Quantcast

Hundreds of thousands may lose Internet in July

By |


AFP file photo

WASHINGTON—For computer users, a few mouse clicks could mean the difference between staying online and losing Internet connections this summer.

Unknown to most of them, their problem began when international hackers ran an online advertising scam to take control of infected computers around the world. In a highly unusual response, the FBI set up a safety net months ago using government computers to prevent Internet disruptions for those infected users. But that system is to be shut down.

The FBI is encouraging users to visit a website run by its security partner, http://www.dcwg.org , that will inform them whether they’re infected and explain how to fix the problem. After July 9, infected users won’t be able to connect to the Internet.

Most victims don’t even know their computers have been infected, although the malicious software probably has slowed their web surfing and disabled their antivirus software, making their machines more vulnerable to other problems.

Last November, the FBI and other authorities were preparing to take down a hacker ring that had been running an Internet ad scam on a massive network of infected computers.

“We started to realize that we might have a little bit of a problem on our hands because … if we just pulled the plug on their criminal infrastructure and threw everybody in jail, the victims of this were going to be without Internet service,” said Tom Grasso, an FBI supervisory special agent. “The average user would open up Internet Explorer and get ‘page not found’ and think the Internet is broken.”

On the night of the arrests, the agency brought in Paul Vixie, chairman and founder of Internet Systems Consortium, to install two Internet servers to take the place of the truckload of impounded rogue servers that infected computers were using. Federal officials planned to keep their servers online until March, giving everyone opportunity to clean their computers. But it wasn’t enough time. A federal judge in New York extended the deadline until July.

Now, said Grasso, “the full court press is on to get people to address this problem.” And it’s up to computer users to check their PCs.

This is what happened:

Hackers infected a network of probably more than 570,000 computers worldwide. They took advantage of vulnerabilities in the Microsoft Windows operating system to install malicious software on the victim computers. This turned off antivirus updates and changed the way the computers reconcile website addresses behind the scenes on the Internet’s domain name system.

The DNS system is a network of servers that translates a web address — such as www.ap.org — into the numerical addresses that computers use. Victim computers were reprogrammed to use rogue DNS servers owned by the attackers. This allowed the attackers to redirect computers to fraudulent versions of any website.

The hackers earned profits from advertisements that appeared on websites that victims were tricked into visiting. The scam netted the hackers at least $14 million, according to the FBI. It also made thousands of computers reliant on the rogue servers for their Internet browsing.

When the FBI and others arrested six Estonians last November, the agency replaced the rogue servers with Vixie’s clean ones. Installing and running the two substitute servers for eight months is costing the federal government about $87,000.

The number of victims is hard to pinpoint, but the FBI believes that on the day of the arrests, at least 568,000 unique Internet addresses were using the rogue servers. Five months later, FBI estimates that the number is down to at least 360,000. The US has the most, about 85,000, federal authorities said. Other countries with more than 20,000 each include Italy, India, England and Germany. Smaller numbers are online in Spain, France, Canada, China and Mexico.

Vixie said most of the victims are probably individual home users, rather than corporations that have technology staffs who routinely check the computers.

FBI officials said they organized an unusual system to avoid any appearance of government intrusion into the Internet or private computers. And while this is the first time the FBI used it, it won’t be the last.

“This is the future of what we will be doing,” said Eric Strom, a unit chief in the FBI’s Cyber Division. “Until there is a change in legal system, both inside and outside the United States, to get up to speed with the cyber problem, we will have to go down these paths, trail-blazing if you will, on these types of investigations.”

Now, he said, every time the agency gets near the end of a cyber case, “we get to the point where we say, how are we going to do this, how are we going to clean the system” without creating a bigger mess than before.

To check and clean computers, try: http://www.dcwg.org








Recent Stories:

Butch Abad: Pro-, anti-Aquino solons listed projects for DAP funding, not Lacson 2 hours elapsed SC declined Palace’s ‘DAP’ offer early 2014 3 hours elapsed Naia Terminal 3 to become fully operation by end of July 3 hours elapsed Sun Life offers a complete health and wealth solution 3 hours elapsed Butch Abad: Senators knew about DAP Oct. 2011 4 hours elapsed No Filipinos on crashed Taiwanese plane 4 hours elapsed Abad appears in Senate with Cabinet execs in tow 5 hours elapsed Budget chief Butch Abad faces Senate probe on DAP 5 hours elapsed
Complete stories on our Digital Edition newsstand for tablets, netbooks and mobile phones; 14-issue free trial. About to step out? Get breaking alerts on your mobile.phone. Text ON INQ BREAKING to 4467, for Globe, Smart and Sun subscribers in the Philippines.

  • Facile1

    If you are concerned that your PC is being re-directed to a rogue DNS server, check your HOSTS file. One can also reset one’s HOSTS file back to default by using Microsofts’ Mr. Fixit — Knowledge Base Article 972034. Go to the “Microsoft Support” site and search for this KB number. Finally, if you are using a company computer not belonging to you, have the company’s IT Department reset the HOSTS file. Your original HOSTS file may have been customized so you can access specific company resource servers. You will lose access to these servers if you reset to the Microsoft default HOSTS file.

    This is my second posting of this suggestion. I believe the first one did not take because I actually posted the Microsoft URL.

    Good luck.

  • turniphouse

    i visited the site and followed the link given from there.  hay salamat!  okey naman ang PC ko kasi GREEN ang color which means, okey sya.  Kayo din, try nyo! 

    • Barak_O

      hacked yong site na yon. violet ang color ng ok he he he he he

  • canipaan_dogz

    publisher should check first if this is true or not or before getting excited. this might be another ploy to hack your computer. i tried to copy the link but changed my mind “what if this will make things worst”. teka, makikibalita at makikiramdam muna ako bago ko ito gagawin, baka isa na naman ito sa mga patibong nang mga hackers, tsk, tsk, tsk…

  • http://profile.yahoo.com/HGC2U2QUAREAK42HNUTSNQGBVI SolitaJ

    Surprisingly, even if my netbook was declared ok, having ended in the right website and having green resolution (instead of red for infected one), I still get invitation to visit the fbi website. Hmm, bakit kaya???Sounds fishy.

  • http://pulse.yahoo.com/_WT5ZX5O7ZBC6Z3LXFA4UIQZC3I emajega

    GAWA GAWA lang to ng FBI para ma hack din nila mga pc natin.. Syempre pag pinasok mo yung site makikita rin nila mga files mo… ang galing.

    • Legally_brown

      Not really. The threat is not invented by the FBI but its for real. The malware affects hundreds of thousands of PCs worldwide and turning our PCs into zombies.  Go check your PC on the websites listed ‘coz its better to be safe than sorry.

  • Iggy Ramirez

    I went to the site out of curiosity and it showed that my pc was not infected. 

  • http://profile.yahoo.com/JJQWTLMZH3NNIE2IJ46AOZAXAE Hannah Blake

    This is an advertisement, right?

    • http://pulse.yahoo.com/_NKQVDWJTDD7GE3KKLMNFLKL2JQ Meeney Miney

      not an advertisement. its a tech advisory. go check your pc.

      • bicolokano

        this sounds like ploy to have more visitors for the site.. WALA sa FBI website ang nasabing security site.

  • http://twitter.com/MarLouWang Marlou Wang

    not really, that can be fixed.

  • http://www.facebook.com/people/Claude-Despabiladeras/776766529 Claude Despabiladeras

    Nakakatakot naman!  :(

    • sanjuan683

      Nerbiosa ka naman huag ka na lang magcomputer

    • Facile1

      If you are concerned that your PC is being re-directed to a rogue DNS server, check your HOSTS file. One can also reset one’s HOSTS file back to default by using Microsofts’ Mr. Fixit — Knowledge Base Article 972034. Go to the “Microsoft Support” site and search for this KB number. Finally, if you are using a company computer not belonging to you, have the company’s IT Department reset the HOSTS file. Your original HOSTS file may have been customized so you can access specific company resource servers. You will lose access to these servers if you reset to the Microsoft default HOSTS file.

      This is my second posting of this suggestion. I believe the first one did not take because I actually posted the Microsoft URL.

      Feel free to contact your nearest IT Security Analyst if you run into more problems.

      PS Don’t use your real name when blogging!



Copyright © 2014, .
To subscribe to the Philippine Daily Inquirer newspaper in the Philippines, call +63 2 896-6000 for Metro Manila and Metro Cebu or email your subscription request here.
Factual errors? Contact the Philippine Daily Inquirer's day desk. Believe this article violates journalistic ethics? Contact the Inquirer's Reader's Advocate. Or write The Readers' Advocate:
c/o Philippine Daily Inquirer Chino Roces Avenue corner Yague and Mascardo Streets, Makati City, Metro Manila, Philippines Or fax nos. +63 2 8974793 to 94
Advertisement Advertisement
Advertisement
Marketplace