This is what happens...
...when they get away scot free doing illegal interceptions. They just do what they want.
BT is annoying business broadband customers by hijacking their browsers to nag them to download a branded desktop utility. The firm has decided it simply must tell subscribers about "Desktop Help", which it says allows it to fix users' technical problems remotely. To that end, it is redirecting HTTP requests to its own …
...when they get away scot free doing illegal interceptions. They just do what they want.
First they try and collect on their absurd hyperlink patent. Then they introduce Phorm in secret to see if they can "monetize" their customer base (as if regular payments for services wasn't enough). Now it's man-in-the-middle spamvertising.
Thank you Thatcher and the other dimwit Britard politicians for unleashing this beast!
What's the difference between then and now? Well now there are other companies people can move their business broadband to, and BT risk losing customers by their actions. If we had the state monopoly? Well in that case you'd be screwed, because there would be the state-owned monopoly phone company and nothing else. They would have been able to do this with the impunity granted by government sanction.
And don't try the argument that a state-owned company wouldn't do things like that. Of course they would. The government would just love to have that level of "monetising", not to mention all the monitoring they could do. Witness the level of insane monitoring that the EU wants to enforce on us all, and the even more insane level of monitoring that our own government wants to add on to that.
Your knee-jerk reaction against privately owned companies is obviously born from either a lack of understanding or simple prejudice.
Apparently you've also never had to deal with state-owned BT or you'd know they were shit.
Imagine if your courier firm started opening your business post, taking out the letters, and stuffing the envelopes full of junk mail before giving you your mail later.
BT have lost the plot.
My suggestion would be that everyone who had to devote resources to this should send BT a bill for the time and inconvenience of having to sort out their mess.
classic example of man in the middle attacks. Bravo for alerting your customers to their susceptibility!!!
Would that work in this situation?
surely the VPN traffic (assuming it's running on Port 80 or 443) would just get redirected as well and break the connection - true it would stop BT spying on what you are doing, but it wouldn't help with the connectivity issues as shown in the article by the Backup systems failing.
The attack is probably done by randomly returning the wrong DNS queries or HTTP location headers.
Either way a VPN which includes DNS would bypass anything BT could do to a connection. Or use any old VPN and openDNS.
My understanding with this is they are inspecting the traffic flowing from their customers (which in itself is a whole other discussion!) and only redirecting web calls (http) on port 80?
Frikkin' out of order either way.
Except that this point seems to have been missed by most of the customers.
(Yes, your backup failed *this* time, but next time they will all *succeed*. Bwuhaha!! All your backup are belong to us.)
So, their relationship with Phorm has born fruit after all!
"This is absolutely unacceptable behaviour BT and signals the end of our custom. My Director is making the termination call right now."
I want one of these directors. Where can I get one? I've only ever come across useless directors who are a waste of space.
Oops. Better make this anon...
Would have not used BT in the first place.
So BT is ... intercepting ... and changing ... your data without your consent...
Now that has a familiar ring to it, has it not? Smells of a rather phishy phormula to me...
this must be illigal or at least in violation of somthing
It's all well and good to tell people to click a few buttons to get rid of the page but how the hell is a web server supposed to know that!
It took me over 2 hours to discover why my Web server was not responding the requests... and then I find some f*cking BT redirected spam page is causing the problem...
Do BT not realise businesses use their BUSINESS broadband connection for web servers.
Total IDIOTS! and one less customer when the contract finishes in a few months.
Any reason why it shouldn't finish in a few seconds? I mean, aren't they in breach of contract?
I thought it was pants just seeing the annoying thing, but I hadn't considered the automated side of things.
To be fair BT are good at some things. When they screw up they do go all out..
Yeah... all out to the bank with your money.
...and I'm never going back.
I was *almost* tempted by fast 20mb ADSL ... until I realised the local exchange wasn't upgraded and I could get the same service (i.e. not very good) from Virgin.
Surely most businesses have their own tech support anyway? Or are they trying to pimp "small business tech support"?
After the Phorm fiasco, is anyone really surprised at BT doing this?
They charge premium prices for a sub standard service, only to spy on you and now spam you.
Anyone still getting their broadband from BT needs their bumps felt.
Really pissed me Off
DNS hijacking is what it amounts to
They used this method to inform one of our customers that their broadband service had been upgraded.
But did fail mention this broke compatability with their old router and they lost their static IP address (luckily on pop mail) and then got a call in a week later saying that 1 of their staff couldnt VPN in !!!
This is "possibly" acceptable on a home line but not business lines
Also very pissed off customer debating on wether to start suggesting other providers
"Also very pissed off customer debating on [a castrated ram] to start suggesting other providers"
Couldn't help it :)
I usually do a nice line in sarky comments for this kind of idiocy. But this is just beyond belief. How can they be so *stupid*? Did not one single one of the people involved stop for an instant and think about what they were doing?
"as when trialled it did allow us to successfully communicate the availability of Desktop Help to a large number of customers"
Well, yes. It could also "communicate the availability" of Viagra and penis enlargers. BT have just proudly and publicly announced that they have placed themselves in the same category as all the other spammers. But actually hijacked their paying customers to do it.
I see a need for El Reg to introduce a 'Batshit Insane' icon.
first one is
to BT , there seems to be no longer a concept of the customer paying for a service
they are now "revenue unit" where you push any old crap at like spammers do, the return of a few tenth of a percent responding positively makes "commercial sense" to them
the fact they will P!55 off more is ignored
the second one is
would you allow BT remote access to your computers rather than internal I.T?
just read the forums (if BT have not cleansed all the negative comments) about the issues with indian call centres causing more problems than they fix, due to reducing security setting, setting things back to factory defaults and removing setting where people have secured their systems
i left BT due to phorm and DPI
they just seem to love giving people a reason to leave
everyone should get LLU broadband so they do not traverse any BT network kit
and finally watch out for long term contracts designed to lock you into an ISP, as if you dislike what they do, like above it is difficult / expensive to move to a new isp
Use a proper ISP that won't force this (or any) kind of idiocy on you.
USE ZEN INTERNET!
If you want a proper, tamper free, rock solid, non-shaped internet connection with support that know what they're talking about, Go with Zen!
OK, that's three things (four if you include this), but it still stands.
I'm sure they'll be doing the same with phone calls soon.
Gran: "hello Lindsey, darling"
BT Goon: "shut up bitch, listen Lindsey, we need to tell you about this great new product called Viagra"
Lindsey: "hello? What?"
BT Goon: "it will only take 5 minutes of your time, listen I need you to go to your pill cabinet and tell me if you have any bottles marked 'Viagra'"
Lindsey: "who the hell is this, where is my grandmother?"
BT Goon: "look we can do this the easy way or the hard way, the longer you dick me around the longer your gran will have to wait on hold, okay?"
I was just about to comment that I have BT Business Broadband and haven't seen this.
Then I remembered, I switched to Utilities Warehouse consumer broadband 6 months ago.
Feeling very smug now :)
You'll be feeling less smug when it goes down while you run your business on a residential service with no SLA - and paying through the nose for it.
No one who takes their business seriously runs it on a residential product!
Whilst I know it will not work...
Apparently Sharon Stone is one of the NEDS at BT.
Woof Woof Woof.
Oh, bugger.... That will be Patricia Hewitt then... :-(
If I was suffering from BT I would argue that this counts as a fault with the service purchased, therefore I should stop paying for the "service" until the fault is corrected. Any day on which this fault occurs is part of the ongoing fault. This will cost them a lot more than the crapvert is worth to them.
There is a further argument that the fault is deliberately induced and malicious but that is rather harder to make stick.
Every affected business should also make a complaint to Ofcon, not that Ofcon will do any good but they will cost BT a fortune in bureaucratic bungling and paperwork which is their real regulatory weapon.
There is a reason British Telecom is slang for "out of order".
I strongly suspect that this was thought up by the same numpty who dumped those Davina messages in our answerphone mailboxes.
Their reasoning then was that it didn't matter if you were registered with the TPS to not get sales calls - as it was 'dropped into the voicemail box' so wasn't a phone call...
It strikes me that they're desperately trying to wriggle around every regulation and rule that they have.
Belkin tried the same thing with their routers many years ago, and also suffered for their mistake
But...wasn't his mother a bozoette at college?
Have these BT smucks never heard of "in-Phorm-ed consent"?
what with third party marketing calls "on behalf of BT" to get around the TPS and SCG listings, I've had more'n enough fo BT. Think I'll be moving back to Post Office telephones before very much longer...
The early plans were to have interstitials - but it was abandoned. Cos it might be annoying for users.
You have to wonder whether BT have adopted phorm technology after all ... or if they are just plain stupid.
I'm not sure that's an either/or.
Someone phone Kent !
A great distraction that was - spending a half-hour in BT Business Broadband forums (which are hosted in the US for some reason - don't BT have any webservers in the UK? and run at least 4 tracking scripts - obviously for statistical purposes only and not target advertising, oh no)
Some of the crap that BT foist on their customers is legendary. Everyone should look!
Now IANAL, but, from the computer misuse act 1990, as amended by Police and Justice Act 2006:
3. Unauthorised acts with intent to impair, or with recklessness as to impairing, operation of computer, etc.
(1) A person is guilty of an offence if—
(a) he does any unauthorised act in relation to a computer;
(b) at the time when he does the act he knows that it is unauthorised; and
(c) either subsection (2) or subsection (3) below applies.
(2) This subsection applies if the person intends by doing the act—
(a) to impair the operation of any computer;
(b) to prevent or hinder access to any program or data held in any computer;
(c) to impair the operation of any such program or the reliability of any such data; or
(d) to enable any of the things mentioned in paragraphs (a) to (c) above to be done.
(3) This subsection applies if the person is reckless as to whether the act will do any of the things mentioned in paragraphs (a) to (d) of subsection (2) above.
I looked at BT's terms of service, and there is nothing in them that allows for BT to modify their customer's traffic, so this is almost certainly unauthorised. Basically, if BT borks anyone's automated backups/firmware updates/HTTP pulls from web databases etc in any way shape or form with this then they are probably guilty of recklessness within the means of Section 3, subsection 3 of the computer misuse act and are therefore criminally liable.
It would also be interesting to see how this is implemented from anyone who has log files of this happening - is it a DNS forgery, or an IP spoof? I assume they run their own DNS servers, so they may get away with that. If they spoof the IP address then they are probably in even more trouble, as they would then be dishonestly representing themselves as another web site, and may be exposing themselves to liability for some kind of fraud/dishonesty/forgery offence too.
The "T" in BT stands for Teflon.
The shit never sticks.
Shouldn't businesses really be using a service like open dns or even hosting their own servers rather than relying on shit from the likes of BT - it's like using a vagrant for child-minding because they're always available so must be reliable.
I'd be interested in knowing how they do this latest stunt though.
Of "highest standards of ethical conduct" as promoted by BT Group CEO Mr Livingston.
Yet more proof that this "The Way We Work" spin is just complete and utter b******s.
Didn't get this with our BTNet connection. If you have a ghetto 'broadband' connection which is just a home ADSL connection with a slightly better SLA then you are really not the sort of business BT is likely to care about losing.
I had a hugely irritating call to a TPS registered (non BT) business line.
I insisted on being connected to a supervisor/manager in the Indian call centre. I eventually spoke with a Rajesh Sharma who is on 0870 7766775, and made my feelings very plain.
He told me that they bought-in the database! If true, so much for due diligence.
I suggest that anyone who has been buggered about by this crass stupidity / flagrant breach of UK Laws calls that number and lodges a complaint. I know it's a broadband/ISP issue, not phones, but the hassle value should really strike home.
Can somebody explain how BT have done this? We're (unfortunately) using BT Business ADSL in our office but haven't noticed any issues. I suspect they're manipulating DNS requests, and seeing as we run our own BIND server we bypass ISP fucking around like this. It's also nice to be able to flush your DNS cache when needed, instead of waiting for everything to propogate through the ISPs cache.
However it works, it's definitely a major fail.
I remember it because I had to fix my Dad's computer for him (as the tame family geek), and he'd put in the BT disk when he signed up rather than getting me to set it up manually for him. Getting rid of desktop help (which kept randomly firing itself up) was actually harder than getting rid of the damn dialler software that I was cleaning off!
Now there's a reason to be glad not to use dial-up any more, no more trojan diallers...
Anyway, as someone else said, having spoken to the numpties in their call centre in India I'd never trust them in a million years with remote access. Whereas the old UK call centre actually had some decent people, who could move off the script if required.
This really is crap, and on a business tariff they really ought to know better than to encourage random users to install crap on their machines - and that's before we even get to the stupidity of launching a man-in-the-middle attack on your own customers!
I hope Offcom come down on them like a ton of bricks, but I'm not holding my breath.
We have loads of customers whose businesses rely on the internet but it's all behind the scenes.
Their software connects to their suppliers and customers sites and they depend on it.
They never got the browser prompt because they don't use the "Internet" in the conventional sense, they just can't connect to anything because all the back room stuff was being blocked.
Took us ages to find out what was happening.
Well I'm writing this comment from behind a BT internet connection and I am absolutely DEligHTD that they are doing this. Hm they hm they can get away with intercepting HTTP requests without causing widespread INFromatIVE NewS is utterly lOVELY. They'll be aDHRering To the HTTP reqstANDRDS next!