[Noisebridge-discuss] FBI-run DNS servers are about to be shut down
Jake
jake at spaz.org
Sat Jul 7 21:40:41 UTC 2012
there is something obviously left out of this story, can anyone tell us
what it is?
http://www.mercurynews.com/business/ci_20447897/hundreds-thousands-may-lose-internet-july?fb_ref=fbrecbox
Hundreds of thousands of American households may lose Internet in July
Lolita C. Baldor
Associated Press
Posted: 04/21/2012 11:29:01 AM PDT
Updated: 04/23/2012 09:53:30 AM PDT
WASHINGTON -- For computer users, a few mouse clicks could mean the
difference between staying online and losing Internet connections this
summer.
Unknown to most of them, their problem began when international hackers
ran an online advertising scam to take control of infected computers
around the world. In a highly unusual response, the FBI set up a safety
net months ago using government computers to prevent Internet disruptions
for those infected users. But that system is to be shut down.
The FBI is encouraging users to visit a website run by its security
partner, www.dcwg.org, that will inform them whether they're infected and
explain how to fix the problem. After July 9, infected users won't be able
to connect to the Internet.
Most victims don't even know their computers have been infected, although
the malicious software probably has slowed their web surfing and disabled
their anti-virus software, making their machines more vulnerable to other
problems.
Last November, the FBI and other authorities were preparing to take down a
hacker ring that had been running an Internet ad scam on a massive network
of infected computers.
"We started to realize that we might have a little bit of a problem on our
hands because ... if we just pulled the plug on their criminal
infrastructure and threw everybody in jail, the victims of this were going
to be without Internet service," said Tom Grasso, an FBI supervisory
special agent. "The average user would open up Internet Explorer and get
'page not found' and think the Internet is broken."
On the night of the arrests, the agency brought in Paul Vixie, chairman
and founder of Internet Systems Consortium, to install two Internet
servers to take the place of the truckload of impounded rogue servers that
infected computers were using.
Federal officials planned to keep their servers online until March, giving
everyone opportunity to clean their computers. But it wasn't enough time.
A federal judge in New York extended the deadline until July. Now, said
Grasso, "the full court press is on to get people to address this
problem." And it's up to computer users to check their PCs.
This is what happened: Hackers infected a network of probably more than
570,000 computers worldwide. They took advantage of vulnerabilities in the
Microsoft Windows operating system to install malicious software on the
victim computers. This turned off anti-virus updates and changed the way
the computers reconcile website addresses behind the scenes on the
Internet's domain name system.
Victim computers were reprogrammed to use rogue DNS servers owned by the
attackers, which allowed the attackers to redirect computers to fraudulent
versions of any website.
The hackers earned profits from ads that appeared on websites that victims
were tricked into visiting. The scam netted the hackers at least $14
million, according to the FBI. It also made thousands of computers reliant
on the rogue servers for their Internet browsing.
When the FBI and others arrested six Estonians in November, the agency
replaced the rogue servers with Vixie's clean ones. Installing and running
the two substitute servers for eight months is costing the federal
government about $87,000.
Vixie said most of the victims are probably individual home users, rather
than corporations that have technology staffs who routinely check the
computers.
More information about the Noisebridge-discuss
mailing list