Re: [ga] Re: [ PRIVACY Forum ] ISP Accused of "Hijacking" Google Search Queries and Subscribers' DNS

[Joe Baptista <baptista@xxxxxxxxxxxxxx>]

I got a confirmation yesterday the "I" root in Beijing is still down. I'm
not surprised ISP's are hijacking the DNS. The DNS jack in the box went bang
when google made a show of their public DNS. DNS is sexy. Expect many more
MitM attacks. Now that countries know how to hijack network traffic to a
root - thanks to the China incident - anything is possible.

There are solutions - but no one in a position of authority is paying
attention to the obvious .. so why bother explaining yet again ... I sound
like a broken record ....

and I agree with you i.e. Lauren. He digs up good stuff.

cheers
joe baptista

On Mon, Apr 12, 2010 at 5:55 PM, Jeffrey A. Williams <jwkckid1@xxxxxxxxxxxxx
> wrote:

>
> lauren and all,
>
>  Thank you for again confirming activity that has been
> ongoing for several years now all be it in this particular
> incident from a different perp'.  Googles DNS is
> significantly insecure and as such is subject to this
> sort of hijacking.  They know what they need to do and
> how, but for whatever reason are reluctant to do so.  As
> such they expose their users to potential harm accordingly.
>
>
> -----Original Message-----
> >From: privacy@xxxxxxxxxx
> >Sent: Apr 10, 2010 2:30 PM
> >To: privacy-list@xxxxxxxxxx
> >Subject: [ PRIVACY Forum ] ISP Accused of "Hijacking" Google Search
> Queries    and Subscribers' DNS
> >
> >
> >
> >   ISP Accused of "Hijacking" Google Search Queries and Subscribers' DNS
> >
> >               http://lauren.vortex.com/archive/000704.html
> >
> >
> >Greetings.  All of the data on this situation isn't in yet, but on its
> >face this appears to be an extremely problematic situation, seemingly
> >involving ISP "hijacking" of their subscribers' Google-related
> >traffic.
> >
> >Here's what we have so far, based on reports to date.  When reading
> >this, please also keep in mind the "Testing Your Internet Connection
> >for ISP DNS Diversions" page ( http://bit.ly/7DOv5Y ) from
> >NNSquad ( http://www.nnsquad.org ) -- more on this below.
> >
> >Apparently a few days ago, users of Windstream ISP services suddenly
> >discovered that their Firefox-based Google toolbar search queries were
> >being diverted by Windstream to an alternate Windstream-associated
> >search service, through some form of DNS redirection
> >( http://bit.ly/aJ3WZB [DSL Reports] ).
> >
> >Complaints by subscribers resulted in confusing responses from
> >Windstream, including the statement that the purpose of their
> >redirection was only to deal with unresolved site lookups and that an
> >opt-out was available.  (Over on NNSquad, we've frequently discussed
> >the unacceptability of such diversions on anything other than an
> >*opt-in* basis.)
> >
> >Shortly after the initial Windstream explanation, a Windstream
> >employee apparently said that:
> >
> >    "We will be making a change to this service tonight based on
> >     feedback from our customers who wish to continue to use Google
> >     for the search box. We apologize for any inconvenience this may
> >     have caused."
> >
> >This is a most remarkable statement -- since it appears to imply that
> >the diversion was not a mistake, but may have been an intentional
> >redirection of Google-related traffic.  After all, if someone is using
> >a Google search toolbar, one would typically assume that they want
> >*Google* to supply the search results, right?  You don't need rocket
> >science to figure this out.
> >
> >Of particular concern are reports that these changes affected
> >subscribers who were *not* using Windstream's DNS servers, but
> >who had manually changed their DNS settings to other servers such as
> >OpenDNS or Google DNS.  If these reports are correct, they imply that
> >Windstream was tampering with protocols via DPI (Deep Packet
> >Inspection) techniques, which elevates the severity of the situation
> >to an even higher level, regardless of whether or not "opt-out"
> >mechanisms of varying effectiveness were provided.
> >
> >Many Windstream subscribers are very concerned about the privacy
> >implications of this situation, and the apparent unwillingness of
> >Windstream to clearly explain what they are doing and whether or not
> >the diversion of Google search queries was intentional or accidental
> >in the first place ( http://bit.ly/bUrgBF [DSL Reports] ).
> >
> >This all appears to be a very serious situation, and exactly the sort
> >of problem many of us have been warning about for years.
> >
> >The first useful step moving forward regarding this matter should be
> >for Windstream to immediately and definitively come clean publicly
> >about what they did, what they are doing, and what their true
> >intentions were and are.
> >
> >In the meantime, I invite Windstream (and other ISP) subscribers to
> >use the info on the NNSquad Testing Your Internet Connection for ISP
> >DNS Diversions page to test their ISP for DNS tampering, and to report
> >results to me as described on that page ( http://bit.ly/7DOv5Y ).
> >
> >DNS tampering is unacceptable and can easily create all manner of
> >collateral damage.  Interfering with Google's (or anyone else's) users
> >is atrocious, especially if done purposely.
> >
> >This is all yet another example of why moving toward reasonable
> >regulation of the Internet access industry is so critically important.
> >
> >--Lauren--
> >Lauren Weinstein
> >lauren@xxxxxxxxxx
> >Tel: +1 (818) 225-2800
> >http://www.pfir.org/lauren
> >Co-Founder, PFIR
> >   - People For Internet Responsibility - http://www.pfir.org
> >Co-Founder, NNSquad
> >   - Network Neutrality Squad - http://www.nnsquad.org
> >Founder, GCTIP - Global Coalition
> >   for Transparent Internet Performance - http://www.gctip.org
> >Founder, PRIVACY Forum - http://www.vortex.com
> >Member, ACM Committee on Computers and Public Policy
> >Lauren's Blog: http://lauren.vortex.com
> >Twitter: https://twitter.com/laurenweinstein
> >
> >_______________________________________________
> >privacy mailing list
> >http://lists.vortex.com/mailman/listinfo/privacy
>
> Regards,
>
> Jeffrey A. Williams
> Spokesman for INEGroup LLA. - (Over 294k members/stakeholders and growing,
> strong!)
> "Obedience of the law is the greatest freedom" -
>   Abraham Lincoln
>
> "Credit should go with the performance of duty and not with what is very
> often the accident of glory" - Theodore Roosevelt
>
> "If the probability be called P; the injury, L; and the burden, B;
> liability
> depends upon whether B is less than L multiplied by
> P: i.e., whether B is less than PL."
> United States v. Carroll Towing  (159 F.2d 169 [2d Cir. 1947]
> ===============================================================
> Updated 1/26/04
> CSO/DIR. Internet Network Eng. SR. Eng. Network data security IDNS. div. of
> Information Network Eng.  INEG. INC.
> ABA member in good standing member ID 01257402 E-Mail
> jwkckid1@xxxxxxxxxxxxx
> Phone: 214-244-4827
>
>


-- 
Joe Baptista

www.publicroot.org
PublicRoot Consortium
----------------------------------------------------------------
The future of the Internet is Open, Transparent, Inclusive, Representative &
Accountable to the Internet community @large.
----------------------------------------------------------------
 Office: +1 (360) 526-6077 (extension 052)
    Fax: +1 (509) 479-0084

Personal: http://baptista.cynikal.net/