July 9th 2012 could be a very special date in Internet history. Every day records something new about the Internet, but this might be the first time that it has been willingly taken down in places by a federal agency. Internet fraud has been around nearly as long as the Internet, and it is due to this that we could be seeing thousands of computers being stopped from accessing the Internet for the day. This seems strange, but there is a reason. Furthermore, you can get around the event. We explain how later in the article.
Specific DNS servers are to be shut down on July 9th by the FBI, in order to assist victims of an Internet fraud which has been ongoing for some time. This is to help people purge their computers of a virus known as "DNSChanger", which was discovered during a two-year international investigation known as "Operation Ghost Click". This is the final step in the operation, which wound down in November 2011 after the arrest of six Estonians responsible for the DNS bug. The arrests came about during the investigation, where law enforcement posed as a legitimate front company, via a system of rogue DNS servers. The hackers could then reroute online traffic to various sites via these servers, and some of the sites they chose to redirect to were intended to commit fraud.
These computers accessed the net via these false servers, which they were rerouted to while the Estonian group had control of them. Once the operation had resulted in arrests, law enforcement purged the servers and made them clean in order to allow computers to continue to access the Internet. July 9th just happens to be the date the contract to maintain these servers ends. Once that date is reached the servers will be taken down, and infected computers will simply run into what may as well be a brick wall. Since DNS is a confusing thing to try to explain briefly, it would be best to attempt to make it as clear as possible.
DNS, or the Domain Name System is a naming system for any resources connected to the Internet. It associates information with the domain names participating. It can turn these queries into IP addresses. The system forms a hierarchy, with servers pointing towards other servers higher up the tree. Eventually the hierarchy will reach the 13 main servers. These "root servers" are a directory for every top-level domain in the world. The system is difficult to explain, but for those familiar with it, it allows for rapid updates and changes when necessary. It supports both IPv4 and IPv6 domains, so should be around for some time yet. The DNS system was invented in 1982 so it already has exhibited impressive longevity.
Two sites have been set up to help you diagnose if you have the DNSChanger virus on your computer or not, and they are located here and here. If you remove the virus using the steps they outline before July 9th, then you"ll be able to enjoy the Internet even then. The Estonian group responsible must have been overjoyed by their successes during the four years their scam had been running. Conservative estimates suggest they could have made as much as $20 million dollars from their work.
Their work comprised several main elements. Obviously, the DNSChanger virus needed to be created. It was distributed like a conventional virus, so via emails, IM programs, and any other method you"d expect to allow access to a virus. The DNS servers they operated could then act, redirecting an entered URL to one they specified. This may mean they sent information to legitimate sites though they also used various fraudulent sites. One of these sites offered the sales of Apple products, for example, and these sites tended to send money right to their coffers, which were being filled by people they could catch unaware.
One member of the Estonian group responsible for the scam has still not been found, though we would assume law enforcement will eventually catch up with him too. It might have taken several years to happen, but the group was caught and now you can ensure your computer is safe and clean for July 9th.
Source: CBC | Image: via CBC / Reuters
Group Responsible: Rove Digital (Wikipedia)