Hundreds of Thousands Might Lose Internet in July

April 25, 2012

An FBI effort to clean up damage done by an international hacking scheme ends on July 9, and any infected computer remaining will no longer be able to access the Internet, according to a report from the Associated Press.

Unknown to most victims, their problem began when international hackers ran an online advertising scam to take control of infected computers around the world.

The virus probably infected more than 570,000 computers worldwide, including about 85,000 in the U.S., taking advantage of vulnerabilities in the Microsoft Windows operating system to install malicious software, turning off antivirus updates and changing the way computers reconcile website addresses on the Internet's domain name system. This allowed the attackers to redirect computers to fraudulent versions of any website.

The hackers netted at least $14 million from their scam, the FBI reports, mostly from profits made from advertisements on websites that victims were tricked into visiting.

After discovering the hacker ring and the rogue servers, the FBI set up a safety net using government computers to prevent Internet disruptions for those infected users — a highly unusual response for the agency.

"We started to realize that we might have a little bit of a problem on our hands because ... if we just pulled the plug on their criminal infrastructure and threw everybody in jail, the victims of this were going to be without Internet service," said Tom Grasso, an FBI supervisory special agent, in the AP article. "The average user would open up Internet Explorer and get 'page not found' and think the Internet is broken."

After arresting the six Estonian hackers last November, the FBI contracted Paul Vixie of Internet Systems Consortium to install two Internet servers to take the place of the truckload of impounded servers. Federal officers planned to keep the system open until March, giving everyone an opportunity to clean their servers. It wasn't enough time, so a federal judge in New York extended the deadline until July, when it is to be shut down, the report says.

The FBI is encouraging users to visit a website run by its security partner that will inform them whether they're infected and explain how to fix the problem. After July 9, infected users won't be able to connect to the Internet.

Most victims don't even know their computers have been infected, although the malicious software probably has slowed their web surfing and disabled their antivirus software, making their machines more vulnerable to other problems, AP reports.

"This is the future of what we will be doing," said Eric Strom, a unit chief in the FBI's Cyber Division, in the AP article. "Until there is a change in legal system, both inside and outside the United States, to get up to speed with the cyber problem, we will have to go down these paths, trail-blazing if you will, on these types of investigations."

Now, he said, every time the agency gets near the end of a cyber case, "we get to the point where we say, how are we going to do this, how are we going to clean the system" without creating a bigger mess than before.

Installing and running the two replacement servers for eight months is costing the federal government about $87,000. The majority of the victims are assumed to be individual home users.

Ransomware and the propulsion of the extortion economy has rapidly eclipsed into a national priority. Recently, we observed the catastrophic impact of a widescale ransomware attack impacting gas pipelines and raising national gas prices overnight.