That fish will soon be caught that nibbles at every bait
|
|
|
Big US ISPs hijack search traffic
RESEARCHERS at the International Computer Science Institute in Berkeley, California, have uncovered a major search traffic hijacking operation instrumented by a dozen US Internet service providers and a company specialising in affiliate marketing revenue generation.
The scheme works by redirecting people's search requests through proxy servers designed and operated by a company called Paxfire. The requests are then passed to affiliate programs run by Commission Junction, the Google Affiliate Network, Linkshare, or Ask.com.
Retailers pay money through these programs to those who direct customers to their business. These affiliates earn a commission for every user who ends up making a purchase or signing up for an offer.
According to Christian Kreibich and Nicholas Weaver, the two researchers who have been monitoring this operation for months, only some particular queries like "apple," "dell," "safeway" or "bloomingdales" are being hijacked.
A user who types any of these words in their web browser's address bar expects to be taken to a search page on their favorite search engine. Instead, they are directly taken to the websites of the corresponding companies that pay Paxfire and the ISP for the traffic.
Some less specific queries are also being hijacked. For example, typing Kindle in the address bar takes users to Amazon's website instead of a search engine page that also has links to Ebay, Wikipedia and reviews web sites. This deprives search engines of traffic and takes freedom of choice away from users.
According to a technical analysis published by the Electronic Frontier Foundation (EFF), some of the major ISPs using Paxfire's redirect services include Cavalier, Cogent, Frontier, Fuse, DirecPC, RCN and Wide Open West.
New Scientist reports that New York based law firms Reese Richman and Milberg have already filed a class action lawsuit against RCN and Paxfire claiming violations of the Federal Wiretap Act's privacy safeguards. It also notes that as of August 2011 all major ISPs involved in the scheme have stopped hijacking traffic destined for Google, but still redirect Bing and Yahoo queries.
The two researchers point out that Paxfire's product contains an optional feature that passes people's entire search traffic through web proxies before directing the requests to the search engines. The purpose of this action is to collect information about what users are searching for and build search profiles.
Google recently announced that millions of computers are infected with a click fraud trojan that redirects search engine traffic through proxy servers run by its creators, in a similar way to Paxfire's patented technology. The company took the unprecedented step of warning affected users through alerts displayed at the top of its search page. µ
Tags: Security
Share this:
Share
tran bu
This comment thing seems broken still. I can't paste my full comment :(
:(
My comment is not showing up for some reason. But ISP's also use DNS Hijacking to redirect customers to search pages. It cripples VPN and mobile devices as well as server and authentication.
Having just run the tool listed above, I saw several alerts regarding redirection of Google.com DNS traffic. However, I also know that my ISP has a local Google cache and cluster. Therefore, not as dangerous as it might seem.
Of course, valid redirection of DNS is not the same as redirection and monitoring of search terms as evidenced in the article - those guys should have *their* web searches redirected to a public website, live.
this tool will tell you if your searches are being hijacked :
http://netalyzr.icsi.berkeley.edu/
(From the original New Scientist article http://www.newscientist.com/article/dn20768-us-internet-providers-hijacking-users-search-queries.html)
A very highly ranked government employee has ensured me it's all for our own safety.
What exactly is being hijacked? The title says search traffic, but the story mentions typing words into the address bar.
If they are hijacking the search box in my browser, I'm worried. Those queries should always go directly to Google (in my case). If they are hijacking the address bar, then big deal. Why would people expect to be taken to a search page when they type in an unknown web address?
@bobTrollins - Frontier seems to be a subsidiary of Verizon (they're playing it close to the chest about their exact relationship).
However, I am on Frontier FioOS right now, and I just tried three of the first four mentioned keywords. "Apple" showed me normal search results with a bar asking if I meant to go to Apple.com, while the other two just gave me normal search results. I didn't try "bloomingdales."
This is hacking into your personal information. Millions at a time. They must be treated as terrorist. Where is Homeland security when you need them?
"Cavalier, Cogent, Frontier, Fuse, DirecPC, RCN and Wide Open West."
None of these are "Big" ISP's
Frontier and W.O.W. are the only ones I've heard of, and Frontier is regional for sure.
Comcast, Verizon, Time Warner, Cox are "big" ISP's