Thousands may lose internet in July

2012-04-21 19:03

Washington - For computer users, a few mouse clicks could mean the difference between staying online and losing internet connections this summer.

Unknown to most of them, their problem began when international hackers ran an online advertising scam to take control of infected computers around the world. In a highly unusual response, the FBI set up a safety net months ago using government computers to prevent internet disruptions for those infected users. But that system is to be shut down.

The FBI is encouraging users to visit a website run by its security partner, , that will inform them whether they're infected and explain how to fix the problem. After July 9, infected users won't be able to connect to the internet.

Most victims don't even know their computers have been infected, although the malicious software probably has slowed their web surfing and disabled their antivirus software, making their machines more vulnerable to other problems.

Last November, the FBI and other authorities were preparing to take down a hacker ring that had been running an internet ad scam on a massive network of infected computers.

"We started to realise that we might have a little bit of a problem on our hands because ... if we just pulled the plug on their criminal infrastructure and threw everybody in jail, the victims of this were going to be without internet service," said Tom Grasso, an FBI supervisory special agent.

"The average user would open up Internet Explorer and get 'page not found' and think the internet is broken."

On the night of the arrests, the agency brought in Paul Vixie, chair and founder of Internet Systems Consortium, to install two internet servers to take the place of the truckload of impounded rogue servers that infected computers were using.

Federal officials planned to keep their servers online until March, giving everyone opportunity to clean their computers. But it wasn't enough time. A federal judge in New York extended the deadline until July.

Now, said Grasso, "the full court press is on to get people to address this problem." And it's up to computer users to check their PCs.

Modus operandi

This is what happened:

Hackers infected a network of probably more than 570 000 computers worldwide. They took advantage of vulnerabilities in the Microsoft Windows operating system to install malicious software on the victim computers. This turned off antivirus updates and changed the way the computers reconcile website addresses behind the scenes on the internet's domain name system.

The DNS system is a network of servers that translates a web address —-such as - into the numerical addresses that computers use. Victim computers were reprogrammed to use rogue DNS servers owned by the attackers. This allowed the attackers to redirect computers to fraudulent versions of any website.

The hackers earned profits from advertisements that appeared on websites that victims were tricked into visiting. The scam netted the hackers at least $14 million, according to the FBI. It also made thousands of computers reliant on the rogue servers for their internet browsing.

When the FBI and others arrested six Estonians last November, the agency replaced the rogue servers with Vixie's clean ones. Installing and running the two substitute servers for eight months is costing the federal government about $87 000.

The number of victims is hard to pinpoint, but the FBI believes that on the day of the arrests, at least 568 000 unique internet addresses were using the rogue servers.

Five months later, FBI estimates that the number is down to at least 360 000. The US has the most, about 85 000, federal authorities said. Other countries with more than 20 000 each include Italy, India, England and Germany. Smaller numbers are online in Spain, France, Canada, China and Mexico.

Vixie said most of the victims are probably individual home users, rather than corporations that have technology staffs who routinely check the computers.

FBI officials said they organised an unusual system to avoid any appearance of government intrusion into the internet or private computers. And while this is the first time the FBI used it, it won't be the last.

"This is the future of what we will be doing," said Eric Strom, a unit chief in the FBI's Cyber Division. "Until there is a change in legal system, both inside and outside the United States, to get up to speed with the cyber problem, we will have to go down these paths, trail-blazing if you will, on these types of investigations."

Now, he said, every time the agency gets near the end of a cyber case, "we get to the point where we say, how are we going to do this, how are we going to clean the system" without creating a bigger mess than before.

  • Piet - 2012-04-21 19:24

    Microsoft = Most intelligent customers realise our software only fools teenagers.

      Gieljam - 2012-04-22 10:52

      Piet You seem to have something up your sleeve What is the answer your comment serves no positive outcome

      philip.venter1 - 2012-04-22 11:06

      Wasn't it just a couple of months ago that these guys were trying to take away our internet themselves through SOPA and all those campaigns and now they want to protect us from others who want to take our internet away. You can't trust anyone these days...

      Oneant - 2012-04-22 11:35

      @Gieljam : Piet's answer serves to inform you that Windows is the most inherently vulnerable and exploited operating system in the world - and because zero-days become more like zero-months due to its owner (Aka. Microsnot), neglecting to patch them timeously, it basically ends up serving as a fancy light show for click junkies. Thankfully Linus Trovalds gave us the Linux Kernel. Without it the Internet would either not even exist, or in the very least look like something Internet Explorer 4 pooped out.

      Fred - 2012-04-22 12:47

      LINUX - Power to the penguin

      Piet - 2012-04-22 20:51

      Gieljam Ms products over some security, others offers rich security features. if you buy MS you heva to be content with high running cost and a fair amount of downtime.

      John - 2012-04-23 05:36

      Applauses for the Penguins !!!! Unfortunately KDE and Gnome didn't attract many home users. You're dreaming about "open source" global domination....go back to your vi are off topic here

      dewaldmontgomery - 2012-04-23 06:59

      Except that Microsoft employs thousands on payroll, from junior to mid to senior level, contributes millions in social responsibility, pays billions in taxes, etc. Gee, if Microsoft had any operations locally, they would have helped run decent towns and cities just on their taxes alone!

      dewaldmontgomery - 2012-04-23 07:01

      And by operations, I don't mean a call centre, regional offices or a distribution channel comprised of third parties. I mean the real thing, as in Redmond.

      Preshen - 2012-04-23 07:49

      IBM : Idiot Behind Machine

      Preshen - 2012-04-23 08:05

      There is no life without internet

  • Beverley - 2012-04-21 19:31

    Surely this story should be dated April first. Sooo far fetched

      markmc83 - 2012-04-21 20:28

      Working in IT, I don't see in what way this is far fetched. There are hundreds of botnet's around, this article refers to one that has been shut down. There millions of zombie computers, the majority of people have no clue in respect of computer security and are infected, or are at high risk of being infected.

      Oneant - 2012-04-22 11:38

      What worries me is that all these botnets conveniently sanctions the FBI to set up what amounts to packet sniffers and proxywalls all over the US Internet backbone.

      Truth24 - 2012-04-23 10:39

      LulzSec controlled 800k bot machines. That's an army.

  • goyougoodthing - 2012-04-21 19:43

    I would trust hackers ahead of the FBI telling me what to do. WHo says they are not putting spyware on your computer.

      Stille - 2012-04-23 10:12

      and you are a prime example of where little knowledge makes you part with you money very quickly.

      Joe - 2012-04-25 00:11

      goyougoodthing, I have a lottery ticket here with your winning number on it. Please contact me ;) Actually your sentiments are misplaced. Common sense should rule. If you look at some of the people used, we find Paul Vixie. Now Paul Vixie wrote cron, BIND etc. Without him we would be close to getting to the stone age currently in computer terms :) Let's give the devil his due - the FBI are walking a tightrope between big money interests in the USA and protecting their own people on the net. They can only do the latter by protecting "all" the people.

  • Marius - 2012-04-21 20:00

  • Marine - 2012-04-21 20:17

    Sounds more like a SOPA/PIPA ploy.

      Antebellum - 2012-04-23 15:17

      Your are on the money. They are pushing hard to gain controll of the internet. There have been many articles lately that try to scare (non-technical) people into believing that EVERYTHING and EVERYONE is being hacked. These scare tactics will make it easier to get concensus when they want "regulate" the internet. News24 has published quite a few of these articles recently. (I suggest you take these with a grain of salt) I found the one about NASA being hacked quite funny indeed. We were supposed to believe that NASA, who is smart enough to build super computers, simulate super novas and send people and machines to the moon are stupid enough to connect servers that contain highly sensitive and classified information to publicly accessible networks. There was also the story about Post bank being "hacked for R42 million". Most stories stated that an "international hacking syndicate" was responsible. It turned out that this was local(as usual). They gained access to a Post bank employee's computer(most probably an inside job) and transfered funds from there. One of the purpetrators, Teboho Donald Masoleng(very international), was arrested in Welkom (a foreign city perhaps?)

  • Jonathan - 2012-04-21 22:08

    "The average user would open up Internet Explorer and get 'page not found' and think the internet is broken." Well... If you're using Neotel, Then chances are that it actually IS broken MOST of the time!

      zane.zeiler - 2012-04-21 22:45

      lol, true that!

      ArchAngel - 2012-04-22 08:05

      NEOTEL = The railway's telecom department. Now, if you look at how they've broken the train service in South Africa, you can probably understand why they have broken their telecom system as well.

      Sam - 2012-04-22 08:12

      Hey Jon, is Neotel really bad? I was thinking of switching my ADSL to them.

      Jonathan - 2012-04-22 11:04

      @Sam, I'm really unhappy with them. My connection is always dropping and when it does actually work, the actual speeds are painstakingly slow -.- . Besides I may just want to shoot myself after hearing M-Webs new 1meg uncapped offering for under 200 bucks O_O>>>

      sean.redmond3 - 2012-04-23 15:00

      @Jon. "the actual speeds are painstakingly slow -.- . " Something like Vodacom speed in EC.

      Glenda - 2012-04-23 19:05

      Our side of town is safe, telkom still believes in OXWAGON style,have uncapped 4mb, we are lucky to get 1mb!@!!!!

      Glenda - 2012-04-23 19:14

      Well our side of town is safe, TELKOM BELIEVES IN OXWAGON STYLE here,pay for 4mb uncapped from TELKOM,very lucky to get 1mb, is that not grand theft?

  • Melania - 2012-04-21 22:26

    When I tried to access the link, it didn't work. I bought every issue of pc format since 2005 and don't remember anything about this. I agree, it may be the FBI accessing our computers...

  • Xavier7034 - 2012-04-21 22:31

    Sentech, Telkom, failure

      alansmartSnr - 2012-04-22 02:00

      ..and C# is the platform to do it. The lingos are "C", "C+" and "C++".. C# can almost be defined as "C+++". These are all Microsoft languages and have their origens and improvements from the Visual Basic family.

      Truth24 - 2012-04-23 10:57

      @alansmartSnr. Gaan lekker daar in Stellenbosch ne?

      Alan - 2012-04-23 14:27

      Very well put alansmartSnr! I couldn't have said it better myself. I am surprised many others commenting have not mentioned this. By the way what the hell are you talking about?

      Phalo - 2012-04-23 14:37

      @AlansmartSnr: NOOOO! Oops I caught your joke late, sorry mate bwaaaahahha!

  • adam.hannath - 2012-04-21 22:49

    FBI (government organisation of the the country who is pushing hardest for and recently enforced extreme internet restrictions - SOPA) want you to visit a site to see if you're infected by a \y2k' style virus...possibly click on a few download links...maybe upload some personal data...

  • hans.dewet - 2012-04-22 00:30

    Computer AIDS: you don't know you have it and it makes you vulnerable to other diseases.

  • alansmartSnr - 2012-04-22 01:54

    This is a very topical article as rumours abound that this is one of the methods that will be used to bring the e-toll system to a grinding halt. Perhaps this is just a hoax because I was talking to a stranger the other day and he said that the I.H.C. (the International Hackers Club) is working on this. He claims to be a member.

  • Gieljam - 2012-04-22 10:45

    Most of we users should see this as all well intended and safe to do. Only as a novice still in this field ,who says we are now not exposing our self's even more to abuse ? Because if you allow people into your "computer" directly wont they now have some more control over you as such? I once used outside assistance to check the computer register and then there after having found out they now wanted so to speak "power of attorney " over me declined the offer where after I virtually had to have my computer rechecked as it was playing up. Just asking.

  • Gieljam - 2012-04-22 10:56

    Bet you a Trillion to one this site is going to get no "HIT" from the brother hood other than a virus......

  • Chris - 2012-04-22 12:14

    I smell a rat. This is a very unusual response from the FBI to something that should rather have been tackled by anti-virus corporations and yet they remain very silent on the matter.

      Heinrich - 2012-04-23 07:58

      "Internet is broken" was a give away for me...

  • Saleé - 2012-04-22 19:49

    It's probably Julius Malema's fault :-P

      sean.redmond3 - 2012-04-23 15:06

      Not Juju, he could not "Break Wind".

  • Zimbobwe - 2012-04-22 21:24

    Typical Windows OS. For peace of mind try Linux and RedHat to be precise.

      Zimbobwe - 2012-04-23 15:26

      Yes and because it's free. You can download and install Mozilla Firefox to surf the net.

      Zimbobwe - 2012-04-24 14:48

      I didn't find any difficulties surfing the net on Linux. Firefox works the same on both Windows and Linux. My 10yr old daughter can use it on both operating systems.

  • Brent - 2012-04-23 01:09

    @jonathan mweb is so cheap yes but thanks to telkom and there line rental u end up paying R488 for 1meg...get rid of telkom and we trully will have cheaper internet in this country

  • Billy - 2012-04-23 01:54

    DNS redirectors have been around for ages and most security software of today has "complete" protection against it, does this sound familiar? "When I open my internet, this other weird page comes up, it wont go away!?" same thing really.. It is actually strange that the FBI of all people are making noise about this now. Unless they are expecting it to be an attack on them, again, and are trying to minimise the bot count. Either that, or its the "conspiracy theory" of them getting in on your personal data, which is not really that surprising these days when you look at smartphones(blackberry,iphone,etc.) and Carrier IQ(data diagnostic & collecting company). We only know about them because they were "caught out". at end of the day, if you dont know what is is, dont click on it, ask someone who knows.

  • jacky.horn - 2012-04-23 07:32

    from the horse's mouth, use it loose it

  • Bee2205 - 2012-04-23 08:34

    How does this affect us here in South Africa?

      rurapenthe - 2012-04-23 11:43

      Your computer uses a DNS server to lookup IP addresses, much like a phone book gives your a phone number for SMITH. So is a name but needs to be translated into an IP address so your computer can find where it lives on the Internet. Usually your ISP has the DNS servers that you use. However Malicious users created their own farm of DNS servers which give false IP addresses for certain (important) websites which can redirect your computer to them. They then used Malware to distribute these settings to computers. So your computer could be trying to lookup where is to connect to its services, but if you have the "malware" DNS servers on your settings you will be given a fake address. The FBI were able to attach these servers legally but were not allowed to modify them. So all they can see is that A LOT of users are still using these servers. The FBI cannot keep them running forever and will shut them down in July. Computers that are still using these DNS servers to lookup domain names, will thus fail and it will appear that "The user is offline" and hence their internet is gone. So, the fix is to check whether you are infected, by checking if your computer is trying to query the wrong DNS servers instead of the proper ones you should be, and then following steps to correct that problem.

      DuToitCoetzee - 2012-04-23 12:28

      Thanks rurapenthe. You post this after I ask for easier explanation. Ignore my comment later. Questions. When You realized you can connect to a website cant you than just Google/search for a new link and wipe your previous one or are their software still in that will you not allowed to find a new link. Does it means that you have to clean and re-install all in again? Will these software not be identified in such a way that they can create other software that one can run to identified and clean, but buying it cheaply from a shop. After that one can re-install new links. What if the service providers have software that filter your searches and if find to use these derailed links/website they can let a pop-up inform you to download a cleaner from them and than you start refresh links? I am sure my service provider knows more of me that I would have like, but pulling the FBI into this does not make me comfortable.

      rurapenthe - 2012-04-23 14:51

      @DutoitCoetzee The links you go to will not be able to tell you if you got them from the correct DNS server or not. A DNS server just replies to your request for what address is at on the internet. If it gives you the wrong or the right one - on your side you will only see I dont think it warrants having to buy stuff from the shops. The big guys like Mcafee, Symantec etc will and do have software on their site to help you remove the malware and restore your settings. If you're using a DSL modem, or 3G etc your DNS settings should be on "automatic." The malware should have changed this to manual and specified servers (their ones). The FBI's involvement was probably due to the attack surface these guys had - plus they are big enough to have successfully obtained a court order to take over those rogue servers, which i dont imagine is a menial task.

      DuToitCoetzee - 2012-04-23 16:19

      Thanks. Than I will stay with my idea of waiting and hope my service provider doing something. I am also considering your link given for checking. Thanks again!

  • rurapenthe - 2012-04-23 11:24

    I created another site to test if you don't want to visit the FBI one - you can browse it at - Remember any site that checks DOES NOT need to download software to your machine. So avoid anything that tries to do that.

  • DuToitCoetzee - 2012-04-23 11:46

    I admit everyone is talking over my head. Sometimes I think I am blessed being so dumb in the IT industry. It is like stressing the world is going to end on a certain date just to hear weeks before it that they red the ancient calender wrong. I have decided the following. 1) I am not going to link up with the FBI website. 2) I am not going to start stressing and will only stress and try to sort out when it happens. 3) Companies bargain on me surfing/using the internet and therefore will try their best to prevent and supply us with easier alternative to prevent/fix the problem. I know I am taking the stand of an ostrich, head in the sand/hole, but that is the only conclusion I can come up with. Maybe one or more of you guys that knows can put it to us in understandable terms, the risks and what your gut feeling tells you we should do. From an I. O. (definitively not "intelligent operator", but rather an idiotically operator".;) )

      Joe - 2012-04-25 00:16

      Why not use Kaspersky's checker - they are Russian, owner Eugene Kaspersky. Google ;)

  • Loo - 2012-04-23 12:47

    Another Doomsday article ??? The world ends anyway in 2012 .. doesn't it !!!??? ,,, damn I can not keep up it seems

  • robbie.crouch - 2012-04-23 14:07

    Eish... not the end of the world as we know it folks... media sensationalism at it's usual worst again.

  • Ben - 2012-04-23 15:35

    Load of bull. Let the FBI herd their own people. leave the rest of the world alone.

  • Antebellum - 2012-04-23 15:49

    These stories, when viewed in context are just pure sensationalism. It is an attempt to get concensus so that they can regulate the internet. Would you be shocked if I told you that 568 000 homes(worldwide) that did not have burgler bars or alarm systems and left their doors unlocked were broken into? Probably not. Would you suggest that we have an international agency to set up surveilance and monitor everyone's houses? Probably not. Your computer is your home on the internet, you should take the same preacautions as you would with your house. Get a firewall(burglar bars), antivirus(alarm system) and spyware removal(chubb). Problem solved. There are many free versions available. I suggest: ZoneAlarm(firewall) Avast(antivirus) Malwarebytes(Spyware removal)

  • Billy - 2012-04-23 15:51

    just for a laugh heres another conspiracy theory or 2 The FBI actually hijacked your DNS settings ages ago in attempt to monitor internet traffic and are now under pressure from "anonymous" to shut down this operation because of continious cyber attacks on the FBI and government bodies.. someone said, yeah yeah how can hackers get into NASA and all that because they have super scientists and smart people etc. The funny thing is, its some of those same people that are part of "anonymous" when they are not at work..

  • Arthur - 2012-04-24 14:21

    Bunch of no good scare mongers.

  • Steynje - 2012-04-24 15:07

    I'm just wondering what actually (if anything at all) goes through some people's mind when they're writing comments on here. Not buff at all.

  • Joe - 2012-04-25 00:05

    Sorry guys and girls, but the threat is real. While I understand the skepticism, the reality is that malware writers are way, way ahead of the anti-virus vendors. So you think you are safe having run your (insert favourite anti-virus name here). What about all those you deal with on a day to day basis. In a real life incident malware was found used for a DDoS on an South African attorney's PC. Other local participants were also DDoS'ing, including companies. Some of their CIOs did not even know what a DDoS was. South Africans had better wake up and start start smelling the roses. That 250MB/500MB package is simply not enough for continuous updates as AV updates becomes bigger, applications such as Flash etc need to be updated more regularly to avoid being pawned. They should actually be illegal as those trying to save megabytes afefcts each and every one of us - we are all connected.

  • pages:
  • 1