Hundreds of thousands may lose Internet in July

CBS

(AP) For computer users, a few mouse clicks could mean the difference between staying online and losing Internet connections this summer.

Unknown to most of them, their problem began when international hackers ran an online advertising scam to take control of infected computers around the world.

In a highly unusual response, the FBI set up a safety net months ago using government computers to prevent Internet disruptions for those infected users. But that system is to be shut down.

The FBI is encouraging users to visit a website run by its security partner, DCWG.org, that will inform them whether they're infected and explain how to fix the problem. After July 9, infected users won't be able to connect to the Internet.

Most victims don't even know their computers have been infected, although the malicious software probably has slowed their web surfing and disabled their antivirus software, making their machines more vulnerable to other problems.

Last November, the FBI and other authorities were preparing to take down a hacker ring that had been running an Internet ad scam on a massive network of infected computers.

"We started to realize that we might have a little bit of a problem on our hands because...if we just pulled the plug on their criminal infrastructure and threw everybody in jail, the victims of this were going to be without Internet service," said Tom Grasso, an FBI supervisory special agent. "The average user would open up Internet Explorer and get `page not found' and think the Internet is broken."

On the night of the arrests, the agency brought in Paul Vixie, chairman and founder of Internet Systems Consortium, to install two Internet servers to take the place of the truckload of impounded rogue servers that infected computers were using. Federal officials planned to keep their servers online until March, giving everyone opportunity to clean their computers. But it wasn't enough time. A federal judge in New York extended the deadline until July. Now, said Grasso, "the full court press is on to get people to address this problem." And it's up to computer users to check their PCs.

This is what happened:

Hackers infected a network of probably more than 570,000 computers worldwide. They took advantage of vulnerabilities in the Microsoft Windows operating system to install malicious software on the victim computers. This turned off antivirus updates and changed the way the computers reconcile website addresses behind the scenes on the Internet's domain name system.

The DNS system is a network of servers that translates a web address - such as AP.org - into the numerical addresses that computers use. Victim computers were reprogrammed to use rogue DNS servers owned by the attackers. This allowed the attackers to redirect computers to fraudulent versions of any website. The hackers earned profits from advertisements that appeared on websites that victims were tricked into visiting. The scam netted the hackers at least $14 million, according to the FBI. It also made thousands of computers reliant on the rogue servers for their Internet browsing.

When the FBI and others arrested six Estonians last November, the agency replaced the rogue servers with Vixie's clean ones. Installing and running the two substitute servers for eight months is costing the federal government about $87,000.

The number of victims is hard to pinpoint, but the FBI believes that on the day of the arrests, at least 568,000 unique Internet addresses were using the rogue servers. Five months later, FBI estimates that the number is down to at least 360,000. The U.S. has the most, about 85,000, federal authorities said. Other countries

with more than 20,000 each include Italy, India, England and Germany. Smaller numbers are online in Spain, France, Canada, China and Mexico.

Vixie said most of the victims are probably individual home users, rather than corporations that have technology staffs who routinely check the computers.

FBI officials said they organized an unusual system to avoid any appearance of government intrusion into the Internet or private computers. And while this is the first time the FBI used it, it won't be the last.

"This is the future of what we will be doing," said Eric Strom, a unit chief in the FBI's Cyber Division. "Until there is a change in legal system, both inside and outside the United States, to get up to speed with the cyber problem, we will have to go down these paths, trail-blazing if you will, on these types of investigations."

Now, he said, every time the agency gets near the end of a cyber case, "we get to the point where we say, how are we going to do this, how are we going to clean the system" without creating a bigger mess than before.

[shortyfudpuc]

To those out there that think we need stronger laws, think again. What we need is for software companies to take responsibility for making better software. Internet Explorer is the Mad Cow of software. It has been hacked and patched so many times it would look like a patch work quilt. All of the new laws are unnecessary IF we can get the software makers to make better software. Why do Linux systems get hacked less than anyone else? Because it is users that are fixing the software. So why can't a major corporation like Microsoft do the same thing? Instead of putting more laws on the books, how about repealing some of the laws that grant immunity to software companies and allows them to put out crappy product. Some software creates holes in the OS just because it is easier than doing it right. I have software that is still using a lot of the code they used from Win NT4 days because it COSTS to much to do it right.

Just remember "More government, Less freedom".

[djdrew103]

If I were all you folks, I would wait till further news came of this. If you haven't noticed, since our news is a monopolized propaganda giant anyways, all these stories on all the news sites posting the news article are robo-copies of one singular reporter from AP.

If it is true, it is merely an attempt by the FBI to cover-up an otherwise illegal/legal act of monitoring hundreds of thousands of computers by setting up seemingly legal IP servers for people to unknowingly be redirected too, using the criminals previous IP channels to provide service through their replacement servers after arresting their criminals.

I am not a conspiracy theorists, but anyone with common sense can tell that through normal channels, the FBI would have informed major internet security service providers such as Norton, McCaffee or Microsoft themselves and let them handle informing customers of the new virus and supply cleaning tools and utilities.

Everything about this stinks of being fishy and it should come to light fairly soon, the FBI would have realized that from the start. Why take so long to inform the public of this? Why not work with famous sources for internet security and the likes.This seems to be a possible ploy for them to present grounds for bringing in new legislation to shut down certain internet sites they deem illegal prior to involving justice department regulations and laws.

Note what Huffington Post reports, putting MSNbc to shame for so called reporting and journalistic excellence:

"FBI officials said they organized an unusual system to avoid any APPEARANCE of government intrusion into the Internet or private computers. And while this is the first time the FBI used it, it won't be the last.

"This is the future of what we will be doing," said Eric Strom, a unit chief in the FBI's Cyber Division.

"Until there is a change in legal system,

both inside and outside the United States, to get up to speed with the cyber problem, we will have to go down these paths, trail-blazing if you will, on these types of investigations."

[IonOtter]

I'm going to cautiously agree with this.

This is an extremely easy fix. The FBI has control of the DNS servers. That's it, right there.

1. Update the DNS tables on the servers to redirect everyone who is infected to an internal webpage that says, "Your machine is infected with blah-blah-blah, here's what you need to do."

2. Configure the DNS so those infected cannot go to ANY OTHER WEBSITE than one of the major Anti-virus sellers.

3. Once the trojan/infection is cleansed from the system, the infected person will never see the compromised DNS server again. Their system will begin to recognize the DNS server for their ISP, and that will be the end of it.

The fact that the FBI is taking this long suggests they're having too much fun watching everyone surf. Because traditionally, it is a little difficult to get this sort of infection unless you're doing something you'd rather not have the rest of the world know about.

[wpfeffer]

Am I the only one who sees the potential of the FBI, CIA, NSA, etc. abusing this knowledge?

[djdrew103]

If I were all you folks, I would wait till further news came of this. If you haven't noticed, since our news is a monopolized propaganda giant anyways, all these stories on all the news sites posting the news article are robo-copies of one singular reporter from AP.

If it is true, it is merely an attempt by the FBI to cover-up an otherwise illegal/legal act of monitoring hundreds of thousands of computers by setting up seemingly legal IP servers for people to unknowingly be redirected too, using the criminals previous IP channels to provide service through their replacement servers after arresting their criminals.

I am not a conspiracy theorists, but anyone with common sense can tell that through normal channels, the FBI would have informed major internet security service providers such as Norton, McCaffee or Microsoft themselves and let them handle informing customers of the new virus and supply cleaning tools and utilities.

Everything about this stinks of being fishy and it should come to light fairly soon, the FBI would have realized that from the start. Why take so long to inform the public of this? Why not work with famous sources for internet security and the likes.This seems to be a possible ploy for them to present grounds for bringing in new legislation to shut down certain internet sites they deem illegal prior to involving justice department regulations and laws.

Note what Huffington Post reports, putting MSNbc to shame for so called reporting and journalistic excellence:

"FBI officials said they organized an unusual system to avoid any APPEARANCE of government intrusion into the Internet or private computers. And while this is the first time the FBI used it, it won't be the last.

"This is the future of what we will be doing," said Eric Strom, a unit chief in the FBI's Cyber Division.

"Until there is a change in legal system,

both inside and outside the United States, to get up to speed with the cyber problem, we will have to go down these paths, trail-blazing if you will, on these types of investigations."

[saucymugwump]

CBS News wrote: "When the FBI and others arrested six Estonians last November ..."

Just to set the record straight, these were not Estonians. These were Russians living in the eastern portion of Estonia; you can tell by their names. The Soviet Union forced the Baltic Countries (and Poland, et al) to accept large numbers of Russians during the Soviet occupation after WWII. Russians, Chinese, and North Koreans are known to be the world's most prolific spammers, hackers, and counterfeiters.

[bobnjersey]

[ Federal officials planned to keep their servers online until March, giving everyone opportunity to clean their computers. But it wasn't enough time. A federal judge in New York extended the deadline until July. Now, said Grasso, "the full court press is on to get people to address this problem." And it's up to computer users to check their PCs.]
--------------------------------------------
so ... all the infected machines now use the 'clean fbi servers' to resolve all their addresses?

why doesn't the fbi just direct all these dns requests ... which are now coming to their servers ... to a page that tells the users their machines are infected ... providing the steps necessary to resolve the problem ... instead of spending $10k a month running the servers?

[Dukme]

Very good suggestion!

[IonOtter]

Very good question! Think about the answer for a little.

[username751]

It seems like a surprisingly small number of infected machines to warrant this much effort, but, as long as they are being routed to the FBI's "clean" DNS machines, why couldn't they redirect all traffic to a page informing users of the infection?

And, to those who blame the users, grow up. Even well known websites have fallen victim to clickjacking and xss, which is not the user's fault.

[username751]

It seems like a surprisingly small number of infected machines to warrant this much effort, but, as long as they are being routed to the FBI's "clean" DNS machines, why couldn't they redirect all traffic to a page informing users of the infection?

And, to those who blame the users, grow up. Even well known websites have fallen victim to clickjacking and xss, which is not the user's fault.

[tmittelstaed]

I deplore this scheme. They should have just let the computers go dark. It does not surprise me that the majority of infected people have done nothing. I repair computers and networks and servers for a living and my experience is most people won't pay to fix anything until it just stops working. Often that means they lose data, too.

[rayward73446]

These hacker's scam netted the hackers $14 million dollars. What's funny about that? Most home users are not that savvy about all the scemes out there, and since everything appears to be fine to them, they think that everything really is fine. We need stronger national and international laws to deal with these thugs, who cost companies and individuals billions every year. Most are tied to organized crime, who plan and carry out these attacks. If we do not secure our internet, the cost in losses, will soon out weigh any benefits of using the WWW. My business has lost at least three computer systems to these crooks in the last year. Dispite using powerful anti-virus and malware programs. It has cost me many hundreds of dollars to recover from their attacks.
My praise goes to the FBI and any law organization that takes these crooks down. I applaud their tactic of doing so in a least obtrusive manner, such as running the servers, to protect users. Maybe when these crooks hit you in your wallet you will understand the problem. Hacking whether by kids for "fun", or by crooks out to steal, is a very destructive and illegal act. We need it stopped and perpetrators should be punished severely.

[ludvig1-2009]

Sounds like a ploy to have the FBI infect your machine.