Posts Tagged ‘MitM’

Cypherpunk’s Wet Dream meta-entry

I once said that this blog would eventually reach a point where any possible entry could be expressed as a sum of references to previous entries. In this case, it’s this one, this one and this one.

I have maintained that a point will be reached where plain old ordinary Web sites will be forced to turn on SSL encryption by default, or otherwise resort to client-side validation to ensure the page content hasn’t been tampered with during transit. Not because they are running online shops or otherwise dealing with sensitive information – to ensure their users view the original site as it was meant to be seen, protect their users against malware injected by man-in-the-middle attacks, protect/ensure their ad sales, and protect themselves from liability (lost sales from angry customers, frivolous ADA/etc. lawsuits, computer repair bills) arising from unauthorized third-party “enhancements” to their site. And I figured the detonator for all of this (besides Comcast’s broken BitTorrent filter) would be local-yokel small-town ISPs, where bored and too-clever midnight admins sit, Perl Cookbook in hand, trying to make a few bucks on the side by replacing random Web sites’ ads with their own, or injecting other forms of malware into customer HTTP streams to gather saleable profiling data.

Nope. It’s the big boys. Among them: Charter Communications, one of the world’s largest ISPs, and British Telecom have secretly tested, or intend to test (respectively) technologies against their paying customers which do exactly that. According to an internal British Telecom memo (fulltext PDF via Wikileaks), the company partnered with online marketing company Phorm, which specializes in consumer profiling and delivery of targeted advertising. According to Wired,

“From late September to early October 2006, British Telecom secretly partnered with Phorm to let the company monitor and track 18,000 of the BT’s customers. Phorm installed boxes on BT’s network that redirected web requests through their proxy server.

Those boxes inserted JavaScript code into every web page downloaded by the users. That script then reported back to Phorm the contents of the web page, which Phorm used to create ad profiles of a user.”

The report goes on to detail the ability of the Phorm proxy box to intercept requested pages and replace the site’s advertising with its own, based on the collected profile for that customer. The report also indicates several deleterious side-effects of this injection, such as flickering problems on some Web pages (which led users to believe their PCs were infected with spyware), frequent browser crashes, and insertion of the rogue code when users tried to post to Web forums. However, they concluded that the test was “successful” since no user was able to successfully pin the blame on BT/Phorm:

“The operation of the system does have noticeable side effects, which included web-page tag insertion and navigation bar flutter.

From the postings, no user correctly determined the source of these effects and users did not post that the system was causing poor performance.

However all postings suspected that their machines had a virus, a malware or a spyware infection.”

*sigh* Remember kids, you (probably) heard it here first. Let’s hope that in the brave new world of encrypt-everything-to-avoid-getting-fucked-by-ISPs, Firefox 4 doesn’t continue to perform that tired 5-warning song and dance every time you visit a non-corporate Web site.