Planned US Internet Blackout On March 8 Raises Concerns
A disturbing Ministry of Trade report circulating in the Kremlin today is raising serious concerns over the United States plan to shut down significant parts of the Internet on 8 March in a move many Russian experts warn could be a prelude to massive attacks against the growing number of dissidents in that country.
According to this report, The Federal Bureau of Investigation (FBI) will unplug on 8 March the Domain Name System (DNS) servers it set up to replace rogue DNS servers that sent victims to malicious sites. A report on Infoworld said the removal of this temporary fix may affect “a substantial number” of users, as half of Fortune 500 companies and US government agencies are infected with the malware, not to mention tens-of-millions of privately owned American computers.
…the feds replaced the criminals’ servers with clean ones that would push along traffic to its intended destination. Without the surrogate servers in place, infected PCs would have continued trying to send requests to aim at the now-unplugged rogue servers, resulting in DNS errors.
The malware, called DNSChanger Trojan, is said to illegally redirect traffic and prevent users from accessing the updates necessary to remove it. Without access to these critical patches, these large companies, government agencies, and home users are said to be more susceptible to hackers.
This prompted InfoWorld to wonder:
This fact does raise the question of why so many Fortune 500 companies and government agencies have failed to notice they have a problem, as they presumably have IT security professionals on staff who should be monitoring such incidents.
Those computers still infected with the Trojan will not be able to access the Internet after the FBI shuts down their temporary servers.
The feds received a court order in November, 2011 to replace the “rogue” servers with surrogate servers to operate “just long enough for companies and home users to remove DNSChanger malware from their machines.”
Rod Rasmussen, president of Internet security company Internet ID, told Krebs on Security that there are still millions of PCs infected with DNSChanger. “At this rate, a lot of users are going to see their Internet break on March 8.”
A working group advising the FBI is said to be considering requesting an extension of the court order to give more time to users of infected machines to remove the malware.
Although this may indeed be a very real problem that Internet users must be vigilant to protect themselves from, depending on the government to provide servers when their own agencies are infected doesn’t seem like a trustworthy solution. Additionally, a previous private-government working group put together in 2009 to combat the Conficker Worm has accomplished very little as 3 million computers are still said to be infected.
These viruses are called Trojans because they are disguised as something friendly, enter computers, and then install malicious software. Someone with a healthy distrust of the government may see the FBI’s warning that millions will be cut off from the Internet as a Trojan Horse itself so that they may retain control over the new servers.
After all, if the FBI is controlling the “legitimate” servers, wouldn’t they have access to all the traffic information of individual users and large corporations? #Link
The rogue DNS servers replaced by the FBI were seized this past November in Estonia following a two-year operation called “Ghost Click” where six Estonians working for Rove Digital were taken into custody by Estonian authorities in what is called the biggest cyber criminal takedown in history and the US is now hoping to extradite them; a Russian suspect said remains at large.
Those captured by the FBI and Estonian authorities used DNS Changer malware to redirect unsuspecting users to rogue servers that allowed them to manipulate users’ web activity. When users clicked on the link for the official iTunes website, for example, they were instead taken to a completely different website that purported to sell Apple software. These criminals, reports the FBI, are believed to have made at least $14 million from the scam.
Federal Security Services (FSB) addendums to this report note that even though FBI and Estonia authorities took claim for this cyber bust it was, in fact, Russian officials who supplied the critical information needed for bringing down this criminal ring after extracting a detailed confession from Russian Internet businessman Pavel Vrublevsky, and self-confessed MOSSAD agent, in late October, 2011, prior to his sentencing in a Moscow Court.
Vrublevsky was knowledgeable about the Estonian operation through his association with Rove Digital founder Vladimir Tsastsin who was a major investor in his company ChronoPay, a major Russian payment processing firm.
Upon forwarding their information to FBI and Estonian authorities about Rove Digital’s rogue servers, the FSB says in this report, Russian computer security experts sought to reverse the damage done to millions of computers around the world by manipulating the malware used which would have, in essence, neutralized the threat, but were overruled by the Americans who, instead, seized the servers a few days later and appropriated the malware for their “own uses.”
To why the US would not apply a rapid fix to the millions of computers affected by this malware as suggested by Russian experts, and, instead, replace the rogue servers with their own, and then turn around on 8 March and disconnect them all has left many in the Kremlin puzzled and concerned.
The greatest concern, this report says, is the “high potential” for the US to further infect computers without anyone realizing what they are doing so that on 8 March millions of Americans would discover they no longer had access to the Internet, and would not know why.
To effectively engineer an Internet blackout, while at the same time holding themselves blameless, the Ministry says, could be linked to any number of dissident suppression moves known to be being planned by the US which as of 9 February had already jailed at least 6,509 people protesting against the Obama regime. #Link