Monday, 14 May 2012

Operation Ghost Click---You'll Likely not lose internet by July this year but......Estonian Cyber Criminals Apprehended by FBI.

We need a World with a better, safer and faster online interconnectivity. Cybercrime has and is always a bone of contention. Few know how dangerous it is, given that the daily average internet user normally spends most of their days on social networking sites such as Facebook, Twitter, Myspace and the popular e-mail provider Yahoo! However a group of Estonians didn't think so until they were apprehended. And to cap it all, the online theft machinery they put in place gathered them nothing less than $14 million. Almsot 350,000 people may likely lose internet this July. Well, that may look like a mini-figure given the ever-increasing world population, but given the fast pace of today's world, an internet-less day for one soul may result in loss of tons of information. So, just how can the IT world ensure that by July, 350,000 people do not get blocked out from the world?
Last November, Law enforcement officials took down a ring of Estonian cyber criminals that operated malicious software called DNSchanger. DNSchanger works by quietly changing the DNS servers in your computer, and then redirecting you to fraudulent versions of the websites you trust. In total, the scam netted the criminals $14million. DNS--Domain name system--is an internet service that converts user friendly domain names, such as www.facebook.com, into numerical addresses that allows computers to talk to each other. Simply put, it is the mode of communication between your computer and the very websites you visit on a daily basis. Without DNS and the DNS servers operated by the Internet service providers (ISP), computer users will not be able to browse websites, send emails or connect to any internet service. With this dangerous 'made in Estonia' malware", these cyber criminals were able to control DNS servers. As a result, unsuspecting users are forced to fraudulent websites, havinterference during their web surfing and expose their computers to various kinds of other malicious softwares.

An Update as of March 12, 2012 released by the FBI reads: To assist victims affected by the DNSChanger malicious software, the FBI obtained a court order authorizing the Internet Systems Consortium (ISC) to deploy and maintain temporary clean DNS servers. This solution is temporary, providing additional time for victims to clean affected computers and restore their normal DNS settings. The clean DNS servers will be turned off on July 9, 2012, and computers still impacted by DNSChanger may lose Internet connectivity at that time.
Another FBI Statement released by the Asst. Director in Charge Janice Fedarcyk, New York, November 09, 2011 reads: "The indictment, announced today, describes an intricate international conspiracy conceived and carried out by sophisticated criminals.
Working primarily from Estonia and Russia, the defendants effectively hijacked 4 million computers in a hundred countries—including half a million computers in the United States. Those half-million U.S. computers include those used by individuals, as well as computers housed in businesses and government entities such as NASA.
The harm inflicted by the defendants was not merely a matter of reaping illegitimate income. The defendants also inflicted the following:
  • They victimized legitimate website operators and advertisers who missed out on income through click hijacking and ad replacement fraud.
  • Unwitting customers of the defendants’ sham publisher networks were paying for Internet traffic from computer users who had not intended to view or click their ads.
  • Users involuntarily routed to Internet ads may well have harbored discontent with those businesses, even though the businesses were blameless.
  • And then there is the harm to the users of the hijacked computers. The DNSChanger malware was a virus more akin to an antibiotic-resistant bacterium. It had a built-in defense that blocked anti-virus software updates. And it left infected computers vulnerable to other malware.
In his 2005 book, “The World is Flat,” Tom Friedman was writing primarily about the globalization of the legitimate economy in the 21st century. As we have seen today, by identifying subjects in Estonia who caused a server in Manhattan to direct a user in Germany to a website in California—the FBI has proved the world is truly flat.
The Internet is ubiquitous in everyday life because it shrinks the world in so many positive ways: in commerce, in academia, in entertainment, and in communications. But it is a tool, and it can be exploited by those with a little know-how and bad intentions.
In this context, international law enforcement cooperation and strong public-private partnerships are more than discussion topics for symposiums. They are absolute necessities.
Today, with the flip of a switch, the FBI and our partners dismantled the Rove criminal enterprise. Thanks to the collective effort across the U.S. and in Estonia, six leaders of the criminal enterprise have been arrested and numerous servers operated by the criminal organization have been disabled. Additionally, thanks to a coordinated effort of trusted industry partners, a mitigation plan commenced today, beginning with the replacement of rogue DNS servers with clean DNS servers to keep millions online, while providing ISPs the opportunity to coordinate user remediation efforts.
To determine whether you have been a victim and, if so, what corrective steps you should take, the FBI has provided detailed information for you to review on our website, www.fbi.gov. It must be stressed, however, that users who believe their computers may be infected should also contact a computer professional.
Thanks, as always, to Preet Bharara and the U.S. Attorney’s Office for the Southern District of New York; to Assistant United States Attorneys Sarah Lai, James Pastore, and Alexander J. Wilson; and to NASA Inspector General Paul Martin and his staff.
The efforts of the Estonia Police and Border Guard were, and remain, essential to this investigation.
Thanks also to the Dutch National Police Agency’s National High Tech Crime Unit.
The assistance and cooperation of many entities in the private sector have been invaluable in identifying the source of this far-reaching scheme, and in our mutual ongoing efforts to mitigate it.
The FBI’s investigation is led by Special Agent Milan Patel and his supervisor, Christopher Stangl. They, along with Assistant Special Agent in Charge for Cyber Dan O’Brien and Special Agent in Charge for Special Operations/Cyber Mary Galligan, deserve singling out for their cutting-edge investigating, their tireless determination, and their skillful coordination of this complex matter."
The authorities had no way to identify and notify those who were infected that they needed to disinfect and change their DNS, so they were forced to clean up and take over the criminal's servers to avoid a massive disruption in internet service to millions of users worldwide. However, this was more of a temporary move just to salvage the situation at hand, as the law enforcement officials are planning to take these servers offline in July. This is where the estimated 350,000 people could be badly affected."


Details of the two-year FBI investigation tagged Operation Ghost Click were announced today in New York when a federal indictment was unsealed. Officials also described their efforts to make sure infected users’ Internet access would not be disrupted as a result of the operations. For more details of this story click Here.

1 comment:

  1. I've been using AVG security for a couple of years now, I'd recommend this Anti virus to everyone.

    ReplyDelete