, there is a disproportionate number of Macs around the room. The value of the Mac as a platform is that it can be simple, but that it also has the full power of Unix underneath. That makes the platform appealing to both those who don't want to have to mess with their computers (like my mother) and to those of us who routinely use "su" and other such facilities. A lot of what I know about working on Unix machines fully transfers over to the Mac.

      Making a machine easy to use is not necessarily correlated with ignorant users. A strong platform should support users at all levels.

    8. Re:HTTPS by yuna49 · · Score: 3, Informative

      Like it or not, the ISP is treated like a phone company

      No, the problem is that ISPs are not treated like a phone company. They're not regulated as common-carriers. The FCC considered re-categorizing ISPs as a "Title II" telecommunications service, but backed away after Congressional opposition. Now the Commission is proposing a "third way" which seems unlikely to satisfy either the ISPs or their critics. Here's a quick summary: http://www.engadget.com/2010/05/06/fcc-outlines-new-third-way-internet-regulatory-plan-will-spli/

      To my mind, ISPs shouldn't be able to process traffic based on anything other than packet headers. Their job is to take a packet I create and deliver it to its intended destination. (Yes, yes, QOS, etc. Whatever is in the headers is fine by me.) DPI equipment should be banned. Anything else offers too many opportunities for censorship and manipulation.

    9. Re:HTTPS by ComputerGeek01 · · Score: 3, Interesting

      I've seen this term thrown around this thread a lot: MITM. This stands for Man In The Middle, a MITM attack is when an entity, a person or group of people, takes your connection to what ever host and forwards it through their machine. As the service provider MediaCom IS ALREADY THE MAN IN THE MIDDLE. Wikipedia doesn't have an informative article on them but they appear to be a Tier 1 provider so you require their infrastructure to use the internet, that means their systems, their cables and most importantly their DNS tables.

      They see your IP connecting to some website, they also see the traffic to and from your machine. They don't need to break any kind of code and read every packet they only need to filter out the legit packets and insert their own. You and a hundred other posts on this thread are over thinking this.

  2. File an Anti-Trust Complaint by techsoldaten · · Score: 4, Informative

    File an anti-trust complaint and break up the monopoly. That is what those laws are for.

  3. Re:Get another ISP! by OeLeWaPpErKe · · Score: 5, Informative

    I'd hope Google would sue them for copyright violation, changing their webpage in transit, and collect damages per changed page. Additionally they create confusion by diluting Google's trademarks (and those of anyone else whose page is changed). I mean this violates so many laws it isn't funny.

    You could serve them with a DMCA cease and decist notice as a normal website author. Fight fire with fire.

  4. Sue them by mangu · · Score: 4, Funny

    What they are doing is fraud. Sue them and use *AA scales to calculate compensatory damages. Assume each false-404 corresponds to one music download, charge the normal $75000 per song.

  5. Re:Get another ISP! by TheRaven64 · · Score: 4, Informative

    Came to this story to post exactly the same thing. If you take someone else's copyrighted work (i.e. any web page that is not explicitly placed into the public domain) and create a derived work (that page with adverts), which you then distribute for profit (ad revenue), then you are committing wilful copyright infringement for commercial gain. You can be liable for a statutory penalty of up to $150,000 per work (at least per site, possibly per page) in the USA.

    --
    I am TheRaven on Soylent News
  6. FTC Complaint by hotsauce · · Score: 4, Informative

    In the short-term, an FTC Complaint (https://www.ftccomplaintassistant.gov/) works wonders due to their power to impose fines for every complaint.

    File early, file often.

    --
    Lies about crimes
    1. Re:FTC Complaint by Nemesisghost · · Score: 4, Insightful

      Watch Mediacom block that site for their customers next. As well as any complaint site for the FCC/franchise authority/state attorney general's office/etc.

      Before all the other hoopla about Net Neutrality became a CNN talking point, it was issues like this that caused me to want stronger regulations on ISPs. How long before other ISPs start doing the same thing? Will Mediacom start blocking /. because we exposed & brought this nefarious practice to light? What if this made it to CNN or some other major news outlet? If you don't already support Net Neutrality, maybe you ought to start thinking about it. It is the Free Speech Issue of our time.

  7. Re:Simple by h4rr4r · · Score: 4, Insightful

    Not more, just better.
    Regulation Number 1. He who owns the fiber/copper may not provide service over it.
    Regulation Number 2. He who owns the fiber/copper must sell access to all comers for the same price.
    Regulation Number 3. He who provides the service may not own media companies.
    Regulation Number 4. If anyone gains more than 51% of the market, split the company in two.

  8. Re:Get another ISP! by fuzzyfuzzyfungus · · Score: 4, Funny

    It would probably be unethical to suggest arson, so I won't.

  9. According to the article... by Zontar_Thing_From_Ve · · Score: 3, Insightful

    It's not exactly what the submission says. If you enter search data in the address bar it may redirect you to Mediacom's servers whether you opt in or not. However if you use the search bar it won't redirect you. This is considered unacceptable by the person who wrote the giant post in the "deep packet inspection..." link above. I'm not going to debate whether this is unacceptable or not, but there is a workaround - just use the search bar. As someone who does not do searches in the address bar that seems OK to me.

    1. Re:According to the article... by Mr.+Arbusto · · Score: 3, Informative

      That isn't the problem.

      Being a MediaCom customer I've played with this a few times in the past, complained when the opt out didn't work, and complained about it to people locally. Working for a company that make DPI appliances it was kinda fun to see it in action, but kinda scary to see it on the public internet. CenturyTel also does this exact same thing.

      It scans all HTTP traffic looking for 404 errors. So if I go to http://boingboing.net/4in0in4 It will intercept the servers 404 page and redirect to to a mediacom portal site with my 404 URL as the search term and ads all over.

    2. Re:According to the article... by Vegemeister · · Score: 3, Interesting

      Does wget still return the proper exit code?

  10. Wire Fraud? by lobsterGun · · Score: 4, Insightful

    Wire Fraud:

    Whoever, having devised or intending to devise any scheme or artifice to defraud, or for obtaining money or property by means of false or fraudulent pretenses, representations, or promises, transmits or causes to be transmitted by means of wire, radio, or television communication in interstate or foreign commerce, any writings, signs, signals, pictures, or sounds for the purpose of executing such scheme or artifice, shall be fined under this title or imprisoned not more than 20 years, or both. If the violation affects a financial institution, such person shall be fined not more than $1,000,000 or imprisoned not more than 30 years, or both.

    A customer is asking for one web page, mediacom is substituting another for monetary gain. How is this not wire fraud?

    1. Re:Wire Fraud? by Rob+the+Bold · · Score: 3, Funny

      Wire Fraud:

      Whoever, having devised or intending to devise any scheme or artifice to defraud, or for obtaining money or property by means of false or fraudulent pretenses, representations, or promises, transmits or causes to be transmitted by means of wire, radio, or television communication in interstate or foreign commerce, any writings, signs, signals, pictures, or sounds for the purpose of executing such scheme or artifice, shall be fined under this title or imprisoned not more than 20 years, or both. If the violation affects a financial institution, such person shall be fined not more than $1,000,000 or imprisoned not more than 30 years, or both.

      A customer is asking for one web page, mediacom is substituting another for monetary gain. How is this not wire fraud?

      Market cap.

      --
      I am not a crackpot.
  11. Re:report them for providing illegal services. by ewieling · · Score: 3, Informative


    USA ISPs are not "common carriers" under the law, no matter how much people wish they are.

    --
    I really shouldn't have used someone else's email address for this account.
  12. Solution: Use a different DNS server by level_headed_midwest · · Score: 4, Informative

    I have Mediacom's internet service and the solution is to use a different DNS server other than the ones Mediacom provides. I use Level3's DNS servers (4.2.2.2 and 4.2.2.3) for my DNS lookups and I do not get any redirects. You can either manually set the DNS servers on your computer or set them at the router.

    --
    Just "gittin-r-done," day after day.
    1. Re:Solution: Use a different DNS server by Frozen-Solid · · Score: 5, Informative

      This doesn't work. I'm on Mediacom and use Google DNS. None the less if I type in http://validsite.com/invalidurlgoeshere/ rather than being served a proper 404 I get forwarded to Mediacom's private search engine. They're using deep packet inspection to hijack any default apache or iis 404 response from a website and redirect it to themselves. Level3 DNS, Google DNS, and Open DNS all work to fix the issue of my failed DNS queries being hijacked, but it doesn't fix 404s.

      --
      Frozen Insanity
      http://frozen-solid.net
    2. Re:Solution: Use a different DNS server by level_headed_midwest · · Score: 5, Informative

      Ah, I forgot, you also need to add "127.0.0.1 assist.mediacomcable.com" to your /etc/hosts. assist.mediacomcable.com is the server that does the page display for their NXDOMAIN hijacking. Adding the line to /etc/hosts and not using Mediacom's DNS servers results in a "page not found" error when having a 404 error.

      --
      Just "gittin-r-done," day after day.
  13. Re:Vote with your feet by maxwell+demon · · Score: 3, Insightful

    The only way companies will truly reform is when they risk losing customers. Stop complaining but cancel your contract and tell them (and the rest of the world) why.

    Well, if you are without internet connection, it's a bit harder to tell the world why. :-)

    --
    The Tao of math: The numbers you can count are not the real numbers.
  14. Re:Get another ISP! by jandersen · · Score: 4, Insightful

    This is why we should just give up this free-market farce and regulate the ISPs as utilities, with standards on purity (e.g. not modifying traffic) and equity (not censoring traffic from conglomerate competitors). AKA net neutrality.

    Why not go the full mile, and decide that the internet is essential infrastructure and should be provided by the state? I know all the usual arguments, "the government is evil per definition", and "all public efforts are big, bumbling wastes of time and money". Both are disingenious, bordering on fraudulent - the state is NOT the government, just for one thing, and most of government is not the politicians; and even politicians are not all thoroughly evil, believe it or not.

    And, as a matter of fact, most state driven projects are not all that bad - some are even highly succesful. It's just that bad news sell better and of course, it mets the expectations of the readers that "governments are evil and useless" - why else would they ask us to pay tax?

  15. Re:Simple by h4rr4r · · Score: 4, Insightful

    Slow, 3 days across country for a couple dollars is slow?
    They are the cheapest and lose/break less than the other carriers.
    They only operate as a loss as they are forbidden to raise prices except for with inflation. Since we fudge they inflation number they are stuck in the middle.

    I am not sure when Americans decided unions were evil, but I enjoy 40hour weeks and 5 day work weeks. Without unions we would all be virtual slaves.

  16. Re:Installation disks by b4dc0d3r · · Score: 4, Interesting

    I got Bellsouth DSL, because cable was not laid on my side of the street. I got the modem and an installation disk. I called and said I was not running an installation disk, please tell me what I need to do special for your connection, if anything.

    They said they understood, and I can do it at this web address. The website was basically blank. Are you using internet explorer? No of course I'm not. Well the site only runs in IE. I should have been suspicious, but figured they are idiots.

    ActiveX did exactly what the install disk would have done as soon as I opened the page in IE. I'm still finding bits of things. Motive*, MCCI*, att-nap. Of course, bellsouth was bought by ATT, and I was not pleased about finding that out either.