Internet Performance Delivered right to your inbox

Answering Four Key Questions About Operation Ghost Click

DNS is in the news as the FBI will be shutting down Internet use for a large amount of U.S. based users this July, so we wanted to take a moment to bring some clarity to the situation especially if you’re one of the people that could be affected.

So what happened?

This all began a while back when six Estonians launched malware called “DNSChanger.” Basically, what this did was change your directory assistance server from a good one to a bad one. Domain Name Servers (DNS) get you to where you want to go on the Internet, even if you don’t realize you’re using them.

DNS is the Internet’s phone book. When you search for www.dyn.com, the DNS gets you to www.dyn.com, like when you call “Home” on your cell phone without having to dial 603-555-1234. However, this malware hijacked some computers’ DNS (technically their recursive DNS servers).

Most of the time those infected computers went to the right websites. But whenever the hackers wanted to, they could send you to a website of their choice, promoting fake and/or dangerous products. This is especially troubling when it comes to banking websites. You may think you’re going to your bank’s website but you’re instead going to a fake one that looks like your bank. As a result, you give access to your personal information to some very bad people.

How did they get caught?

This activity is obviously illegal and there is a profit motive that drives people to commit these crimes. The FBI claimed around four million computers were infected and millions of dollars were siphoned from people who used these computers and unknowingly gave their information. That’s a lot of money. So much money, in fact, that it was obvious to the FBI that something was wrong. As a result, they were able to arrest these Estonian hackers in a November raid called “Operation Ghost Click.” The problem was these computers were already infected.

Why is the FBI talking about shutting down a lot of computers?

They’re not trying to shut down any computers, but they are working to solve a problem by operating a very helpful service in which they are temporarily standing up good infrastructure in place of bad. However, that service will end this July 9 which means that you have several months to check and see if your computer is infected and if so, get it fixed. It is a quick and painless fix but we’ll get to that in a minute.

How can I prevent such attacks in the future?

To solve this problem, the FBI secured a court order last March that authorized the Internet Systems Consortium (ISC) — a nonprofit corporation that makes software called BIND, which most of the Internet uses for resolving DNS names — to operate and maintain temporary “clean” DNS servers.  It is this service that will be shut down in July.

That gives everyone ample time to visit the FBI-promoted website to check if your computer has been infected. The website is translated into multiple languages. If it has been infected, there is spyware software right on that site that can fix the problem. If you do all of this, this particular malware will not affect your computer. If you don’t do it by July, then your DNS-related Internet activity (i.e. web and email) will stop functioning.

The response by different private and public organizations was very thorough, which should give you some comfort.

Takeaways

It really comes down to being cautious when you’re running software or clicking on links. Always be careful about email attachments. Do you know the sender? If not, don’t open it. Also on your computer, don’t run everything as an administrator. While it may be a little burdensome, create a guest account or separate user account to run things through. Also be cautious of flash drives. These are a common way of spreading a virus.

Computers give us access to the world. Unfortunately, they also make it possible for six people from Estonia (or anywhere else) to cause a lot of trouble. Like any tool, proper use is imperative. If you are cautious with your computer you will be less likely to run into these sorts of problems. If you have, there is plenty of time to get them fixed so just make sure you do so before July.


Share Now

Whois: Adam Coughlin

Adam Coughlin is a Senior Manager, Corporate Communications at Oracle Dyn Global Business Unit, a pioneer in managed DNS and a leader in cloud-based infrastructure that connects users with digital content and experiences across a global internet.