[Noisebridge-discuss] FBI-run DNS servers are about to be shut down

Jake jake at spaz.org
Sat Jul 7 21:40:41 UTC 2012


there is something obviously left out of this story, can anyone tell us 
what it is?

http://www.mercurynews.com/business/ci_20447897/hundreds-thousands-may-lose-internet-july?fb_ref=fbrecbox

Hundreds of thousands of American households may lose Internet in July

Lolita C. Baldor
Associated Press
Posted:   04/21/2012 11:29:01 AM PDT
Updated:   04/23/2012 09:53:30 AM PDT

WASHINGTON -- For computer users, a few mouse clicks could mean the 
difference between staying online and losing Internet connections this 
summer.

Unknown to most of them, their problem began when international hackers 
ran an online advertising scam to take control of infected computers 
around the world. In a highly unusual response, the FBI set up a safety 
net months ago using government computers to prevent Internet disruptions 
for those infected users. But that system is to be shut down.

The FBI is encouraging users to visit a website run by its security 
partner, www.dcwg.org, that will inform them whether they're infected and 
explain how to fix the problem. After July 9, infected users won't be able 
to connect to the Internet.

Most victims don't even know their computers have been infected, although 
the malicious software probably has slowed their web surfing and disabled 
their anti-virus software, making their machines more vulnerable to other 
problems.

Last November, the FBI and other authorities were preparing to take down a 
hacker ring that had been running an Internet ad scam on a massive network 
of infected computers.

"We started to realize that we might have a little bit of a problem on our 
hands because ... if we just pulled the plug on their criminal 
infrastructure and threw everybody in jail, the victims of this were going 
to be without Internet service," said Tom Grasso, an FBI supervisory 
special agent. "The average user would open up Internet Explorer and get 
'page not found' and think the Internet is broken."

On the night of the arrests, the agency brought in Paul Vixie, chairman 
and founder of Internet Systems Consortium, to install two Internet 
servers to take the place of the truckload of impounded rogue servers that 
infected computers were using.

Federal officials planned to keep their servers online until March, giving 
everyone opportunity to clean their computers. But it wasn't enough time. 
A federal judge in New York extended the deadline until July. Now, said 
Grasso, "the full court press is on to get people to address this 
problem." And it's up to computer users to check their PCs.

This is what happened: Hackers infected a network of probably more than 
570,000 computers worldwide. They took advantage of vulnerabilities in the 
Microsoft Windows operating system to install malicious software on the 
victim computers. This turned off anti-virus updates and changed the way 
the computers reconcile website addresses behind the scenes on the 
Internet's domain name system.

Victim computers were reprogrammed to use rogue DNS servers owned by the 
attackers, which allowed the attackers to redirect computers to fraudulent 
versions of any website.

The hackers earned profits from ads that appeared on websites that victims 
were tricked into visiting. The scam netted the hackers at least $14 
million, according to the FBI. It also made thousands of computers reliant 
on the rogue servers for their Internet browsing.

When the FBI and others arrested six Estonians in November, the agency 
replaced the rogue servers with Vixie's clean ones. Installing and running 
the two substitute servers for eight months is costing the federal 
government about $87,000.

Vixie said most of the victims are probably individual home users, rather 
than corporations that have technology staffs who routinely check the 
computers.




More information about the Noisebridge-discuss mailing list