Posted: 06th Aug, 2011 By: MarkJ


New research has warned that ten broadband ISPs in the United States (US) could be abusing the internet's
Domain Name System (DNS), which converts IP addresses into human readable form (e.g. an IP is turned into a website domain like "
ISPreview.co.uk"), by
hijacking their customers search engine traffic in order to
earn a crafty profit from Affiliate networks like
Commission Junction.
A number of UK ISPs have attempted something similar in the past, albeit not quite in the same way. Back in 2008 the
Hull (
Yorkshire) based broadband and phone provider KC started
hijacking mistyped customer URLs (i.e. website addresses) and redirecting them to the Ask.com search engine (
original news). Some other ISPs also operate a similar setup, although it's usually frowned upon.
Historically most ISPs have claimed that they do this because it "
helps you find what you want to search for more easily, directly from your browser address bar," said a KC spokesperson in 2008. Since then the world has changed and most recent website browsers now perform the same task automatically and give you a choice of search engine. According to the
New Scientist magazine, domain hijacking systems have adapted and in a much more worrying way.
The New Scientist's Jim Giles explained:
"The hijacking seems to target searches for certain well-known brand names only. Users entering the term "apple" into their browser's search bar, for example, would normally get a page of results from their search engine of choice. The ISPs involved in the scheme intercept such requests before they reach a search engine, however. They pass the search to an online marketing company, which directs the user straight to Apple's online retail website."
On the surface the excuse that this "
helps you find what you want" could still apply and indeed
many consumers probably won't even notice it happening. However those whom are use to typing a name into their address bar in order to gain a list of results from their search engine could be somewhat less forgiving.
The technology, which appears to be supplied by a US firm called
Paxfire, has already triggered a legal challenge by
Reese Richman, a New York law firm, against one of the associated ISPs because they claim that it violates numerous statutes and wiretapping laws. Sounds a bit like Phorm all over again.
It's understood that about
165 search terms, such as "
apple", "
dell" and "
safeway", are among those that the Paxfire system has been designed to detect and redirect. Interestingly we've seen similar activity over our connection when entering "
BBC" into
IE9's address bar, although this is more likely to be
Bing and Microsoft's own doing. Meanwhile
Chrome and
Firefox merely redirected to Google.
At the time of writing we've not been able to find any UK ISPs that use Paxfire, although that doesn't mean to say there aren't any. In any case there are solutions, such as adopting a free DNS alternative like
OpenDNS or
Google's Public DNS. These are usually easy to setup, faster than your own ISPs solution and will often also give you more control over web traffic (e.g. OpenDNS offers an optional adult content filter if you register with them).
The Two Research Papers (PDF)
http://www.icir.org/christian/publications/2011-satin-netalyzr.pdf
http://www.usenix.org/event/leet11/tech/full_papers/Zhang.pdf