ISPs Found to be Modifying DNS Results

DNS ResultsWe’re always very wary of hackers redirecting our DNS searches to servers that they control. DNS is a critically important part of the internet process, and by having others muck around in it and use it to their advantage, we’re all being put at risk. There’s a very clear definition for how DNS should work, and when those guidelines are not followed, we invite bad things to happen.

So how is it that ISPs are hijacking and modifying their customers’ DNS requests? That’s right, ISPs are doing it. Not outright maliciously, but they’re still doing it for a profit.

Much of this was discovered as part of a research study between the Polytechnic Institute of NYU and Microsoft. The study found that some smaller ISPs were intercepting and redirecting search queries and URL mistakes. The study even names the ISPs that were found doing this

  • Hughes
  • Frontier
  • Cavalier
  • FiberNet
  • Spacenet
  • Onvoy
  • WOW [Wide Open West]
  • Cincy B.
  • SDN

Why would they do this? Simple answer: money. The study found that a company called Paxfire was responsible for much of this behavior. They provided the software that intercepted a search query for say Apple, and redirected the browser through several sites that the user did not even see, finally ending up on the homepage of Apple. At each redirected site, the ISP would collect a tiny fee for bringing in a new “customer”. This behavior of course is wrong, a search query should simply result in a list of search results.

This only goes to remind us the importance of securing our computers and networks, as well as understanding the underlying services that the internet provides.