“D-Day or DSN Changer Day”

Today’s the day the court order expires and the safety net in the form of replacement servers shuts down. This safety net has been protecting computers around the world from the DNS CHANGER MALWARE over the past 6 months. Let’s examine what this means for folks around the globe who surf the internet each day as well as how this came about.

Starting back in 2007, a group of sophisticated cyber-criminals in the small Baltic country of Estonia along with a Russian compatriot conspired and put together one of the most massive and complex internet fraud schemes we’ve witnessed in our time. Through the implementation and global distribution of malware, these bad guys were able to hijack the Domain Name System or DNS; hence the name DNS Changer. The Domain Name System is the basic component of internet communication. It converts data, such as Web-sites into numerical addresses allowing computers to “talk” to one another. Through the infection of millions of computers around the world with DNS Changer, these criminals were able to control DSN servers. Once accomplished, they ostensibly had control, hijacking their victim’s web browsing and directing their web traffic to fraudulent web-sites and advertisements. Over the next five years, these cyber criminals infected nearly four million computers in over a hundred countries around the world realizing over $14 million dollars in a sophisticated “click fraud” scheme! On-line advertising has become a multi-billion dollar business and the crooks exploited it and stole millions through the use of malware.

Fortunately, through international cooperation by police, affected government agencies, the private sector and internet security firms around the globe, the bad guys were identified, charged and arrested for committing serious federal crimes this past November. The charges include a multitude of wire fraud and computer intrusion violations and they were extradited to the U.S. to face those charges where they face over 30 years in prison if found guilty. The FBI in the United States worked closely with both their Estonian partners as well and the Dutch national police identifying the bad guys and gathering the evidence in preparation for indictments and arrests. But the job wasn’t done with the charges and arrests. The FBI and the Internet Systems Consortium realized that a “safety net” had to be activated to protect folks. The servers that the bad guys were using were taken offline and replacement servers were put into place to prevent folks from losing Internet access. All this was done under a court order…and that court order expires today, July 8, 2012.

Most folks have received notice from a variety of sources to include Face book, Google, Yahoo or their internet service provider to check to see if their computer is infected with the DNS Changer malware. Because the court order expires today and the safety net goes away, everyone should check their computers as soon as possible if they have not yet done so. The process is simple and no software has to be downloaded nor is any kind of a scan necessary. One merely needs to go to www.dcwg.org and click on the Detect icon. You will then have to select the country where you live from a provided list. This second simple click will result in either a green or red colored logo. If it’s green, “life is good”, you’re not infected; if it’s red, you have been infected with DNS Changer and will be instructed how to rid your computer of the malware. It’s important to have updated, working anti-virus protection and to educate yourself about how to use the scanning and cleanup tools.

Often, it’s best to back up your data and just consult with a computer technical professional. It’s also important to notify your Internet service provider for help in reconnecting to the Internet. If you don’t fully detect and rid your computer of the malware, it can continue to control your machine and wreak havoc with other computer functions.

This case, codename, “Operation Ghost Click” involving six Estonian cyber-crooks is just the tip of the iceberg according to international security experts around the globe. We are stepping into new and frightening territory representing a new stage in international crime and terrorism. Cyber criminals operating in China, Russia and throughout the globe are “pinging” on our military, government, space industry, corporate and IT sector all day every day trying to penetrate, steal, degrade and “hijack” our most sensitive, valuable and proprietary systems. A Chinese cyber-spy, called “Night Dragon” has attacked our oil and gas sector. Another Chinese cyber-spy, “Ghost Net” conducts what are called, “spear fishing” expeditions against corporate executives and employees by identifying them and their email addresses and then emailing them unsuspecting attachments containing malware which quickly penetrates, infects and compromises their systems. Concerns we hear from the corporate security sector is that we are “shooting ourselves in the foot” by buying cheaper hardware from Asia that is infecting us with “Trojan Horses” allowing the bad guys to get into our systems by merely selling us their products. The tech sector ran to Asia years back to open up the market there and the bad guys quickly co-opted out technology and are now selling it back to us, sometimes with mal intent.

In 2007, the Zeus virus targeted and victimized financial institution worldwide. This particularly pervasive virus automatically transferred millions of dollars out of bank accounts worldwide. As the virus constantly mutated, it was nearly impossible to detect. The resulting investigation, surfaced an underground criminal economy selling stolen identities, credit cards and sensitive account information. With over 75,000 Wi-Fi networks throughout the U.S., a pervasive and growing on-line banking and commercial sector, our vulnerability seems to ever increase while security and prevention technologies just can’t keep up with the bad guys.

From a national security perspective, a computer virus or compromise could be the new “super bomb” planted by terrorists or a rogue nation against us. The “Stuxnet” virus, which shut down the Iranian nuclear centrifuge project last year, clearly exemplified the ability of a computer virus to bring a critical national infrastructure to its knees. We have seen in our nation the havoc that can be wrought when automated computer systems fail. In San Bruno, California gas explosions and in Washington, DC area train wrecks in recent years, automated computer systems caused death and destruction brought on, in these sad cases, purely because of human error. How do we cope or prepare for the intentional compromise of computer systems controlling our sensitive infrastructure components – nuclear power plants, air traffic control, water, gas, banking, and communications by international terrorists or rogue nations acting unilaterally or on behalf of terrorists? We know hackers, believed to be acting on directions of rogue nations have already penetrated and compromised portions of our military complex and our transportation systems.

We are entering into an age where a “Cyber 9/11” could be beyond our darkest nightmares. The global cooperation we saw in the DSN Changer case is the template for the future if we are to protect our national, economic and personal security. A bonafide global coalescence of police, intelligence services, private corporate and technical sectors will have to join forces against an enemy far greater than anything we’ve seen in history…and the threat will conceive, grow and conduct its nefarious activity in cyber-space.