FBI Operation Ghost Click will Shut Off Internet for Thousands
It is currently expected that hundreds of thousands of infected PCs will lose internet connectivity come Monday July 9 at 12:01 am. The loss of connectivity is related to a widespread virus and massive botnet, known as the DNSChanger virus. At one point, a reported 4 million computers around the world were estimated to have been infected by this virus, which redirected internet connectivity for the affected unbeknownst to the user. It is currently reported that some 275,000 machines are still infected.
On November 8, the FBI, the NASA-OIG and Estonian police arrested several cyber criminals in “Operation Ghost Click”. The criminals operated under the company name “Rove Digital”, and distributed DNS changing viruses, variously known as TDSS, Alureon, TidServ and TDL4 viruses. You can read more about the arrest of the Rove Digital principals here, and in the FBI Press Release.
The virus was part of an international scheme to set up a widespread online advertising network through the infected machines, and controlled by DNS systems under the hacker group’s control.
“The botnet operated by Rove Digital altered user DNS settings, pointing victims to malicious DNS in data centers in Estonia, New York, and Chicago. The malicious DNS servers would give fake, malicious answers, altering user searches, and promoting fake and dangerous products. Because every web search starts with DNS, the malware showed users an altered version of the Internet.”
When it was discovered, the FBI launched “Operation Ghost Click”, which enters its final phase Monday. The operation has been running temporary DNS servers to maintain connection for the affected systems, while efforts to clean and remove the virus could take hold and lessen the impact of taking the systems offline. The planned removal of those temporary systems is scheduled to take place in days.
The following video shows the Geolocation of computers infected with DNSChanger showing the number infections per hour for the time period from January 1, 2012 to March 31, 2012.
The collaborative efforts of ISP’s, security companies, and even online sites such as Google and Facebook, have provided warning and removal instructions for infected computers since the response operation launched. An informational website http://www.dcwg.org/ has been set up and offers detection, fix, and protection guidelines for users to protect themselves.
A message from John Furrier, co-founder of SiliconANGLE:
Support our mission to keep content open and free by engaging with theCUBE community. Join theCUBE’s Alumni Trust Network, where technology leaders connect, share intelligence and create opportunities.
- 15M+ viewers of theCUBE videos, powering conversations across AI, cloud, cybersecurity and more
- 11.4k+ theCUBE alumni — Connect with more than 11,400 tech and business leaders shaping the future through a unique trusted-based network.
About SiliconANGLE Media
SiliconANGLE Media is a recognized leader in digital media innovation, uniting breakthrough technology, strategic insights and real-time audience engagement. As the parent company of SiliconANGLE, theCUBE Network, theCUBE Research, CUBE365, theCUBE AI and theCUBE SuperStudios — with flagship locations in Silicon Valley and the New York Stock Exchange — SiliconANGLE Media operates at the intersection of media, technology and AI.
Founded by tech visionaries John Furrier and Dave Vellante, SiliconANGLE Media has built a dynamic ecosystem of industry-leading digital media brands that reach 15+ million elite tech professionals. Our new proprietary theCUBE AI Video Cloud is breaking ground in audience interaction, leveraging theCUBEai.com neural network to help technology companies make data-driven decisions and stay at the forefront of industry conversations.
