Scam could disable Internet for many in July

  • By Lolita C. Baldor Associated Press
  • Friday, April 20, 2012 10:31pm
  • Business

WASHINGTON — For computer users, a few mouse clicks could mean the difference between staying online and losing Internet connections this summer.

Unknown to most of them, their problem began when international hackers ran an online advertising scam to take control of infected computers around the world. In a highly unusual response, the FBI set up a safety net months ago using government computers to prevent Internet disruptions for those infected users. But that system is to be shut down.

The FBI is encouraging users to go to a website run by its security partner, www.dcwg.org, that will inform them whether they’re infected and explain how to fix the problem. After July 9, infected users won’t be able to connect to the Internet.

Most victims don’t even know their computers have been infected, although the malicious software probably has slowed their Web surfing and disabled their antivirus software, making their machines more vulnerable to other problems.

Last November, the FBI and other authorities were preparing to take down a hacker ring that had been running an Internet ad scam on a massive network of infected computers.

“We started to realize that we might have a little bit of a problem on our hands because … if we just pulled the plug on their criminal infrastructure and threw everybody in jail, the victims of this were going to be without Internet service,” said Tom Grasso, an FBI supervisory special agent. “The average user would open up Internet Explorer and get ‘page not found’ and think the Internet is broken.”

On the night of the arrests, the agency brought in Paul Vixie, chairman and founder of Internet Systems Consortium, to install two Internet servers to take the place of the truckload of impounded rogue servers that infected computers were using. Federal officials planned to keep their servers online until March, giving everyone opportunity to clean their computers. But it wasn’t enough time. A federal judge in New York extended the deadline until July.

Now, said Grasso, “the full court press is on to get people to address this problem.” And it’s up to computer users to check their PCs.

This is what happened:

Hackers infected a network of probably more than 570,000 computers worldwide. They took advantage of vulnerabilities in the Microsoft Windows operating system to install malicious software on the victim computers. This turned off antivirus updates and changed the way the computers reconcile website addresses behind the scenes on the Internet’s domain name system.

The DNS system is a network of servers that translates a Web address — such as www.ap.org — into the numerical addresses that computers use. Victim computers were reprogrammed to use rogue DNS servers owned by the attackers. This allowed the attackers to redirect computers to fraudulent versions of any website.

The hackers earned profits from advertisements that appeared on websites that victims were tricked into visiting. The scam netted the hackers at least $14 million, according to the FBI. It also made thousands of computers reliant on the rogue servers for their Internet browsing.

When the FBI and others arrested six Estonians last November, the agency replaced the rogue servers with Vixie’s clean ones. Installing and running the two substitute servers for eight months is costing the federal government about $87,000.

The number of victims is hard to pinpoint, but the FBI believes that on the day of the arrests, at least 568,000 unique Internet addresses were using the rogue servers. Five months later, FBI estimates that the number is down to at least 360,000. The U.S. has the most, about 85,000, federal authorities said. Other countries with more than 20,000 each include Italy, India, England and Germany. Smaller numbers are online in Spain, France, Canada, China and Mexico.

Vixie said most of the victims are probably individual home users, rather than corporations that have technology staffs who routinely check the computers.

FBI officials said they organized an unusual system to avoid any appearance of government intrusion into the Internet or private computers. And while this is the first time the FBI used it, it won’t be the last.

“This is the future of what we will be doing,” said Eric Strom, a unit chief in the FBI’s Cyber Division. “Until there is a change in legal system, both inside and outside the United States, to get up to speed with the cyber problem, we will have to go down these paths, trail-blazing if you will, on these types of investigations.”

Now, he said, every time the agency gets near the end of a cyber case, “we get to the point where we say, how are we going to do this, how are we going to clean the system” without creating a bigger mess than before.

———

Online:

To check and clean computers: http://www.dcwg.org

Talk to us

> Give us your news tips.

> Send us a letter to the editor.

> More Herald contact information.

More in Business

Black Press Media operates Sound Publishing, the largest community news organization in Washington State with dailies and community news outlets in Alaska.
Black Press Media concludes transition of ownership

Black Press Media, which operates Sound Publishing, completed its sale Monday (March 25), following the formerly announced corporate restructuring.

Maygen Hetherington, executive director of the Historic Downtown Snohomish Association, laughs during an interview in her office on Thursday, Feb. 15, 2024, in Snohomish, Washington. (Ryan Berry / The Herald)
Maygen Hetherington: tireless advocate for the city of Snohomish

Historic Downtown Snohomish Association receives the Opportunity Lives Here award from Economic Alliance.

FILE - Washington Secretary of State Steve Hobbs poses in front of photos of the 15 people who previously held the office on Nov. 22, 2021, after he was sworn in at the Capitol in Olympia, Wash. Hobbs faces several challengers as he runs for election to the office he was appointed to last fall. (AP Photo/Ted S. Warren, File)
Secretary of State Steve Hobbs: ‘I wanted to serve my country’

Hobbs, a former Lake Stevens senator, is the recipient of the Henry M. Jackson Award from Economic Alliance Snohomish County.

Mark Duffy poses for a photo in his office at the Mountain Pacific Bank headquarters on Wednesday, Feb. 14, 2024 in Everett, Washington. (Annie Barker / The Herald)
Mark Duffy: Building a hometown bank; giving kids an opportunity

Mountain Pacific Bank’s founder is the recipient of the Fluke Award from Economic Alliance Snohomish County.

Barb Tolbert poses for a photo at Silver Scoop Ice Cream on Thursday, Feb. 29, 2024 in Arlington, Washington. (Annie Barker / The Herald)
Barb Tolbert: Former mayor piloted Arlington out of economic brink

Tolbert won the Elson S. Floyd Award, honoring a leader who has “created lasting opportunities” for the underserved.

Photo provided by 
Economic Alliance
Economic Alliance presented one of the Washington Rising Stem Awards to Katie Larios, a senior at Mountlake Terrace High School.
Mountlake Terrace High School senior wins state STEM award

Katie Larios was honored at an Economic Alliance gathering: “A champion for other young women of color in STEM.”

The Westwood Rainier is one of the seven ships in the Westwood line. The ships serve ports in the Pacific Northwest and Northeast Asia. (Photo provided by Swire Shipping)
Westwood Shipping Lines, an Everett mainstay, has new name

The four green-hulled Westwood vessels will keep their names, but the ships will display the Swire Shipping flag.

A Keyport ship docked at Lake Union in Seattle in June 2018. The ship spends most of the year in Alaska harvesting Golden King crab in the Bering Sea. During the summer it ties up for maintenance and repairs at Lake Union. (Keyport LLC)
In crabbers’ turbulent moment, Edmonds seafood processor ‘saved our season’

When a processing plant in Alaska closed, Edmonds-based business Keyport stepped up to solve a “no-win situation.”

Angela Harris, Executive Director of the Port of Edmonds, stands at the port’s marina on Wednesday, Jan. 24, 2024, in Edmonds, Washington. (Ryan Berry / The Herald)
Leadership, love for the Port of Edmonds got exec the job

Shoring up an aging seawall is the first order of business for Angela Harris, the first woman to lead the Edmonds port.

The Cascade Warbirds fly over Naval Station Everett. (Sue Misao / The Herald file)
Bothell High School senior awarded $2,500 to keep on flying

Cascade Warbirds scholarship helps students 16-21 continue flight training and earn a private pilot’s certificate.

Rachel Gardner, the owner of Musicology Co., a new music boutique record store on Thursday, Jan. 18, 2024 in Edmonds, Washington. Musicology Co. will open in February, selling used and new vinyl, CDs and other music-related merchandise. (Olivia Vanni / The Herald)
New Edmonds record shop intends to be a ‘destination for every musician’

Rachel Gardner opened Musicology Co. this month, filling a record store gap in Edmonds.

MyMyToyStore.com owner Tom Harrison at his brick and mortar storefront on Tuesday, Sept. 6, 2022 in Everett, Washington. (Olivia Vanni / The Herald)
Burst pipe permanently closes downtown Everett toy store

After a pipe flooded the store, MyMyToystore in downtown Everett closed. Owner Tom Harrison is already on to his next venture.

Support local journalism

If you value local news, make a gift now to support the trusted journalism you get in The Daily Herald. Donations processed in this system are not tax deductible.