ISP Greed left Whole of WWW open to Hackers Hijack

ISPs here and across the pond are increasingly looking desperate to cash on the golden geese that is their customers without paying attention to possible dire consequences.

After BT's Phorm saga, US-based Earthlink, one of the biggest ISPs in US has been criticised for outsourcing the handling of mistyped web page requests to a third party, based in London, whose servers lacked even the most basic security and web programming techniques.

Speaking to Wired Magazine, Dan Kaminsky, who works for IOActive as a Security Researcher, found out a security hole that could have allowed hackers and online criminals to use genuine website addresses like Google.com or Microsoft.com to launch attacks.

The quest for more revenues has caused ISPs to try and generate money from mistyped URL and Barefrut, a UK Ad company, was given the responsibility of running the scheme.

Since August 2006, Earthlink redirected Non-Existent Domain (NXDOMAIN) query response - whhich happens when a domain does not exist - to Barefruit servers where paid for search ads were displayed.

The real issue arises when users look for non-existent subdomain of a real website; for example, ibank.barclays.co.uk - the UK bank's real e-commerce website - could be confused with iibank.barclays.co.uk.

In this case, third party adverts would be served while still displaying the barclays.co.uk domain name and bypassing any anti-phising browser protection.

Like Dan Kaminsky, the online criminal community is acutely aware of the near endless possibilities that this could offer to them.

Obviously, Mistyped domain name redirection is nothing new; as early as 2001, Microsoft's Internet Explorer Browser redirected "Page Not Found" repackaged 404 errors to redirect to Microsoft's own search function.