Slashdot Mirror

← Back to Stories (view on slashdot.org)

Mediacom Using DPI To Hijack Searches, 404 Errors

Posted by CmdrTaco on from the well-thats-not-cool dept.

Verteiron writes "Cable company Mediacom recently began using deep packet inspection to redirect 404 errors, Google and Bing searches to their own, ad-laden 'search engine.' Despite repeated complaints from customers, Mediacom continues this connection hijacking even after the user has opted out of the process. Months after the problem was first reported, the company seems unwilling or unable to fix it and has even experimented with injecting their own advertising into sites like Google. How does one get a company infamous for its shoddy customer service and comfortable, state-wide cable monopolies to act on an issue like this?"

19 of 379 comments (clear)

  1. HTTPS by The+MAZZTer · · Score: 4, Informative

    Can't touch this!

    1. Re:HTTPS by betterunixthanunix · · Score: 4, Insightful

      $10 says that ISPs will encourage their customers to use special "installation disks," which add an ISP's signing certificate to the list of trusted CAs and then start using MITM attacks. It takes more than HTTPS, it takes users who both care and understand what they are doing.

      --
      Palm trees and 8
    2. Re:HTTPS by sverdlichenko · · Score: 4, Insightful

      No they can't. HTTPS inspection works only if user installed "trusted" certificate on his computer. This can be done in corporate environment, but not for home users.

    3. Re:HTTPS by david.emery · · Score: 5, Insightful

      Short answer, yes. When I'm working on software/systems architecture standards, etc, there is a disproportionate number of Macs around the room. The value of the Mac as a platform is that it can be simple, but that it also has the full power of Unix underneath. That makes the platform appealing to both those who don't want to have to mess with their computers (like my mother) and to those of us who routinely use "su" and other such facilities. A lot of what I know about working on Unix machines fully transfers over to the Mac.

      Making a machine easy to use is not necessarily correlated with ignorant users. A strong platform should support users at all levels.

  2. File an Anti-Trust Complaint by techsoldaten · · Score: 4, Informative

    File an anti-trust complaint and break up the monopoly. That is what those laws are for.

  3. Re:Get another ISP! by OeLeWaPpErKe · · Score: 5, Informative

    I'd hope Google would sue them for copyright violation, changing their webpage in transit, and collect damages per changed page. Additionally they create confusion by diluting Google's trademarks (and those of anyone else whose page is changed). I mean this violates so many laws it isn't funny.

    You could serve them with a DMCA cease and decist notice as a normal website author. Fight fire with fire.

  4. Sue them by mangu · · Score: 4, Funny

    What they are doing is fraud. Sue them and use *AA scales to calculate compensatory damages. Assume each false-404 corresponds to one music download, charge the normal $75000 per song.

  5. Re:Get another ISP! by TheRaven64 · · Score: 4, Informative

    Came to this story to post exactly the same thing. If you take someone else's copyrighted work (i.e. any web page that is not explicitly placed into the public domain) and create a derived work (that page with adverts), which you then distribute for profit (ad revenue), then you are committing wilful copyright infringement for commercial gain. You can be liable for a statutory penalty of up to $150,000 per work (at least per site, possibly per page) in the USA.

    --
    I am TheRaven on Soylent News
  6. FTC Complaint by hotsauce · · Score: 4, Informative

    In the short-term, an FTC Complaint (https://www.ftccomplaintassistant.gov/) works wonders due to their power to impose fines for every complaint.

    File early, file often.

    --
    Lies about crimes
    1. Re:FTC Complaint by Nemesisghost · · Score: 4, Insightful

      Watch Mediacom block that site for their customers next. As well as any complaint site for the FCC/franchise authority/state attorney general's office/etc.

      Before all the other hoopla about Net Neutrality became a CNN talking point, it was issues like this that caused me to want stronger regulations on ISPs. How long before other ISPs start doing the same thing? Will Mediacom start blocking /. because we exposed & brought this nefarious practice to light? What if this made it to CNN or some other major news outlet? If you don't already support Net Neutrality, maybe you ought to start thinking about it. It is the Free Speech Issue of our time.

  7. Re:Simple by h4rr4r · · Score: 4, Insightful

    Not more, just better.
    Regulation Number 1. He who owns the fiber/copper may not provide service over it.
    Regulation Number 2. He who owns the fiber/copper must sell access to all comers for the same price.
    Regulation Number 3. He who provides the service may not own media companies.
    Regulation Number 4. If anyone gains more than 51% of the market, split the company in two.

  8. Re:Get another ISP! by fuzzyfuzzyfungus · · Score: 4, Funny

    It would probably be unethical to suggest arson, so I won't.

  9. Wire Fraud? by lobsterGun · · Score: 4, Insightful

    Wire Fraud:

    Whoever, having devised or intending to devise any scheme or artifice to defraud, or for obtaining money or property by means of false or fraudulent pretenses, representations, or promises, transmits or causes to be transmitted by means of wire, radio, or television communication in interstate or foreign commerce, any writings, signs, signals, pictures, or sounds for the purpose of executing such scheme or artifice, shall be fined under this title or imprisoned not more than 20 years, or both. If the violation affects a financial institution, such person shall be fined not more than $1,000,000 or imprisoned not more than 30 years, or both.

    A customer is asking for one web page, mediacom is substituting another for monetary gain. How is this not wire fraud?

  10. Solution: Use a different DNS server by level_headed_midwest · · Score: 4, Informative

    I have Mediacom's internet service and the solution is to use a different DNS server other than the ones Mediacom provides. I use Level3's DNS servers (4.2.2.2 and 4.2.2.3) for my DNS lookups and I do not get any redirects. You can either manually set the DNS servers on your computer or set them at the router.

    --
    Just "gittin-r-done," day after day.
    1. Re:Solution: Use a different DNS server by Frozen-Solid · · Score: 5, Informative

      This doesn't work. I'm on Mediacom and use Google DNS. None the less if I type in http://validsite.com/invalidurlgoeshere/ rather than being served a proper 404 I get forwarded to Mediacom's private search engine. They're using deep packet inspection to hijack any default apache or iis 404 response from a website and redirect it to themselves. Level3 DNS, Google DNS, and Open DNS all work to fix the issue of my failed DNS queries being hijacked, but it doesn't fix 404s.

      --
      Frozen Insanity
      http://frozen-solid.net
    2. Re:Solution: Use a different DNS server by level_headed_midwest · · Score: 5, Informative

      Ah, I forgot, you also need to add "127.0.0.1 assist.mediacomcable.com" to your /etc/hosts. assist.mediacomcable.com is the server that does the page display for their NXDOMAIN hijacking. Adding the line to /etc/hosts and not using Mediacom's DNS servers results in a "page not found" error when having a 404 error.

      --
      Just "gittin-r-done," day after day.
  11. Re:Get another ISP! by jandersen · · Score: 4, Insightful

    This is why we should just give up this free-market farce and regulate the ISPs as utilities, with standards on purity (e.g. not modifying traffic) and equity (not censoring traffic from conglomerate competitors). AKA net neutrality.

    Why not go the full mile, and decide that the internet is essential infrastructure and should be provided by the state? I know all the usual arguments, "the government is evil per definition", and "all public efforts are big, bumbling wastes of time and money". Both are disingenious, bordering on fraudulent - the state is NOT the government, just for one thing, and most of government is not the politicians; and even politicians are not all thoroughly evil, believe it or not.

    And, as a matter of fact, most state driven projects are not all that bad - some are even highly succesful. It's just that bad news sell better and of course, it mets the expectations of the readers that "governments are evil and useless" - why else would they ask us to pay tax?

  12. Re:Simple by h4rr4r · · Score: 4, Insightful

    Slow, 3 days across country for a couple dollars is slow?
    They are the cheapest and lose/break less than the other carriers.
    They only operate as a loss as they are forbidden to raise prices except for with inflation. Since we fudge they inflation number they are stuck in the middle.

    I am not sure when Americans decided unions were evil, but I enjoy 40hour weeks and 5 day work weeks. Without unions we would all be virtual slaves.

  13. Re:Installation disks by b4dc0d3r · · Score: 4, Interesting

    I got Bellsouth DSL, because cable was not laid on my side of the street. I got the modem and an installation disk. I called and said I was not running an installation disk, please tell me what I need to do special for your connection, if anything.

    They said they understood, and I can do it at this web address. The website was basically blank. Are you using internet explorer? No of course I'm not. Well the site only runs in IE. I should have been suspicious, but figured they are idiots.

    ActiveX did exactly what the install disk would have done as soon as I opened the page in IE. I'm still finding bits of things. Motive*, MCCI*, att-nap. Of course, bellsouth was bought by ATT, and I was not pleased about finding that out either.