Skip to main content

ISP Greed left Whole of WWW open to Hackers Hijack

ISPs here and across the pond are increasingly looking desperate to cash on the golden geese that is their customers without paying attention to possible dire consequences.

After BT's Phorm saga, US-based Earthlink, one of the biggest ISPs in US has been criticised for outsourcing the handling of mistyped web page requests to a third party, based in London, whose servers lacked even the most basic security and web programming techniques.

Speaking to Wired Magazine (opens in new tab), Dan Kaminsky, who works for IOActive as a Security Researcher, found out a security hole that could have allowed hackers and online criminals to use genuine website addresses like Google.com or Microsoft.com to launch attacks.

The quest for more revenues has caused ISPs to try and generate money from mistyped URL and Barefrut, a UK Ad company, was given the responsibility of running the scheme.

Since August 2006, Earthlink redirected Non-Existent Domain (NXDOMAIN) query response - whhich happens when a domain does not exist - to Barefruit servers where paid for search ads were displayed.

The real issue arises when users look for non-existent subdomain of a real website; for example, ibank.barclays.co.uk - the UK bank's real e-commerce website - could be confused with iibank.barclays.co.uk.

In this case, third party adverts would be served while still displaying the barclays.co.uk domain name and bypassing any anti-phising browser protection.

Like Dan Kaminsky, the online criminal community is acutely aware of the near endless possibilities that this could offer to them.

Obviously, Mistyped domain name redirection is nothing new; as early as 2001, Microsoft's Internet Explorer Browser redirected "Page Not Found" repackaged 404 errors to redirect to Microsoft's own search function.

Désiré has been musing and writing about technology during a career spanning four decades. He dabbled in website building and web hosting when DHTML and frames were en vogue and started writing about the impact of technology on society just before the start of the Y2K hysteria at the turn of the last millennium. Following an eight-year stint at ITProPortal.com where he discovered the joys of global tech-fests, Désiré now heads up TechRadar Pro. Previously he was a freelance technology journalist at Incisive Media, Breakthrough Publishing and Vnunet, and Business Magazine. He also launched and hosted the first Tech Radio Show on Radio Plus.