UPD4 EZTV Cause Website Blocking Fail for UK Sky Broadband ISP Users

Some Sky Broadband users were this week left frustrated after the ISP began sporadically blocking TorrentFreak, a well-recognised news source for the BitTorrent and P2P community. But the cause appears to have been a deliberate manipulation by one of the websites that Sky is required to block, which has highlighted the danger of overblocking.

Last month The Federation Against Copyright Theft (FACT) and Motion Picture Association (MPA) won a vital court case (here) that meant they could force all of the United Kingdom’s largest broadband ISPs to block (censorship) the EZTV website for helping to facilitate copyright infringement (internet piracy).

Lately court ordered website blocking has become increasingly common, although those who go actively seeking such content usually have no trouble circumventing the skin deep measures. But, as the endless game of whack-a-mole continues, pirates are now rediscovering old ways of hassling internet filtering systems, such as by poisoning their own DNS records with IP addresses that actually link to legitimate websites.

The Domain Name Servers (DNS) exist to translate Internet Protocol (IP) addresses into human readable form. For example, a DNS server can convert an IP number (“185.56.23.89“) into a domain name like “Meowmix.com“ and vice versa. But apparently all the owner of EZTV had to do to get a legitimate website blocked was to use Geo DNS to point its UK visitors to TorrentFreak’s IP address.

The result was that many, but not all, of Sky Broadband’s customers have this week experienced a sporadic inability to access TorrentFreak. Naturally EZTV might not win many friends for causing such problems but it does highlight just one of many problems with trying to restrict access in the online world, which the internet was originally designed to regard as an attack.

Ernesto, TorrentFreak Writer, said:

“From the above it appears that Sky’s filtering system blocks any and all IP-addresses that EZTV adds to their DNS. This essentially means that EZTV, or any other blocked site, has the power to render entire websites inaccessible to Sky subscribers. Luckily we were the target and not Google. From what we can tell, other UK Internet providers are using different systems as TorrentFreak is still accessible.

Interestingly enough, Virgin users reported an hour long blackout of Facebook yesterday evening. Whether this is related to EZTV’s DNS entries is unknown at the point, but it’s not common for Facebook to go “down” on a single UK provider.

EZTV’s owner tells TorrentFreak that he just wanted to see how the various blocking procedures work at UK ISPs. He never imagined that simply adding a few IP-addresses to EZTV’s DNS zone would take out TorrentFreak. He stresses that there was absolutely no “hacking” involved and alerted us about the plan.“

ISPs clearly need to be mindful about not using dumb automation to keep up with changes on piracy sites but, as more sites are blocked and IPs get changed all the time, then it could become an increasingly complex task to separate legitimate sites from those that the courts have ordered to be blocked.

At this point we’re reminded of an Ofcom commissioned CSMG investigation into the impact of IP address sharing upon website blocking measures. It noted how problems can occur due to the fast paced way in which IP’s change ownership or can be used by several websites / servers at once, most of which could be legitimate but it only takes one rotten apple to ruin it for everybody (here).

Sadly it’s the weekend and so getting a reply from Sky Broadband could be difficult but we hope to have their reaction shortly.

UPDATE 2:12pm

Here’s the line from Sky.

A Sky Spokesperson told ISPreview.co.uk:

“TorrentFreak was inadvertently blocked due to EZTV pointing one of its URLs at the site. We have a process in place which monitors this type of disruptive behaviour, and when we discover it, we will take the necessary steps to remove any unintended blocks. To be clear, Sky only ever blocks sites in line with court orders.”

UPDATE 12th August 2013

As some readers have pointed out, Sky’s statement isn’t entirely correct because they also block child abuse sites through the IWF. Not to mention the “optional” network-level filtering that Sky will shortly begin asking their customers to adopt.

In related news we’re hearing that customers of BE Broadband (now owned by Sky) and some Virgin Media users have found that a sporadic block is SOMETIMES preventing access to 200+ websites including the Radio Times, Taylor Swift’s homepage, Northampton Town Football Club, Glasgow airport park and ride, FireEye security researchers and many more.

The BE Usergroup notes that this appears linked to websites that have currently or previously shared the following IP address: 96.45.82.196. It could just be a routing problem or perhaps a conflict with another court ordered block.

UPDATE 13th August 2013

Virgin Media has informed ISPreview.co.uk, “this is an issue that has been rectified now. Some sites have to stay blocked, but Radio Times isn’t one of them. Apologies“.

UPDATE 15th August 2013

The blocks should now be removed and we’ve written up a detailed explanation of what actually happened (here).