ISP Secretly Added Spy Code To Web Sessions

Dennis Faas's picture

A leaked internal report on a secret trial of eavesdropping and advertising technology from Internet Service Provuder (ISP) British Telecom (BT) reportedly shows that the system crashed some unsuspecting users' browsers, causing a small percentage of the 18,000 broadband customers under surveillance to believe they had been infected with adware.

The January 2007 report (PDF), published by WikiLeaks shows what can happen when an ISP tampers with raw Internet traffic for its own profit. The leak was revealed weeks after Charter Communications told its users it would be testing similar technology.

The leaked report documents BT's partnership with UK ad company Phorm, which specializes in building profiles of ISP customers and publishing targeted ads on webpages visited by the user.

From late September to early October 2006 BT secretly colluded with Phorm to let them monitor and track 18,000 customers by installing boxes on BT's network that redirected web requests through their proxy server. The boxes inserted JavaScript code into each web page downloaded by the users and reported the contents of the web page back to Phorm. Phorm then created ad profiles of the users.

BT users were not informed they were being guinea pigs for a new revenue system and had no way to opt out of the system. The JavaScript caused flickering problems for some users and crashed browsers that loaded a website relying excessively on anchor tags. The JavaScript showed up unexpectedly in user's posts to some web forums.

Despite those problems, the assessment concluded that the test was successful and that it went largely unnoticed by most users. Noticeable side effects included web-page tag insertion and navigation bar flutter. Noticeable from the postings is that no user was able to correctly determine the source of those effects and users did not post that the system was causing poor performance. All postings did suspect that their machines had been infected by a virus or a spyware infection.

BT's secret test came to light when one suspicious user contacted The Register UK about the problem. At the time BT denied any involvement, though they later admitted to running the secret test and planned to expand the monitoring technology to its entire network. The newly revealed documents further confirm a report from The Register UK about the extent of the secret test. Neither Phorm nor BT returned calls to Wired seeking comment on the document.

Visit Bill's Links and More for more great tips, just like this one!

Rate this article: 
No votes yet