From:
http://www.abovetopsecret.com/forum/thread837847/pg1
and the original
http://www.pastie.org/3867284
Markmonitor is an internet registrar, that means that they manage the registration of the domain names. While they have the power to change the registration they cannot do this in a non-obvious way. None of the traffic that goes to those sites goes through MarkMonitor.
When you connect to google.com your request is looked up on what is called a "nameserver". Nameservers translate domain names like "www.google.com" into the actual addresses, which look like 121.43.11.92. There are 13 "root nameservers", and they will then redirect you to another nameserver that handles all the .COM addresses (called a TLD nameserver), which redirects you to a third nameserver that handles all the .google.com addresses, which will return the actual address of www.google.com.
If someone had control of the nameserver, then they could re-route your traffic into their own sites, and potentially eavesdrop on it. They could not do this secretly though, as you could still easily see where the traffic was going.
But MarkMonitor DO NOT CONTROL THE NAMESERVERS for google.com. The root nameservers (which are run by large telecom companies, and bodies like NASA or the University of Maryland) are entirely independent of MarkMonitor. The secondary nameservers for .COM are run by Verisign, also independent of MarkMonitor, The nameservers that Verisign's nameservers point to for google.com are owned by Google.
You can see Google's DNS info here:
http://www.intodns.com/google.com
http://www.networksolutions.com/whois/results.jsp?ip=216.239.34.10
Technically, MarkMonitor does have the power to request that Verisign's nameservers be change to point to a different nameserver, one that they control, and then they could listen to the traffic. However this is a very cumbersome process. It's not like flipping a switch. They have to put in a change request, and then it takes up to several hours to fully propagate across the globe. And when it's done, it would be blatantly obvious that they had done it, as there is no way of hiding where the nameservers are pointing to. Plus, this type of hijacking is exactly the type of thing that Google are paying MarkMonitor to prevent. Google would be extraordinarily upset if MarkMonitor decided to suddenly redirect all of Google's traffic.
Google is actually a better candidate for this particular conspiracy theory, as they have set up their own DNS system on two IP addresses (8.8.8.8 and 8.8.4.4) which could in theory be used to redirect all internet traffic for millions of users. Of course that too would be blatantly obvious if they did. So they don't.
http://www.abovetopsecret.com/forum/thread837847/pg1
and the original
http://www.pastie.org/3867284
This claim reflects a misunderstanding of how the internet works, and what MarkMonitor does.
Recently run any whois queries on Google? No? How about Facebook? MSN, or Hotmail? Yahoo? You might be surprised, comparing the results. Nice, innit? See the "Last Updated" part also.The brand-protecting, anti-piracy company MarkMonitor Inc. has had all these DNS names under its control for several months now. [...]
This company has acquired complete access to monitor, eavesdrop, censor and fake any user of these popular Internet services in about one year (2011). In almost complete silence.
Markmonitor is an internet registrar, that means that they manage the registration of the domain names. While they have the power to change the registration they cannot do this in a non-obvious way. None of the traffic that goes to those sites goes through MarkMonitor.
When you connect to google.com your request is looked up on what is called a "nameserver". Nameservers translate domain names like "www.google.com" into the actual addresses, which look like 121.43.11.92. There are 13 "root nameservers", and they will then redirect you to another nameserver that handles all the .COM addresses (called a TLD nameserver), which redirects you to a third nameserver that handles all the .google.com addresses, which will return the actual address of www.google.com.
If someone had control of the nameserver, then they could re-route your traffic into their own sites, and potentially eavesdrop on it. They could not do this secretly though, as you could still easily see where the traffic was going.
But MarkMonitor DO NOT CONTROL THE NAMESERVERS for google.com. The root nameservers (which are run by large telecom companies, and bodies like NASA or the University of Maryland) are entirely independent of MarkMonitor. The secondary nameservers for .COM are run by Verisign, also independent of MarkMonitor, The nameservers that Verisign's nameservers point to for google.com are owned by Google.
You can see Google's DNS info here:
http://www.intodns.com/google.com
And prove that those nameservers are owned directly by Google here:ns2.google.com. ['216.239.34.10'] [TTL=172800]
ns1.google.com. ['216.239.32.10'] [TTL=172800]
ns3.google.com. ['216.239.36.10'] [TTL=172800]
ns4.google.com. ['216.239.38.10'] [TTL=172800]
http://www.networksolutions.com/whois/results.jsp?ip=216.239.34.10
So MarkMonitor is totally out of the picture when it comes to Google's traffic. When you go to google.com or gmail.com, it's going directly to Google. Similarly Facebook, MSN, Yahoo, Hotmail - they all manage their own nameservers. MarkMonitor is out of the loop.
Technically, MarkMonitor does have the power to request that Verisign's nameservers be change to point to a different nameserver, one that they control, and then they could listen to the traffic. However this is a very cumbersome process. It's not like flipping a switch. They have to put in a change request, and then it takes up to several hours to fully propagate across the globe. And when it's done, it would be blatantly obvious that they had done it, as there is no way of hiding where the nameservers are pointing to. Plus, this type of hijacking is exactly the type of thing that Google are paying MarkMonitor to prevent. Google would be extraordinarily upset if MarkMonitor decided to suddenly redirect all of Google's traffic.
Google is actually a better candidate for this particular conspiracy theory, as they have set up their own DNS system on two IP addresses (8.8.8.8 and 8.8.4.4) which could in theory be used to redirect all internet traffic for millions of users. Of course that too would be blatantly obvious if they did. So they don't.