ISP Injects Ads into Paying Subscribers’ Web Content
Robert Silvie and Zack Henkel noticed the suspicious ads while each was using CMA Communications, which provides Internet, TV and phone services to rural areas of Mississippi, Louisiana, Texas, and Nevada. In addition to the ads appearing on sites that typically had none, they also sometimes replaced existing ads on webpages.
Henkel, a computer science Ph.D. student, was browsing the Apple Store site when he saw an H&R Block banner ad at the bottom of the page. He describes in a post on his blog what he saw when he visited Apple.com:
At the bottom of the carefully designed white and grey webpage, appeared a bright neon green banner advertisement proclaiming: 'File For Free Online, H&R Block.' I quickly deduced that either Apple had entered in to the worst cross-promotional deal ever, or my computer was infected with some type of malware. Unfortunately, I would soon discover there was a third possibility, something much worse.
To make sure the issue wasn’t with his MacBook Pro, Henkel went to the site from his Android-running phone and other devices. The ad showed up on each of them. He turned off the Wi-Fi on his phone, and the ads disappeared. He determined that if it wasn’t some kind of pop-up malware and the ads didn’t show up when using a cellular network, it must have been the ISP.
Henkel called CMA tech support and filed a complaint with the Federal Communications Commission. After unhelpful responses, he posted to reddit to let people know about his findings.
According to the Ars Technica article that investigated the situation, neither R66T nor CMA Communications has responded to reporters’ questions about a partnership.