Greeley Gazette reader 20 minutes ahead of CBS News release of Operation Ghost Click

By Craig Masters

Monday afternoon February 20, the Greeley Gazette posted an informative article about the possibility that many computer users might lose their access to to the internet when, not if, the FBI shuts down servers it put into place last November to replace rogue computers operating malware called “DNS Changer.”

Almost immediately readers submitted comments such as, “Where the heck is Estonia?” One fellow asked how could six guys sitting around in a hut in some third world country hack the IRS? Good questions, but the most ironic inquiry was posted at 6:10am this morning questioning the story because that reader hadn’t seen such a story anywhere else.

Twenty minutes later, at 6:30am, Dave Johnson of CBS News posted:
“Why the FBI might soon cut off your Internet”
and reported the story much the same as published Monday in the Gazette.

In the interest of those who might want more evidence of such a problem before paying a computer professional to check their machine(s), this article contains additional background materials.

The defendants were indicted in U.S. District Court for the Southern District of New York. Arrests in Estonia were the culmination of 2 years of investigations, dubbed “Operation Ghost Click,” by law enforcement organizations in several countries.

Here is an excerpt of the information available from the FBI:
“The indictment, announced today (November 10 2010) , describes an intricate international conspiracy conceived and carried out by sophisticated criminals,” said Janice Fedarcyk, assistant director in charge of the FBI’s New York Field Office. “Today, with the flip of a switch, the FBI and our partners dismantled the Rove criminal enterprise. Thanks to the collective effort across the U.S. and in Estonia, six leaders of the criminal enterprise have been arrested and numerous servers operated by the criminal organization have been disabled.”

According to the indictment, the defendants waged the clickjacking scheme from 2007 to October 2011. They operated a number of companies that appeared to be legitimate Internet companies and worked with legitimate advertising brokers. Using a type of malware known as DNS Changer, they were able to take over victims’ computers. The malware surreptitiously changed DNS server settings on infected computers, allowing the defendants to redirect web browsers to websites and ads that generated revenue when users clicked on them. In some instances, DNS Changer prevented anti-virus programs from updating, leaving the infected computers open to more malware attacks.

A PDF available by searching the FBI web site explains that the replacement servers will not remove the DNS Changer malware—or other viruses it may have facilitated—from infected computers. Users who believe their computers may be infected should contact a computer professional. They can also find additional information in the links on this page, including how to register as a victim of the DNS Changer malware. The FBI’s Office for Victim Assistance will provide case updates periodically at 877-236-8947.

But for those who may still want a source outside the U.S. government, the German central police agency BSI web site from November 2011…

“BSI empfiehlt Überprüfung von PCs auf Schadsoftware “DNS-Changer”

roughly translated by this reporter: BSI recommends review of PC’s on malicious software, “DNS-Changer

The site continues: “Überprüfung des eigenen Rechners vor dem 8. März 2012 sinnvoll”

which says: Review of (your) own computer before March 8, 2012 makes sense

Verbreitet wurde die Schadsoftware durch das so genannte “DNS-Changer-Botnetz“, dessen Betreiber im November 2011 von der amerikanischen Bundespolizei FBI und europäischen Ermittlungsbehörden verhaftet wurden. Die von den Onlinekriminellen manipulierten DNS-

… those who spread the malware “DNS-Changer botnet” were arrested in November 2011 by FBI and European authorities….

Server wurden nach der Festnahme vom FBI durch korrekt arbeitende DNS-Server ersetzt. Diese Server sollen jedoch zum 8. März 2012 abgeschaltet werden.

The FBI installed replacement servers. However, these servers will be shut down March 8, 2012.

My apologies for the roughness of my translation. I do, however, believe I have captured the essence of the German’s press release.

This entry was posted in General News and tagged , , , , , , , , , , , , , , , , , , , . Bookmark the permalink.

2 Responses to Greeley Gazette reader 20 minutes ahead of CBS News release of Operation Ghost Click

  1. eff ewe says:

    FBI can’t shut the internet off you boob. They can monitor, they can recommend, they can prosecute perverts but 25% of the economy goes with the internet. You want a depression to end ALL depressions, shut down the internet. How ever did we survive before arpnet? Don’t you know a decentralized network can be thrown up in hours, if not minutes. The largest intranet in the world. The only completely safe box is the one with no input ports or drives, period. Can’t run an internet with those so this is more fear mongering.

    Besides, how many of the billions of pages world wide HAVE you been to? Maybe we just fire walled YOU OUT! How would you know?

  2. Katie says:

    Read it again. Slowly. Or have someone who can read got you explain exactly what it says. The FBI is simply shutting off their own servers. Those who are routed through these servers will lose Internet service.

    PC world explains it too.

    Sorry you didn’t understand the article, but writing to a level less than 6th grade bores the rest of us.

Leave a Reply

Your email address will not be published. Required fields are marked *