[Chapter-delegates] Canadian ISP Rogers violates net neutrality by hijacking failed DNS lookups

Mon Jul 21 15:50:18 PDT 2008

Hello Alessndro,

The phrase "hack into all customer computers" in my question that was part
of m email to Airtel months ago was more of an angry expression as an
independent, individual customer. It was a message that I wrote when I was
very angry.

Had this been in the context of an isoc communication, I would have phrased
it more appropriately. (An ISP wouldn't achieve anything by hacking into ALL
customer computers, but if they want they can selectively hack in-depth, for
which they have the technical superiority and the ability to monitor and
control)

The internet connection works with some specific settings. These settings
are designed for modems from the ISP's "approved list" of modems-  I have
one provided by the ISP on a monthly rental of $2.5 which has a universal
user name and password. 90% of the home users use the modem with default
settings and the ISPs do not bother to educate them to change the modem
password, which is a multi-step process that one has to learn from a phone
call to customer support.

As you say, may be they have modified the settings of my modem. I don't know
about the various technical possibilities. Through the modem or by some
other back door, this ISP had some way of overriding the browser settings. I
have a screen shot of the page that loaded (attached) and a text file of
what I noted down from the page properties including the source code copied
from a file that was saved as a .pl file.  This is not much, but might an
expert determine how this unsolicited web page popped up.

I have had other instances of intrusion attempts of indeterminate origin.
But this particular issue is caused by the ISP, which was simply not taken
note even after repeatedly raising this issue. I have once even raised
concerns about noticeable parallel wiring which was also unattended.

Yes, I must be careful, may be even set up a decoy or a honey pot to record
logs. In the absence of these measures all that I could immediately do is to
work out of a computer with Solaris, an O/S that is a little unfamiliar for
the local hackers to tamper with.

There is not much of a choice of ISPs in small towns in India. So I
continue.

(The bright side is that such experience of helplessness has given me one or
two additional points to cover in a paper that I am drafting on Internet
Rights)

S

On Tue, Jul 22, 2008 at 12:45 AM, Alejandro Pisanty <apisan at servidor.unam.mx>
wrote:

> S.,
>
> have you ascertained fully that your computer has been hacked into by the
> ISP, or is there some other form of interception, on the network, occurring?
>
> The scenario of the ISP hacking into all of its users' computers seems
> highly unlikely to me. And, you should have available - as an ISOC Chapter!
> - the services of someone knowledgeable in computer forensics to check your
> computer, as well as to set up a decoy where logs are kept of all activity,
> etc. to prove this hacking beyond any doubt.
>
> What is less unlikely is that they have modified configurations in your
> (ADSL or other technology) modem. That would be a different story, though
> many of us would raise hell and call it "pharming" if it was an egregious
> enough redirection of the DNS calls.
>
> Beyond that: other than in closed networks, like a hotel's, no-one should
> stand between you and the DNS. But then, no-one should stand between you and
> the Internet... unless you have accepted it in the small print of your
> contract with your ISP (Arnoud: this applies to your response as well.)
>
> Yours,
>
> Alejandro Pisanty
>
>
> .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  . .  .  .  .  .  .
>     Dr. Alejandro Pisanty
> UNAM, Av. Universidad 3000, 04510 Mexico DF Mexico
>
> Tels. +52-(1)-55-5105-6044, +52-(1)-55-5418-3732
>
> *Mi blog/My blog: http://pisanty.blogspot.com
> *LinkedIn profile: http://www.linkedin.com/in/pisanty
> *Unete al grupo UNAM en LinkedIn,
> http://www.linkedin.com/e/gis/22285/4A106C0C8614
>
> ---->> Unete a ISOC Mexico, http://www.isoc.org
>  Participa en ICANN, http://www.icann.org
> .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .
>  .
>
>
> On Mon, 21 Jul 2008, Sivasubramanian Muthusamy wrote:
>
>  Date: Mon, 21 Jul 2008 21:31:11 +0530
>> From: Sivasubramanian Muthusamy <isolatedn at gmail.com>
>> To: Gilles Massen <gilles at isoc.lu>
>> Cc: chapter-delegates at elists.isoc.org,
>>    Patrick Vande Walle <patrick at vande-walle.eu>
>> Subject: Re: [Chapter-delegates] Canadian ISP Rogers violates net
>> neutrality
>>
>>        by hijacking failed DNS lookups
>>
>> Hello Alejandro,
>>
>> 1.  I followed the original link and from there tried to go to
>> http://www.digitalhome.ca/forum/forumdisplay.php?f=28 or to page
>> http://www.digitalhome.ca/forum. Both pages returned a 403 error.
>>
>> 2.  My ISP is Bharti AIRTEL,  I have noticed a more serious issue of a
>> possible backdoor intrusion by the ISP, which is a possible breach of
>> consumer privacy. This ISP - Airtel Broadband  is evidently in a position
>> to
>> control the browser in MY COMPUTER to take over my browser to redirect any
>> URL to an Airtel page that says you are temporarily disconnected ( The
>> ISP's
>> tolerance for late payments even for long standing subscribers is not even
>> a
>> day past the due date, which is sometimes missed )
>>
>> I have asked them in several repeated email messages
>>
>> a) How did you get into my computer to override my browser home page
>> settings ?
>> b) What gives you the right to do that ?
>> c) If you can do as much of a hack in all customer computers as to
>> override the browser settings and ensure that any address typed in the
>> address bar takes the browser to
>> http://203.145.184.29/cgi-bin/airtel/frontpage.pl, what else couldn't
>> you have done ?
>>
>> This issue was raised in several repeated email messages, routinely
>> acknowledged but was conveniently left unanswered. In India Consumer
>> Forums
>> are grossly inadequate and largely controlled or influenced by the
>> Industrial groups; Consumer legislation, the judicial process are
>> inadequate, so these large companies simply brush aside any communication
>> that questions their ways of working
>>
>> Sivasubramanian M.
>>
>>
>>
>> On Mon, Jul 21, 2008 at 7:05 PM, Gilles Massen <gilles at isoc.lu> wrote:
>>
>>  Alejandro, Patrick, et al,
>>>
>>> There are more and more ISPs that tweak their DNS servers to return an IP
>>> address when they should return that a name does not exist. Rogers is
>>> only
>>> the last on a growing list.
>>>
>>> Personally, I'd never accept that behaviour from my ISP, I'd either
>>> change
>>> or
>>> work around it (with services like OpenDNS, where you can at least
>>> opt-out
>>> from such an 'enhanced user experience').
>>>
>>> Verisign was the same idea on another level, and you could not easily
>>> work
>>> around it, so I'm quite happy that that's gone.
>>>
>>> But let's face it: net neutrality is slowly disappearing...be it by
>>> changing
>>> the content of DNS replies, or by treating P2P traffic differently. To
>>> many 'optimisations' do simply that: manipulate what's on the wire.
>>>
>>> Best,
>>> Gilles
>>>
>>>
>>>
>>>
>>> On Monday 21 July 2008 01:54, Alejandro Pisanty wrote:
>>>
>>>> Patrick,
>>>>
>>>> reminds me of the spat on wildcards with Verisign some years ago.
>>>> Quoting
>>>> it could be a good precedent Rogers clients may want to use. Rogers may
>>>> not want to get into a similar mess.
>>>>
>>>> Yours,
>>>>
>>>> Alejandro Pisanty
>>>>
>>>>
>>>> .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  . .  .  .  .  .
>>>>
>>>  .
>>>
>>>>      Dr. Alejandro Pisanty
>>>>
>>>>
>>>> On Sun, 20 Jul 2008, Patrick Vande Walle wrote:
>>>>
>>>>> Date: Sun, 20 Jul 2008 21:57:11 +0200
>>>>> From: Patrick Vande Walle <patrick at vande-walle.eu>
>>>>> To: isoc Chapter Delegates <chapter-delegates at elists.isoc.org>,
>>>>>    ISOC Extended Board <isoc-ext-board at elists.isoc.org>
>>>>> Subject: [Isoc-ext-board] Canadian ISP Rogers violates net neutrality
>>>>>
>>>> by
>>>
>>>>    hijacking failed DNS lookups
>>>>>
>>>>> http://www.digitalhome.ca/content/view/2689/206/
>>>>>
>>>>> In what appears to be a violation of Net Neutrality by Rogers Cable,
>>>>> Digital Home readers are reporting that Rogers High Speed Internet
>>>>> service has begun redirecting customers "Server not found pages" to
>>>>> webpages laden with Rogers advertising.
>>>>>
>>>>> See original link for more details and screenshots.
>>>>>
>>>>> --
>>>>> Patrick Vande Walle
>>>>>
>>>>
>>>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://elists.isoc.org/mailman/private/chapter-delegates/attachments/20080722/536b0133/attachment.htm>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: airtel.jpg
Type: image/jpeg
Size: 120579 bytes
Desc: not available
URL: <https://elists.isoc.org/mailman/private/chapter-delegates/attachments/20080722/536b0133/attachment.jpg>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: airtel intrusion
Type: application/octet-stream
Size: 3859 bytes
Desc: not available
URL: <https://elists.isoc.org/mailman/private/chapter-delegates/attachments/20080722/536b0133/attachment.obj>