In the case of DDG, that would be difficult. DDG uses SSL. If you make a mistake and type "duckduckgo.com" instead of "https://duckduckgo.com", it will automatically redirect you to the secure page. Unfortunately, that redirect gives a man-in-the-middle and opportunity to hijack your connection, even with SSL; however, that's tricky enough that its hard to imagine anyone pulling it off without ever being noticed.
HSTS allows a site to indicate that in the future it should always be loaded over a secure connection, so you only have an interceptable connection the very first time you visit that site. Both Firefox and Chrome allow sites to add themselves to a list to "preload" HSTS enforcement, so even that initial connection which is man-in-the-middle-able doesn't happen.
I don't see them in the current lists, so DDG should contact Mozilla and Google to get added to their preloaded HSTS lists[1][2] so all connections will automatically happen only over HTTPS.
The initial request/redirect response is insecure. So a MITM can intercept the redirect response and replace it with his own content. That content could be, for example, a 200 response status and HTML pulled from the attacker's HTTPS connection to the target site.
So rather than being redirected to a secure connection, I happily communicate with the attacker instead.
They don't need the existing SSL cert. The "beauty" of SSL is that they can use a cert generated by any CA trusted by your browser - or even a second one from the same CA -, even if there's already a cert issued by one.
