On July 9, thousands of Canadians and hundreds of thousands of people worldwide could be without access to the internet after the FBI shuts down temporary DNS servers used to assist victims of a massive internet fraud ring.
All computers that still use these servers will meet a virtual brick wall on July 9 and be unable to connect to the internet until their computers are cleared of the associated ‘DNSChanger’ virus.
The shutdown of the temporary DNS servers by U.S. authorities is the last stage in Operation Ghost Click, a two-year international investigation that officially ended in November 2011.
The FBI, in association with international law enforcement, managed to track and apprehend six Estonians using an ostensibly legitimate front company who had organized a sophisticated system of false DNS servers.
These servers rerouted the web browsers of infected computers to sites of the hackers’ own choosing, some of which were fraudulent in nature.
Computers were forced to connect to the internet through these servers by a customized virus called DNSChanger that was distributed along conventional channels, such as infected emails, bad websites, and malware scripts.
When it broke up the hacking group in 2011, the FBI established temporary ‘clean’ servers in place of the bad ones so that computers infected with DNSChanger wouldn’t suddenly be cut off from the internet.
However, the contract to maintain these servers will end July 9, resulting in their shutdown.
“An extension has not been requested,” says Jenny Shearer, a spokesperson for the FBI’s National Press Office. According to Paul Vixie, chairman and founder of the Internet Systems Consortium (ISC) that has been operating the temporary servers for the FBI, the fraud had snared nearly 650,000 machines worldwide, about 25,000 of which were in Canada. He says the scheme is also estimated to have netted nearly $20 million over four years for those behind the virus.
Since November 2011, the number of computers still infected with DNSChanger has dropped substantially to 275,000 worldwide. In Canada, only about 7,000 machines are estimated to remain infected, as a result of efforts by the FBI and computer security companies to get users to follow instructions on how to check for and remove the virus.
However, for the thousands of users whose computers are still infected with DNSChanger, their machines will continue to redirect towards the DNS address supplied by the virus. They won’t be able to get online unless they clear the virus from their computer.