Follow Slashdot blog updates by subscribing to our blog RSS feed

 



Forgot your password?
typodupeerror
×
Censorship The Internet

Belkin Routers Route Users to Censorware Ad 805

The Register has a story today about Belkin routers redirecting their users' network traffic. To me, this seems like the logical next step after top-level domain name servers piping ads to your browser. Now the routers themselves hijack the traffic they are supposed to, uh, route -- and you'll love where they send you instead. But it's OK because you can opt out. Incidentally, the Crystal Ball Award goes to Seth Finkelstein, who in 2001 quoted John Gilmore's famous aphorism about the internet, and asked "What if censorship is in the router?"
This discussion has been archived. No new comments can be posted.

Belkin Routers Route Users to Censorware Ad

Comments Filter:
  • Good qoute (Score:3, Interesting)

    by Bendebecker ( 633126 ) on Friday November 07, 2003 @03:31PM (#7419451) Journal
    There is censorship in the routers. But there is also loose spare change that the system addy dropped in their too.
  • by pegr ( 46683 ) * on Friday November 07, 2003 @03:31PM (#7419454) Homepage Journal
    The device is defective. Make product support give you one that works. While you're at it, send hate mail to the marketing team. I bet the support guy will give you the right email addresses...

    Better yet, get the addresses and post them here.
    • by Hypocritical Guy ( 674824 ) on Friday November 07, 2003 @03:36PM (#7419502) Homepage Journal
      I'll just quit buying Belkin products. Though I don't have any to beginning.
    • by Anonymous Coward on Friday November 07, 2003 @03:38PM (#7419535)

      ericd@belkin.com

      You're welcome. :)

    • Exactly (Score:4, Insightful)

      by Anonymous Coward on Friday November 07, 2003 @03:42PM (#7419580)
      This is a defective product. It doesn't route IP packets correctly. Return it for repair, replacement, or [preferrably] refund.

      Boy did they blow this one. If they had stuck to something simple like your very first HTTP transaction brought up a configuration/advert screen only once, then there wouldn't even be a story.

      What if I had bought this for an isolated network? Would it hang up for an appreciable amount of time trying to contact belkin.com?
      • Re:Exactly (Score:5, Informative)

        by wo1verin3 ( 473094 ) on Friday November 07, 2003 @04:07PM (#7419863) Homepage
        >> Boy did they blow this one. If they had stuck
        >> to something simple like your very first HTTP
        >> transaction brought up a configuration/advert
        >> screen only once, then there wouldn't even be
        >> a story.

        Actually this is pretty much what happens. Here is a snippet from usenet [google.com].

        We elected to re-direct one http request to
        the "Register Now" reminder page. (There is a link in a previous
        posting if you want to see it) This page asks the user to register for
        the service for a free 6 month trial. Now, granted this looks like an
        ad. It should, it is intended to be informative and easy enough to
        understand. At this point, the user can register or click "No Thanks".
        Clicking "No Thanks" sets a flag in the Router to stop the Router from
        re-directing every 8 hours to the reminder page.


        In summary, you have to click 'no thanks' ONCE and you'll never see the thing again unless you do a hard reset of the router.
        • Re:Exactly (Score:5, Insightful)

          by Bleck ( 203017 ) * on Friday November 07, 2003 @05:35PM (#7420704) Homepage
          My fear there -- so now, when I click on a link and get re-directed to some arbitrary site, I'm supposed to click the "click here if you're not interested" link? Haven't we spent the last thousand posts making fun of users who fall for that?

          --Tom
        • Re:Exactly (Score:5, Funny)

          by pclminion ( 145572 ) on Friday November 07, 2003 @06:03PM (#7420942)
          Waiter: "Hi, I'll be your waiter tonight."

          Customer: "Great! I'd like a cup of the soup please."

          [Waiter takes out a hammer, thwaps customer on skull]

          Customer: "WTF was that for?"

          Waiter: "Sir, I'll stop thwapping you on the head as soon as you TELL me to stop."

          Customer: "Why the hell would I have to TELL you to stop?"

          [Waiter thwaps customer once more]

          Customer: "GOD DAMMIT!"

          Waiter: "Just say 'Stop,' sir, and this will all be over..."

        • by IBitOBear ( 410965 ) on Friday November 07, 2003 @06:10PM (#7421005) Homepage Journal
          In summary you have bought a "router" that has its internal configuration updated by an external event.

          That is, I (or anybody on the inside of my net, not just an administrator) can click on a link delivered from outside my area of control and that link SETS A FLAG IN MY ROUTER....???!

          So now I have my router with its optional firewall support watching the data transport and reconfiguring itself in response.

          This is such a bad idea it is unspeakable.

          What if the first guy to see the web page and who isn't the rightful administrator, accepts?

          How long until a nice buffer-overrun attack lets a malicious server reporgram my router?

          How much of the CPU in the router is wasted looking at each HTTP request in search of this flag setting?

          Belkin is "stealing" cycles and security from their customers.

          Not smart.
      • by symbolic ( 11752 ) on Friday November 07, 2003 @06:09PM (#7421001)
        ... Comcast, and others will eventually turn the internet into a cesspool - they're the ones with the hardware, the network infrastructure, and they will do whatever they can to wring extra money out of anyone they can. I predict that not far out, your bandwidth charge will be sold just like cable TV channels - for a basic fee, you have access to the HTTP channel (one way), FTP channel (one way), and the SMTP channel. For an extra fee, they'll provide access to the telnet channel. For even more, access to ssh/VPN/IPSEC channels. Eventually, I suspect they'll reign in all the ports that are used dynamically to facilitate certain kinds of connections, charging for access to them.
    • by Futurepower(R) ( 558542 ) on Friday November 07, 2003 @03:46PM (#7419620) Homepage

      One day, Belkin's router project manager Eric Deming was sitting around thinking, "How can we get $5,000,000 worth of bad publicity for free, and sink the company in an afternoon?"

      Then he had an idea: "That's it! We'll abuse the trust of our customers, and get a story on Slashdot!
      • Here's my e-mail to sales@belkin.com
        QUOTE
        Hi,

        I just want to let you know that I'm suspending purchase of several
        accessories made by Belkin for my 30G iPod because of your blatant abuse of
        customer trust (the router rerouter fiasco). Furthermore, I shall engage in
        an active campaign among friends and family to make sure none of them buy your
        products for the same reason. Being a geek by profession, a lot of my
        non-tech friends take my advice for tech purchases. Since you've been
        featured on /. already, you can be sure there are many others who'll take
        similar course of action.

        I sincerely hope your bottom line will suffer enough for you to make an
        official pledge never to ream your customers again. Or that you go bankrupt
        (financially, because morally you obviously already have).

        I feel betrayed, having recommended your products (even when priced above
        competition) for corporate and personal purchase so many times in the past,
        because of build quality I can count on. However, build quality is not
        enough; integrity and ethics are just as (if not more) important, especially
        at times of Good Enough Syndrome.

        Is this (http://slashdot.org/comments.pl?sid=85076&cid=741 9620) what really
        happened?
        ENDQUOTE
    • by McSpew ( 316871 ) on Friday November 07, 2003 @03:47PM (#7419640)

      I agree that if I'd bought one of those things and it started redirecting my traffic, I'd consider it defective and demand my money back. Belkin's really moronic to think that this won't backfire on them and result in an expensive class-action lawsuit. Maybe they can defuse a lawsuit by offering refunds to anyone who's upset at the feature, but I'm guessing they're too sold on their own flawed logic to understand that what they did is not going to be seen as anything other than making the product do something its owners didn't ask it to do, and that Belkin didn't tell them it would do.

      I can smell the class-action attorneys lining up now.

    • by rjamestaylor ( 117847 ) <rjamestaylor@gmail.com> on Friday November 07, 2003 @04:19PM (#7419987) Journal
      Try their public relations manager (fitting, since this is a public relations nightmare). Be nice.

      Contact:
      Melody Chalaban,
      Public Relations Manager
      Belkin Components
      501 W. Walnut Street
      Compton, CA 90220

      melodych@belkin.com
      (310) 604-2347 direct
      (310) 898-1107 fax
      www.belkin.com

      • Thank you! Here's a copy of the email I just sent to her:

        -----
        Hello. My name is Michael Pedersen, and I am a systems administrator by profession, technical support for my friends and family, and programmer for my own personal needs.

        I am also an ex-Belkin customer. Prior to today, I felt confident in being able to recommend Belkin to anybody who might have a need for any of the products which Belkin sells. In fact, I have bought a fair number of the products myself for my own usage.

        However, I have just no
      • by CrystalFalcon ( 233559 ) on Friday November 07, 2003 @05:22PM (#7420589) Homepage
        Good afternoon.

        My name is [name deleted], and I work as IT department manager for a medium sized company in [place deleted]. I write to you in light of the recent unveiling that Belkin are knowingly shipping routers that show commercials to the end users by hijacking HTTP connections.

        I am not sure if the product manager, Eric Deming, who designed the product to not work as expected did so understanding the full consequences if - or, rather, when - this information would become public. The one reason Belkin's name has been held in high regard at the company I work for is because of dependability. When it turns out that Belkin is actively designing products to not work dependably, but instead display advertising at the user; that reputation of dependability... well... there's not much left of it. And, as you are aware, for every one of Belkin's products, there is a competing product.

        It becomes much worse. It also turns out that Belkin has the ability to remotely modify the behavior of these routers. When I showed this fact to our network security people, they went ballistic and drove straight off to the local equipment store, only to come back two hours later with a bunch of boxes. 30 minutes later, there was a heap of discarded equipment in a disorderly pile in one corner of the networking room. The discarded items all carried the name "Belkin". I signed the receipt for the new equipment with a look, a sigh, and a nod.

        To top it off, it seems that your Mr. Deming who designed this behavior believes that every outbound hijackable connection originates from somebody sitting at a computer and browsing the web. However, more important are the automated connections. What would happen if the backup for our commercial data, which is transmitted regularly over the Internet, instead was pushed to Belkin, due to this behavior? What would happen if virus or operating system upgrade connections were the ones hijacked? Heart defibrillating equipment has been mentioned - what would happen if the heart defibrillation monitor, trying to trigger the impulse with the charging equipment, is instead redirected to a Belkin advertisement? You know, telesurgery exists and does depend on a reliable Internet infrastructure, consisting of such boxes as yours.

        This product has been designed to not work, despite charging good money for it. I lack words to describe how shameful this behavior is.

        Additionally, if the Belkin corporate culture is one that allows such a technical atrocity to make it to the shelves for one product, then it is obvious it may happen again, or has already happened, for other products. However, rest assured that this company will never again buy another Belkin product as long as I run the IT department.

        [signature]
        • by AmigaAvenger ( 210519 ) on Friday November 07, 2003 @05:34PM (#7420688) Journal
          Heart defibrillating equipment has been mentioned - what would happen if the heart defibrillation monitor, trying to trigger the impulse with the charging equipment, is instead redirected to a Belkin advertisement? You know, telesurgery exists and does depend on a reliable Internet infrastructure, consisting of such boxes as yours.
          ANYONE stupid enough to do telesurgery over the common internet shouldn't be allowed to operate anyway. Think about the consequences of this for a second... Yes, the whole hijacking a connection is a bad idea, but this device is used almost exclusively by home users/very small businesses. Anyone thinking they are buying the equivilent of a cisco catalyst router with this $40 POS needs their head examined (preferrably through telesurgery over the common internet!)
          • by 0x0d0a ( 568518 ) on Friday November 07, 2003 @10:28PM (#7422419) Journal
            Actually, this isn't a great idea anyway, but there are all *kinds* of things that have soft real time requirements on IP networks (granted, probably shouldn't be, but are).

            Actually, I can think of a couple of reasons this is still an issue. What if it isn't on the Internet...does the connection just get dropped?

            Does this device send out DNS queries to determine where to redirect stuff to?

            What happens if you have a test suite for a web-based application and IT just added a Belkin piece-of-junk router? Bam, mysterious failures. You could spend a week trying to figure out what the sporadic errors you're getting are from.

            What if you're using SOAP or similar software, and the software you're using doesn't deal well with mysterious crap coming back from the server?

            Belkin is a piss-poor company that sells lousy hardware and overpriced cables.

            They aren't on my "buy" list anymore, either (and I *have* purchased Belkin products in the past).
    • We have one of those 4-port DVI KVMs (F1DD104U) [belkin.com] and I have to tell you, we've gone through at least 3 RMAs on it.

      The first DVI port DOES NOT WORK at resolutions above 1024x768. On any of them.
      The LCD goes absolutely fucknuts when connected to it.

      It's sad. All of ours are being used 3x1 because of it.

      Let's face it, Belkin sucks. Cables are way overpriced. Don't ever buy anything from them.
  • by L-Train8 ( 70991 ) <Matthew_Hawk@hot ... m minus language> on Friday November 07, 2003 @03:32PM (#7419459) Homepage Journal
    What's next? Will the phone you buy occasionaly redirect your call to a telemarketer? Will your TV remote automatically switch channels to an infomercial? Maybe your car radio could redirect your listening to a clear channel station every
    8 hours. These are business models I need to patent...
    • by blamanj ( 253811 ) on Friday November 07, 2003 @03:32PM (#7419468)
      I'm looking forward to to car that randomly turns left when you turn the steering wheel to the right.
    • by Rex Code ( 712912 ) <rexcode@gmail.com> on Friday November 07, 2003 @03:55PM (#7419734)
      What's next? Will the phone you buy occasionaly redirect your call to a telemarketer? Will your TV remote automatically switch channels to an infomercial?

      My TV does change channels automatically to infomercials. I have a TiVo, and one of the "features" is that at the top level menu you'll often see ads that you can choose to watch. The TiVo grabs these late at night when it thinks nobody watches TV... unfortunately if you watch live TV around 1 or 2 in the morning you'll find yourself having to opt-out of a channel change to record "TiVo enhanced content" every ten minutes or so.

      (annoying, and I wish there was a way to opt-out of this once and for all, but I'm still a big TiVo fan, and they gotta make money to stay afloat, so I put up with it)
    • by SmackCrackandPot ( 641205 ) on Friday November 07, 2003 @04:00PM (#7419785)
      Will your TV remote automatically switch channels to an infomercial?

      Not my TV, but my cable TV set top box does. Telewest (UK) just upgraded their menu systems. Now, whenever I select the [GameZone] menu option, whichever cable channel I listen to (even the BBC World News radio) is automatically switched over to the FrontRow trailer preview - No negotiation. As soon as I leave the GameZone, the channel is automatically switched back to whatever channel was playing when I started, even if the FrontRow channel is now playing a trailer I want to see.

      It's good to see that cable TV system developers really know how to design good user interface.
    • Fry: So, you're telling me they broadcast commercials into peoples'
      dreams?
      Leela: Of course!
      Fry: But how is that possible?
      Prof.: It's very simple. The ad gets into your brain, just like this
      liquid gets into this egg.

      % Farnsworth holds up an egg, and injects a needle (filled with yellow
      % fluid) into it. That very second, the egg explodes, pelting everyone
      % at the table with egg-yolk.

      Prof.: [unphased] Although, in reality it's not liquid, but gamma
      radiation.
      Fry: That's awful. It's like
    • by pclminion ( 145572 ) on Friday November 07, 2003 @05:18PM (#7420556)
      The difference here is that your TV remote is not sending any confidential information. HTTP requests often contain all kinds of secret info (in the form of POST requests). The analogy with the TV remote doesn't go far enough.

      Imagine that that you are about to post a message on your private blog about some hot sex session you had a few nights ago (yeah, unlikely I know). As is the norm, the information will be transmitted in an HTTP POST request. This request is the one that happens to get rerouted to Belkin. Now Belkin knows all about your hot sex escapades.

      Where I come from, this is known as wiretapping, eavesdropping, snooping, or something like that. It's highly fucking illegal and whoever at Belkin thought this was a wise idea should be clapped in irons. I'm seriously considering writing a letter to a law enforcement agency about this, I'm just not sure which one to pick!

  • Usenet thread (Score:5, Informative)

    by turg ( 19864 ) * <[turg] [at] [winston.org]> on Friday November 07, 2003 @03:32PM (#7419460) Journal
    Here's the usenet thread [google.com] where this was first discussed. Especially noteable are the initial discovery [google.com], the response from Belkin [google.com] and the first response [google.com] to Belkin. After that it it's pretty much the same thing you can expect to see here on /.
    • Re:Usenet thread (Score:5, Informative)

      by Anonymous Coward on Friday November 07, 2003 @03:35PM (#7419497)
      From: ericd@belkin.com (Eric Deming)
      Newsgroups: news.admin.net-abuse.email
      Subject: Re: [OT-evil marketing] Belkin does Verislime one better - router spam!
      Date: 5 Nov 2003 15:25:28 -0800
      Organization: http://groups.google.com
      Lines: 70
      Message-ID:
      References:
      NNTP-Posting-Host: 67.98.73.254
      Content-Type: text/plain; charset=ISO-8859-1
      Content-Transfer-Encoding: 8bit
      X-Trace: posting.google.com 1068074728 22743 127.0.0.1 (5 Nov 2003 23:25:28 GMT)
      X-Complaints-To: groups-abuse@google.com
      NNTP-Posting-Date: Wed, 5 Nov 2003 23:25:28 +0000 (UTC)

      "JerryMouse" wrote in message news:...
      > Mr. Uh Clem wrote:
      >
      > [...]
      >
      > What does Belkin say when you complain?
      >
      > I'd make their life miserable until they removed the offending software from
      > my machine.
      >
      > You did not conset to this aspect of your machine's modification - this is
      > nothing less than malicious.
      >
      > Raise hell.

      I was made aware of this posting by an e-mail that was sent to
      Belkin's tech support e-mail box. Since I am a product manager for
      Belkin's LAN products and was very involved with the development of
      the Parental Control feature, I feel that I can shed some light on
      this subject. Firstly, without trying to sound too stand-offish, we
      are not talking about SPAM here. For me to clarify, an understanding
      of the Parental Control service will really be needed.

      Since Parental Control is a subscription service, Belkin wanted to
      make registering for the service very easy. Since the router actually
      will work in tandem with an outside server (Cerberian,
      www.cerberian.com) registration information needs to be collected and
      sent to Belkin and Cerberian to activate an account. Traditional
      methods of registration, such as asking the user to go to a website or
      navigate to the Router's internal Web page to enter information didn't
      meet the ease-of-use goal. We elected to re-direct one http request to
      the "Register Now" reminder page. (There is a link in a previous
      posting if you want to see it) This page asks the user to register for
      the service for a free 6 month trial. Now, granted this looks like an
      ad. It should, it is intended to be informative and easy enough to
      understand. At this point, the user can register or click "No Thanks".
      Clicking "No Thanks" sets a flag in the Router to stop the Router from
      re-directing every 8 hours to the reminder page. (Again remember, only
      one http request every 8 hours). Admittedly, there is no controlling
      which computer on the LAN this message will pop up on. If the user
      just closes the window without clicking "No Thanks", then the flag is
      never set, and the reminders will continue. Now, if you are the type
      that doesn't want to click the "No Thanks" button, then no problem.
      Navigate to the Router's internal web interface (default IP =
      192.168.2.1), click on the Parental Control menu. In the Menu, select
      "Don't Remind every 8 hours" (This phrase actually varies a bit, but
      you get the idea) then click "Apply Changes". DONE. Nothing to it. By
      the way, this procedure might have to be done if your router is behind
      a firewall. Reason: filter.belkin.com sends a response to the Router
      to set the flag. Firewalls will block the response. This might explain
      the problem in a school for instance.

      We did this not to be evil, we did this to make sure that any
      non-techy person (part of our target audience) would have ample
      opportunity to opt in or out of the free 6 month trial of the Parental
      Control feature. The Router doesn't collect information on you and
      send it to Belkin. We don't have the ability to SPAM you at a later
      time if you select "No Thanks" or turn off the Reminder manually. I
      know this feature might be misunderstood and might PO some people. I
      know the manual could do a better job explaining it. These are all
      things that we at Belkin are working to remedy.
    • Re:Usenet thread (Score:3, Informative)

      by Cramer ( 69040 )
      Quoth Belkin:
      • This was by popular demand.

      Bullshit. I'm certain no one has ever asked for their router to randomly redirect an http session for a "Parental Controls" feature. What people wanted was the PC feature, not a router that interferes with network traffic.

      Now, if it were the default behaviour following the firmware update to redirect *ALL* http sessions until the feature is configured (yes/no/demo), then this would be acceptable. Stealing one connection seamingly at random is broken behavior for

  • That is insanity (Score:5, Interesting)

    by tekiegreg ( 674773 ) * <tekieg1-slashdot@yahoo.com> on Friday November 07, 2003 @03:32PM (#7419462) Homepage Journal
    Ok if I buy say a Book from my favorite online bookstore and get it shipped UPS, I'd expect it to arrive as a book right?

    But what if every one in 100 times, UPS thinks I might like a corporate logo bumper sticker instead of my book, they throw my book into the eternal void, and give me a UPS bumper sticker instead. I'm supposed to like this?

    Bottom line: When I ask a package to get delivered, and for a certain package to be received, I WANT that package, not what they think I want. Whether it's a TCP/IP packet, or a book. I fail to see the difference here.

    Bottom line, thanks to Slashdot I'm not buying my routers from Belkin (not that I'm a telecom person, but still I'd be careful if I ever had to).
    • by Zathrus ( 232140 ) on Friday November 07, 2003 @04:08PM (#7419875) Homepage
      Bottom line, thanks to Slashdot I'm not buying my routers from Belkin (not that I'm a telecom person, but still I'd be careful if I ever had to).

      This is their wireless router -- it's made for home use, not for telecomm use.

      And don't just not buy routers from Belkin. Don't buy anything. No routers, no cables, no USB hubs, no keyboards, nothing. Belkin makes a great deal of stuff -- boycot all of it. There's not a single product they make that they don't have competition for.

      And let them know about it too. Email them (look here [belkin.com] for the appropriate regional sales address) and tell them that you will no longer purchase their products until they apologize for doing this, put out a patch to fix it, and promise to never do anything along these lines again. Yes, I've already sent my email.

      I've got a decent number of Belkin products... they're decently made, and often available for a good price. But there's no way I'll purchase anything from them at this point if I can't actually rely on the product to do it's intended purpose. And that's what this boils down to -- you have a router that doesn't route properly.
    • by Smidge204 ( 605297 ) on Friday November 07, 2003 @04:19PM (#7419985) Journal
      This brings up an interesting point, though I don't know if the parent intended to make this point or just a joke/analogy out of it.

      Since the router doesn't descriminate over whith HTTP request it overrides, what happens if it intersects a privacy-sensative transaction?

      For example, if someone goes to pay thier bills online, enter thier biling info, click "submit"... then suddenly get an ad... what ramifications might that have?

      That's a little more worrysome than getting an ad instead of some random page I might be trying to visit...
      =Smidge=
  • great quote (Score:5, Interesting)

    by mrpuffypants ( 444598 ) * <.moc.liamg. .ta. .stnapyffuprm.> on Friday November 07, 2003 @03:33PM (#7419469)
    In response criticism, a Belkin product manager came forward this week to confirm the behaviour was designed into the products as a way to make it easier for consumers to sign up to a free trial of its parental control software.

    Also in the news: the American council for airbags has been hitting people randomly in the streets to make it easier to appreciate their products. Thanks!

    Seriously, though, I don't 'get' how a company could think this would endear themselves to their customers. If Cisco pulled this shit on its customers and made all their routers randomly direct to their brand-new VPN product I think it'd make people stop using Cisco FAST
  • use a real router (Score:4, Informative)

    by donnyspi ( 701349 ) <.junk5. .at. .donnyspi.com.> on Friday November 07, 2003 @03:33PM (#7419476) Homepage
    Take an old Pentium I and put Smoothwall [smoothwall.org] on it. No more Belkin and Netgear routers you get for $50 at Circuty City.
  • Redirect hardcoded? (Score:5, Interesting)

    by nizo ( 81281 ) on Friday November 07, 2003 @03:34PM (#7419479) Homepage Journal
    Is the address it redirects to hardcoded, or can the router get hacked and a new address put in? Now that would be good PR for Belkin, someone hacks the router and redirects all web traffic to some porn site.
    • by mrpuffypants ( 444598 ) * <.moc.liamg. .ta. .stnapyffuprm.> on Friday November 07, 2003 @03:49PM (#7419664)
      According to a unet link posted earlier in this thread the router gets a request from 'filter.belkin.com' that will enable/disable the 'feature'. So apparently there's a call that you can make over HTTP that will manipulate the router w/out a login. Now that's secure!
    • by mikeswi ( 658619 ) * on Friday November 07, 2003 @03:51PM (#7419686) Homepage Journal
      Totally theoretical, yet based on a hundred browser hijackers we've discovered at my site.

      1.) Send a spam mailing which loads a java applet when opened.

      2.) The java applet exploits the ByteVerify hole in an older version of M$ Java VM to drop a bad HOSTS file on the now-infected machine.

      3.) Belkin router hijacks an HTTP request to their site, but the HOSTS file redirects that hijack to the second hijacker's site.

      4.) The new hijacker's site can either be a pay-per-click search portal, or it can host more trojans to exploit a machine already proven to be out of date on its security patches.

      This is not an extreme example at all and could be done very easily. I see this shit every day at my site's support forums.

      When Verisign hijacked all mis-typed domain name queries, we started seeing a large number of trojans dropping bad HOSTS files that redirected sitfinder.verisign.com to their own sites.
  • Not in my house (Score:3, Interesting)

    by roninmagus ( 721889 ) on Friday November 07, 2003 @03:34PM (#7419487)
    Well, guess I won't be using any Belkin routers.

    From the article:
    "In response criticism, a Belkin product manager came forward this week to confirm the behaviour was designed into the products as a way to make it easier for consumers to sign up to a free trial of its parental control software."

    Soooo.. it's spam, then. What a way of putting it mildly.

    Should read:
    "In response criticism, a Belkin lackey admitted a confirmation this week that the router will hijack an HTML request in order to advertise their product, for your convenience!"
  • by msuzio ( 3104 ) on Friday November 07, 2003 @03:36PM (#7419512) Homepage
    I really cannot believe this. This doesn't concern me as a censorship issue (doesn't appear as if censorship is built into the router itself... but without details on exactly how this parental control works, don't really know). It concerns me as a pure *annoyance* issue. I would absolutely flip out if my router dared to do this!

    Everyone at Belkin should be ashamed of themselves. How could an engineer do this? He should be flogged with a cat-o-nine tails of twisted pair wire... this is evil, evil, evil.

    Oh, and to the Belkin Marketing Department: Kill yourselves. Suck a tailpipe, hang yourself, borrow a gun... rid the world of your evil machinations. [ Just planting seeds [billhicks.com] ]
    • Re:Oh, this is bad (Score:3, Insightful)

      by Tim C ( 15259 )
      I would absolutely flip out if my router dared to do this!

      I'd return it as defective, which it is (in this case by design).

      I request that it route packets to and from a given IP address, and instead it routes them to/from another. That meets my definition of a defective router.
  • by downix ( 84795 ) on Friday November 07, 2003 @03:37PM (#7419516) Homepage
    I recall an old arguement against censorware was just this kind of intrusion.

    The next step, of course, is for a hacker to hijack this "feature" and dump all of a routing companys customers to child porn, warez sites, or nigerian scams galore.

    Then there is the temptation of the companies themselves, "You can turn this feature off only by submitting a valid e-mail address." Then they sell off these addresses to spammers worldwide for a profit.

    This kind of stuff is worse than big brother. At least in 1984 they didn't force commercials down your throat.
  • by mrAgreeable ( 47829 ) on Friday November 07, 2003 @03:37PM (#7419520)
    Keyboards that occasionally type "www.belkin.com" when they detect you're typing a URL. (But you know, not more than once every eight hours, so it's OK.)

    USB mass-storage devices that randomly delete files and replace them with .jpgs of happy people using Belkin products.

    PC Speakers that say "Shop at Belkin!" every couple of minutes.

    etc...
  • by Dr. Bent ( 533421 ) <ben.int@com> on Friday November 07, 2003 @03:38PM (#7419538) Homepage
    With the dizzying array of routers available for purchase, I've often been befuddled by the sheer number of choices that I have when buying new equipment. Which one is better? Why is this router $10 less than this other one when they appear to do the same thing? Which manufacturer should I trust with my data? With razon thin profit margins, and fierce competition in the IT hardware industry, such choices have become extremely difficult.

    It's comforting to to know that Belkin has recognized my problem, and has stepped forward in an effort to solve it. They make it so much easier by saying...

    "If It's Belkin, You Don't Want It!"(tm)

    Thank you Belkin. With your new forward-thinking "Don't Buy Our Stuff" policy, I will be sure to stay on the lookout for other products that you offer, so that they can assist me in making difficult purchasing choices even easier.

  • This is typical. (Score:4, Interesting)

    by Cytlid ( 95255 ) on Friday November 07, 2003 @03:40PM (#7419561)
    This is your typical "Tech vs. Non-Tech" argument. The manufacturer did something to appeal to Non-Techs, and it offended many Techs. Hmm.. wonder if the whole Windows vs Linux thing falls into this category...

    I just wish Belkin would offer firmwares/hardware *without* the "feature". Any hijacking of routed packets is wrong. Sort of like saying ... well, when you first buy your car, at some point it will drive itself to McDonalds, unless you tell it "no thanks". Oh and it might randomly do this in the future unless you turn the feature off. Regardless of wether you like McDonalds or not, we had added the feature out of popular demand...
  • by SharpFang ( 651121 ) on Friday November 07, 2003 @03:40PM (#7419563) Homepage Journal
    Emergency rescue team takes a patient to hospital. The patient is in critical state. Suddenly the driver pulls over and exclaims: "We're at the bar that is owned by our hospital manager. Would you like a hamburger?" "For god's sake, I'm dying! Do I look like I wanted a hamburger?!" "Okay, as you wish, but remember, that are best hamburgers in town!" and the driver resumes his way to hospital...

  • by winkydink ( 650484 ) * <sv.dude@gmail.com> on Friday November 07, 2003 @03:42PM (#7419579) Homepage Journal
    "I know this feature might be misunderstood and might PO some people. I know the manual could do a better job explaining it. These are all things that we at Belkin are working to remedy."

    Oh please.

    [grabs crotch] Remedy this!

  • by Anonymous Coward on Friday November 07, 2003 @03:46PM (#7419623)
    Consider that a user is in the midst of filling out a long string of forms. After hitting the submit button, the next HTTP request directs them to this AD instead of the intended web form. Their form chain is broken, and there is potential data loss, as the customer has to start the forms over again. This is a VERY bad precedent to set. If it was the very first page served by the router, that could be different... the first time I tunred on my home router it directed me to a welcome and setup page... which is quite different.

    just my $2/100
  • by suss ( 158993 ) on Friday November 07, 2003 @03:47PM (#7419632)
    After a 18 hour operation, a router was removed from a belkin representative's rectum. When asked how the hardware device got there, all the man could say was "No. More. Spam. I. Promise...."

    During the operation, the heart monitor seemed to have contracted a strange glitch; every 100th heartbeat a message about "Herbal Penis Enlargements" would pop up, blocking the stats"


    Belkin belongs on fuckedcompany.
  • by extrarice ( 212683 ) on Friday November 07, 2003 @03:53PM (#7419705) Homepage Journal
    I found this quote from Eric Deming in response [google.com] to the original newsgroup posting [google.com] quite interesting...

    [quote]
    By the way, this procedure (disabling the nagware in the router web-config) might have to be done if your router is behind a firewall. Reason: filter.belkin.com sends a response to the Router to set the flag. [/quote]

    So Belkin deliberately left a configuration on the router to be modifiable by someone without proper authorization (the owner of the router or the network admin)? Absolute genius. Destroy your company's reputation 100% in one easy step: the backdoor(s) will piss of the geeks, and the nagware-advertising will piss off Joe Sixpack.
  • by scrytch ( 9198 ) <chuck@myrealbox.com> on Friday November 07, 2003 @03:54PM (#7419720)
    Belkin (verb) - To serreptitiously alter a product in such a fashion that legitimate use is hijacked to the benefit of the manufacturer or associated beneficiaries, usually in a crass self-promoting fashion.

    It's a decent start at a definition. One could say "I installed this topdesk thing which totally belkined my browser". Let's make their name synonymous with bad behavior.
  • by Saint Aardvark ( 159009 ) * on Friday November 07, 2003 @03:55PM (#7419732) Homepage Journal
    The ISP [dowco.com] I used to work at did this. They made a deal with a company called Adzila (one L, as I recall) that routed dialup traffic through a caching proxy web server. Stuff like Google's page would have a Dowco (or someone else's) ad at the bottom of it, or one of (say) the New York Times' ads would have one of ours susbstituted.

    I was pretty unhappy with this, but was unable to convince my bosses that this was evil or risky. The company had apparently convinced them that they had checked it out with their laywers, and because they weren't changing the site's HTML -- they were putting outside Google's final </html> -- they were safe. (Never got an answer about substituting ads.).

    I don't work there anymore, but last I heard it's still going on, and there's a few ISPs, at least in Vancouver, that are doing this. Scary.

  • by frovingslosh ( 582462 ) on Friday November 07, 2003 @04:01PM (#7419799)
    I'm a Belkin Wireless router owner and I've never seen this problem. To be fair, one reason I might not have seen this problem is that I could never get the router to keep working long enough to see it. Even for the wired connections it would lock up frequently and completely lose track of time (important for this router since it supports time of day options, but you gotta figure something is wrong when it suddenly jumps back to the last century). Belkin "support" is worthless and would not even acknowledge several e-mails.

    The device was replaced with another brand that works fine. Off line and collecting dust, I've never had a problem with it hijacking my HTML and inserting ads. Now I have another reason to not buy a Belkin product again, but I hardly needed one.

  • by Experiment 626 ( 698257 ) on Friday November 07, 2003 @04:13PM (#7419930)

    It's annoying enough to know that when you're sitting at a computer using a browser to surf the Web, a couple requests a day will get hijacked to the spam site.

    But what about automated HTTP requests? You might be running some script to wget the latest greatest kernel source and instead it downloads a piece of spam. The hijacked HTTP request might come in the middle of a Gentoo build, or as you mirror a Web site and have a page replaced with an advertisement. You could be tunneling some other protocol over HTTP, and then who knows what this would do.

    Very stupid and annoying of Belkin. If they wanted to make their parental control thing so easy to use, just include a CD that says "Put this CD into any computer on your network to enable parental control on your new Belkin router!" Newbies can figure that out. I don't want my own router launching some kind of spoofing attack on me three times a day just so I can view more spam.

  • Ease of use? (Score:3, Insightful)

    by Mundocani ( 99058 ) on Friday November 07, 2003 @04:14PM (#7419934)
    What I love is Belkin's claim that they did this because having somebody visit a page violated their "ease of use" requirement. What a joke! As if people can't type in a URL after reading a leaflet included in the box? Are they aware that people type URLs all the time without trouble? They could even install a desktop shortcut to make it even simpler.

    Then their letter goes on to explain how to disable the feature in the router (so you don't have to wait to be randomly redirected to the ad), and the instructions are quite vague: navigate to 192.168.2.1, find the setting which says something like (they don't give exact wording or where to find it, just vague directions), and turn it off. Where's the "ease of use" in that? Are they suggesting that this should only be turned off by advanced users and that naive users should simply sign up for their services?

    Why can't they just admit that they wanted to prominently promote their subscription-based service? It's not like it isn't obvious what they're up to or anything.
  • by Blue23 ( 197186 ) on Friday November 07, 2003 @04:18PM (#7419974) Homepage
    "Belkin support, how can I help you?"

    "My router every once in a while replaces my URL with one for Belkin parental controls."

    "That's correct."

    "But I just spent half an hour filling out the web form, and it doesn't cache, so I have to do it all again."

    "You can turn off parental controls by clicking on 'No thanks!'"

    "So this is intentional?"

    "Yes sir, it's a service to you, provided at no extra cost. It also comes with a free 6 month trial."

    "But a router is supposed to ROUTE."

    "It can do that, if you change the configuration."

    "So, it comes intentionally misconfigured to fail once every eight hours?"

    "It's not failing, it's offering a service."

    "So it's spamming me."

    "It's not spam."

    "Why not?"

    "Because we're offering you a service you might not know about."

    "So it's intentionally misconfigured to send me spam on something I didn't request any information for, dropping my URL and information in the process?"

    "Well, yes."

    "You should really just kill yourself."

    "You're right. Goodbye."

    *BANG*

    "Dang, should of told him to kill the marketting department first. Well, I can always call back..."

    =Blue(23)
  • by Jouster ( 144775 ) * <slashdot AT angelfaq DOT com> on Friday November 07, 2003 @04:20PM (#7419999) Homepage Journal
    ...and spoke to someone in India who had no clue what I was saying and even less clue why I was upset about it. She kept telling me how to turn it off. I told her, "I've already turned it off! My issue is that it happened in the first place!" She told me how to turn it off. I hung up.

    Glad to see someone else is pissed off about this. I turned it off in my router, got mad for an hour or so, and went on using my router.

    Coincidentally, Belkin routers can't work with arbitrary MTU's over PPPoE, in case anyone needs further reasons not to buy them. I won't be buying another, even though mine works okay, sort of (I'm the netadmin for my ISP, so I can futz with things to make it work despite itself).

    Jouster
  • by Kaboom13 ( 235759 ) <kaboom108@NOsPAm.bellsouth.net> on Friday November 07, 2003 @04:31PM (#7420108)
    Sleazy tactics like this aren't going to end. Theres only one solution. We need to sit around and think up every sleazy, disgusting, wrong, and dishonorable tactic someone could use to pervert the internet and it's standards to make a buck. We take that list, and patent it.
  • Interesting! (Score:3, Insightful)

    by pclminion ( 145572 ) on Friday November 07, 2003 @04:38PM (#7420160)
    So here's the sequence of events as I understand it:

    1. Client initiates a connection to www.my-private-site.org on HTTP port.

    2. Client is silently redirected to Belkin's site.

    3. Unknowing client sends the HTTP request, a POST request which contains some sensitive information.

    4. Belkin has now hijacked a connection and received sensitive information that was not intended to go to Belkin.

    Logically the thing to do is prosecute Belkin under federal wiretapping and computer crime laws.

  • by Just Some Guy ( 3352 ) <kirk+slashdot@strauser.com> on Friday November 07, 2003 @05:03PM (#7420429) Homepage Journal
    I swear to $DEITY, if 'apt-get dist-upgrade' ever gets me a Cisco-branded version of Mozilla by way of an HTTP hijacking, Jon Katz will be compiling a book of Slashdot comments about how I walked into their front office with a shotgun.

    Did they even consider the potential liability issues when they came up with this scheme, or did they just say, "hey, let's roll with it"?

  • by orthogonal ( 588627 ) on Friday November 07, 2003 @05:12PM (#7420508) Journal
    We're all part of the public, aren't we?

    Contact:
    Melody Chalaban,
    Public Relations Manager
    Belkin Components
    501 W. Walnut Street
    Compton, CA 90220
    melodych@belkin.com
    (310) 604-2347 direct
    (310) 898-1107 fax
    www.belkin.com

    (this is (unless you get redirected by your router) publicly available information at www.belkin.com)
  • by PurpleFloyd ( 149812 ) <zeno20@ a t t b i.com> on Friday November 07, 2003 @06:30PM (#7421213) Homepage
    One thing that bothered me when reading through the descriptions of what this "router" does that nobody seems to have mentioned yet: what if some 31337 hax0r manages to crack Belkin's ad server? It wouldn't be difficult to change the page to exploit an IE bug and slip a Trojan onto unsuspecting users' machines - bingo, every new Belkin customer (and all those who haven't turned off the "feature") becomes a DDoS zombie, spam mailserver, or something else unpleasant.

    Belkin hasn't just abused customers' trust and falsely advertised this piece of trash as a router, they have also opened up security holes for no other reason than advertising censorware. This behavior isn't just wrong, it's despicable.

  • by FearUncertaintyDoubt ( 578295 ) on Friday November 07, 2003 @11:19PM (#7422566)
    Just got this from Eric Deming. Funny, he's working late tonight!

    From: Eric Deming [mailto:EricD@belkin.com]
    Sent: Friday, November 07, 2003 10:05 PM
    Subject: RE: defective router

    Please be advised, we are working on this issue. Here is text from our latest posting to NANAE on google. It just went up, so it may not show up for a while.

    All,

    We at Belkin apologize for the recent trouble our customers have experienced with the wireless router/browser redirect issue. We unintentionally overlooked the effect this feature would have. We never intended to compromise the trust of our customers, and we never intend to do so in the future.

    We are taking responsibility for this, and we will be offering firmware fixes early next week. We do not have exact details yet as we are still working on them, and will continue to work on them over the weekend. What we can tell you now is that each Router's firmware that incorporates Parental Control as an option will be changed.

    I'll keep posting as things develop. Stay tuned...

  • by orthogonal ( 588627 ) on Saturday November 08, 2003 @08:52AM (#7423653) Journal
    In response to my letter of indignation to Belkin, I received the same form letter many of you have received, signed by

    Kannyn MacRae,
    Business Unit Manager, Networking
    Belkin Corporation

    The letter makes it clear that Belkin still doesn't get it. The letter isn't an apology, it's an explanation, an excuse for Belkin's reprehensible conduct, and it's full of spin - that's the polite way of saying misinformation, which is the polite way of saying lies.

    The letter begins by claiming that "a group of privacy advocates have targeted Belkin Routers". That's not the case at all - a single user posted [google.com] an explanation of Belkin's router's hijacking, and asked if anyone knew any more about it, in the usenet group news.admin.net-abuse.email. No group was involved, and there was no targeting.

    The letter continues with a claim that "[t]he Parental Control registration page is not spam, adware or spyware. It is part of the setup process of the router. It does not "hi-jack" the browser." It is, apparently, part of the set-up process, but that's spam in and of itself: the user hasn't purchased Belkin's "Parental Control", but in the process of installing what he has purchased, the user is forced to sit through an advertisement for another Belkin product, whether or not the user has requested this advertisement. That's the essence of spam.

    (And yes, I know that businesses like to claim that unsolicited advertisements are not spam if there is a "pre-existing" relationship with the customer, but that's bunk. Buying a product does not involve an implicit agreement to surrender my time to the manufacturer.)

    Even if you're willing to by the argument that installing a product should be made more complicated and time-consuming by subjecting you to advertising, the reason that Belkin's received so much unfavorable publicity is not a one-time ad at install. The problem is the ads repeat indefinitely, every eight hours, until you, the user - Belkin's valued customer - takes some action to make them stop. And this is the same as he sneering spammer who sends you unsolicited email with a "click here to opt out" link. Not only does it steal your time, it steals more of your time before you can make it go away.

    The letter goes on to state that "nor does Belkin have the ability to advertise to our customers using our routers as a conduit."

    Wait a second, lady. This whole brouhaha started because Belkin continues to use its routers as a conduit to deliver customers to its ad for "Parental Control" every eight hours. If your routers didn't have that ability, we wouldn't all be telling you why we're not going to buy Belkin products anymore. This is a blatant lie, and an insult to the intelligence of anyone reading it. The page the router delivers users to is an ad. It's a solicitation to do additional business with Belkin.

    The letter also claims that "[i]f a customer clicks "No Thanks" on the first prompt, the for Parental Control signup will no longer appear." Not entirely true. Belkin Manager Eric Deming admitted in a usenet post (since cowardly cancelled, but mirrored here [stevesobol.com]) that clicking "No Thanks" won't work for users behind firewalls. It also appears that the "No Thanks" gets reset if the router is reset, and anecdotal evidence suggests that the (low) quality of Belkin's routers makes resetting rather more usual than it should be - possibly as often as every 20 minutes [cnet.com].

    The letter ends on a surreal note, "[the Belkin advertisement web page] is not a browser pop-up, this means that the Parental Control web page will only be displayed if the user opens the browser". Huh? It's not a br

Children begin by loving their parents. After a time they judge them. Rarely, if ever, do they forgive them. - Oscar Wilde

Working...