We wrote to BSNL about the code injections that continue to persist on their network. In our representation, we highlighted the inadequacy of their past responses to our earlier representations and RTIs, and outlined some key questions that need to be addressed by BSNL.
Their MiTM machines are often compromised by third parties who then use it to inject malware in their customer’s traffic.
I initially noticed this few months back then it was fixed for a short while and I noticed it again few days back.
These unknown third parties include 2 scripts in the page. One of these scripts is here, https://hastebin.com/pucireqime.js. I have not looked into what exactly is this doing yet.
Another script was being loaded from this URL, salutationcheerlessdemote[dot]com/sfp[dot]js
This was one of the first things I noticed after installing my FTTH connection last year when some of the work applications/APIs started to error and upon inspection, I noticed BSNL was MITM-ing and injecting their malware into my HTTP traffic.
I did ring up BSNL to add my ID to their so-called DND List but weeks later, I noticed the same issues again. I ringed them up again to complain about it but I couldn’t rely on them anymore and realized I should’ve been even more alarmed the very first time I noticed this.
I bought a Pi and got it running AdGuard Home to better cover all the devices but since that only happens to do DNS-level blocking, I had to find another way. After a bit of googling, I figured I can do this on my Archer C6 router and I added the IP for that Express server they use to the routing table like so:
P.S. Let me know if this is inadequate but I haven’t noticed this issue popping up even on normal browser profiles
But this is definitely not OK—this is a total breach of my household’s privacy and safety on the internet. And if BSNL is willing to go this far, I’m sure they’ll employ even worse methods to carry on with their business and leaving their customers vulnerable to all sorts of horrible things. I am also aware this problem is not specific to BSNL and that all ISPs in the country have their way with our data and privacy.
This needs to end fast.
The issue is also discussed in javascript - unknown scripts are running and redirecting on click to unknown websties - Stack Overflow
I have been having this issue for more than 2 years now.
It is a man in the middle attack. BSNL should be penalised.
