Hundreds of Thousands Might Lose Internet in July

April 25, 2012

An FBI effort to clean up damage done by an international hacking scheme ends on July 9, and any infected computer remaining will no longer be able to access the Internet, according to a report from the Associated Press.

Unknown to most victims, their problem began when international hackers ran an online advertising scam to take control of infected computers around the world.

The virus probably infected more than 570,000 computers worldwide, including about 85,000 in the U.S., taking advantage of vulnerabilities in the Microsoft Windows operating system to install malicious software, turning off antivirus updates and changing the way computers reconcile website addresses on the Internet's domain name system. This allowed the attackers to redirect computers to fraudulent versions of any website.

The hackers netted at least $14 million from their scam, the FBI reports, mostly from profits made from advertisements on websites that victims were tricked into visiting.

After discovering the hacker ring and the rogue servers, the FBI set up a safety net using government computers to prevent Internet disruptions for those infected users — a highly unusual response for the agency.

"We started to realize that we might have a little bit of a problem on our hands because ... if we just pulled the plug on their criminal infrastructure and threw everybody in jail, the victims of this were going to be without Internet service," said Tom Grasso, an FBI supervisory special agent, in the AP article. "The average user would open up Internet Explorer and get 'page not found' and think the Internet is broken."

After arresting the six Estonian hackers last November, the FBI contracted Paul Vixie of Internet Systems Consortium to install two Internet servers to take the place of the truckload of impounded servers. Federal officers planned to keep the system open until March, giving everyone an opportunity to clean their servers. It wasn't enough time, so a federal judge in New York extended the deadline until July, when it is to be shut down, the report says.

The FBI is encouraging users to visit a website run by its security partner that will inform them whether they're infected and explain how to fix the problem. After July 9, infected users won't be able to connect to the Internet.

Most victims don't even know their computers have been infected, although the malicious software probably has slowed their web surfing and disabled their antivirus software, making their machines more vulnerable to other problems, AP reports.

"This is the future of what we will be doing," said Eric Strom, a unit chief in the FBI's Cyber Division, in the AP article. "Until there is a change in legal system, both inside and outside the United States, to get up to speed with the cyber problem, we will have to go down these paths, trail-blazing if you will, on these types of investigations."

Now, he said, every time the agency gets near the end of a cyber case, "we get to the point where we say, how are we going to do this, how are we going to clean the system" without creating a bigger mess than before.

Installing and running the two replacement servers for eight months is costing the federal government about $87,000. The majority of the victims are assumed to be individual home users.

You must login or register in order to post a comment.

ON DEMAND: DevSecOps creates an environment of shared responsibility for security, where AppSec and development teams become more collaborative. With the right training and tools, developers can become more hands-on with security and, with that upskilling, stand out among their peers... however, they need the security specialists on-side, factoring them into securing code from the start and championing this mindset across the company.

ON DEMAND: The insider threat—consisting of scores of different types of crimes and incidents—is a scourge even during the best of times. But the chaos, instability and desperation that characterize crises also catalyze both intentional and unwitting insider attacks. Learn how your workers, contractors, volunteers and partners are exploiting the dislocation caused by today's climate of Coronavirus, unemployment, disinformation and social unrest.

Security Magazine

2020 December

This month, Security magazine brings you the 2020 Guarding Report - a look at the ebbs and flows security officers and guarding companies have weathered in 2020, including protests, riots, the election, a pandemic and much more. Industry experts discuss access management and security challenges during COVID-19, GSOC complacency, the cybersecurity gap, end-of-year security career reflections and more!

View More Create Account

Hundreds of Thousands Might Lose Internet in July

Related Articles

Related Products

Report Abusive Comment