Windstream Gives (Sort Of) Explanation For Google Search Hijack
Though they still aren't giving any real technical explanation
Earlier this week we noted
that Windstream Communications DSL users were surprised to see that the carrier was suddenly hijacking search results from users' Firefox Google toolbar, and redirecting users to Windstream's own ad-laden search portal. After users in our forums complained
and we ran our story, Windstream quickly responded -- fixing the problem the very next day
. We asked Windstream for an explanation and while the company apologized to users, they still haven't really explained the technical specifics behind what caused the glitch. The company has stopped by our forums
to issue this statement:
Windstream implemented a network change on Friday, April 2, that mistakenly re-directed Firefox browser users utilizing their default search boxes to a Windstream landing page. This was not Windstream's intention, and after customers made us aware, we fixed the matter on Monday.
Windstream does not:
* track or monitor any individual customer internet searches;
* impede a customer's ability to access or use any websites, search engines, or any other services or applications on the Internet.
We appreciate all the feedback and support from this forum, and we will continue to address and help resolve any issues with your Internet service.
The statement still doesn't really answer what happened specifically. It also really doesn't answer why this was happening to users who don't use Windstream DNS servers, which suggests that Windstream may have been tinkering with a new flavor of deep packet inspection that goes well beyond DNS redirection. More pointed questions from our users
into what technology caused the hijack aren't being answered by Windstream representatives; representatives that are normally much more conversational.
| |knightmbEverybody Lies
said by Anonymous:A captive portal that intercepts google and modifies your search string. Very easy to implement for an entire network with a single box inline.
My cable provider Mediacom also can hijack search results even when using 3rd party DNS servers. It too requires an opt out. Don't know how they do it but would appreciate if someone would shed some light on how this is being done.
Fight Insight Ready (Was NebuAD) and the like:
Click Here to pollute their data
More Information Karl, thank you so much for exposing this on the front page. To those who asked how, please see »Our Response to Redirect Service Concerns where I went into some technical detail on how they're doing it.
I can elaborate more but this clearly isn't and cannot be DNS tampering without layer 7/DPI since a specific URL structure was targeted. For this to have been DNS (even though users not using Windstream's DNS servers were affected), all of 'www.google.com' would have been impacted and the scope of impact would be limited to users of Windstream's DNS unless they are using DPI to mangle DNS replies from non-Windstream DNS servers.
They are cherry picking, inspecting, transforming, and redirecting search terms based on layer 7 data (HTTP URI) to searchredirect.windstream.net. Take a peek at »searchredirect.windsteam.net. Does this look like a NXDOMAIN landing page? Nope, it's clearly a search engine.
Also note the wording of their explanation, the structure and format of the message, and the inclusion of the word 'individual'.
When they deploy this on a universal scale, targeting all Residential DSL customers as they did, are they still doing any type of "track or monitor any individual customer internet searches"? They're no longer focusing on a specific individual. See my point.
It's deceptive and I don't trust them. Not to mention it took them several days to come up with this paper-thin explanation behind their "bug". Note, I am a Windstream DSL customer.
| For a minute, I was scratching my head wondering what this incident had to do with stopping piracy, but now I get it. All the ISP has to do is capture the searches users perform at trackers, then they watch to see what files they grab using BitTorrent. Then, BAM!, the RIAA/MPAA not only has your search, but they also have the filename you were downloading, and the best part is--wait for it--they don't have to use a bot to connect to you to try and download anything. The DPI box already has your IP from when you ran the search on the monitored tracker. Hell, if they wanted to, they could have the DPI box redirect your browser straight to the infringement letter within a few seconds. "Congratulations John Smith of 1212 Elm St., Anytown, USA, you've been caught downloading copyrighted material, specifically, 30 Rock, Season 1. To avoid a lawsuit, please input your credit card information in the form below. Thank you."|
And for those who couldn't care less about that because pirates are dirty, evil people, there are many other innovative ways that something like this can be used. Maybe someone wants to see who posts information to a site--WikiLeaks, for example. They can try to get the site's logs, but what if there are no logs, or what if the site is hosted overseas? No problem, this solution will get that info. In fact, it will do more than that. It could only pay attention to a single page on the site of interest, and it could do all sorts of other neat tricks, like, once someone visits that page, track the sites and pages they visit afterward. I'm not saying this is happening, but you have to realize that it could happen.
No wonder Windstream is being quiet.