Thousands of people could lose Internet access on July 9th

July 9th 2012 could be a very special date in Internet history. Every day records something new about the Internet, but this might be the first time that it has been willingly taken down in places by a federal agency. Internet fraud has been around nearly as long as the Internet, and it is due to this that we could be seeing thousands of computers being stopped from accessing the Internet for the day. This seems strange, but there is a reason. Furthermore, you can get around the event. We explain how later in the article.

Specific DNS servers are to be shut down on July 9th by the FBI, in order to assist victims of an Internet fraud which has been ongoing for some time. This is to help people purge their computers of a virus known as "DNSChanger", which was discovered during a two-year international investigation known as "Operation Ghost Click". This is the final step in the operation, which wound down in November 2011 after the arrest of six Estonians responsible for the DNS bug. The arrests came about during the investigation, where law enforcement posed as a legitimate front company, via a system of rogue DNS servers. The hackers could then reroute online traffic to various sites via these servers, and some of the sites they chose to redirect to were intended to commit fraud.

These computers accessed the net via these false servers, which they were rerouted to while the Estonian group had control of them. Once the operation had resulted in arrests, law enforcement purged the servers and made them clean in order to allow computers to continue to access the Internet. July 9th just happens to be the date the contract to maintain these servers ends. Once that date is reached the servers will be taken down, and infected computers will simply run into what may as well be a brick wall. Since DNS is a confusing thing to try to explain briefly, it would be best to attempt to make it as clear as possible.

DNS, or the Domain Name System is a naming system for any resources connected to the Internet. It associates information with the domain names participating. It can turn these queries into IP addresses. The system forms a hierarchy, with servers pointing towards other servers higher up the tree. Eventually the hierarchy will reach the 13 main servers. These 'root servers' are a directory for every top-level domain in the world. The system is difficult to explain, but for those familiar with it, it allows for rapid updates and changes when necessary. It supports both IPv4 and IPv6 domains, so should be around for some time yet. The DNS system was invented in 1982 so it already has exhibited impressive longevity.

Two sites have been set up to help you diagnose if you have the DNSChanger virus on your computer or not, and they are located here and here. If you remove the virus using the steps they outline before July 9th, then you'll be able to enjoy the Internet even then. The Estonian group responsible must have been overjoyed by their successes during the four years their scam had been running. Conservative estimates suggest they could have made as much as $20 million dollars from their work.

Their work comprised several main elements. Obviously, the DNSChanger virus needed to be created. It was distributed like a conventional virus, so via emails, IM programs, and any other method you'd expect to allow access to a virus. The DNS servers they operated could then act, redirecting an entered URL to one they specified. This may mean they sent information to legitimate sites though they also used various fraudulent sites. One of these sites offered the sales of Apple products, for example, and these sites tended to send money right to their coffers, which were being filled by people they could catch unaware.

One member of the Estonian group responsible for the scam has still not been found, though we would assume law enforcement will eventually catch up with him too. It might have taken several years to happen, but the group was caught and now you can ensure your computer is safe and clean for July 9th.

Source: CBC | Image: via CBC / Reuters
Group Responsible: Rove Digital (Wikipedia)

Report a problem with article
Previous Story

Another facepalm for humanity; "God Particles" on eBay

Next Story

Lumia more searched for than Windows Phone


Commenting is disabled on this article.

if anyone's got a site powered by cloudflare please install the app for this. it will alert your visitors that they are infected as well as present them with links to help get rid of it!

I know most people who have DNSchanger probably have more malware on their machine, but if you know what you are doing it's a really easy fix to get your dns server back to what it should be, Click click click.

Title is a little sensationalist. (little)

Either way, that is my birthday, so I'll have so many lulz on my special day when I see the first tweets and sh** rolling in "FUUUUU, why doesn't 'my internet' work?!!!!"

always adored that term ROFL. 'my internet'


sava700 said,
Well my business may pick up after the 9th then..

Sh**... should have booked a newspaper advert for next Saturday... now it's too late... *grrr*

Might post a flyer in my local supermarkets.


Memnochxx said,
Why not have the DNS route all traffic to a notification page for those infected before shutting it down?

Exactly what I thought.

Memnochxx said,
Why not have the DNS route all traffic to a notification page for those infected before shutting it down?

I think they just like to make tech support jobs more difficult.

AmazingRando said,

I think they just like to make tech support jobs more difficult.

That'll be fun work days!

I don't know whether you're in the tech help business, but changing the DNS is damn easy and quick money, just saying...
Especially as it's so easy to do as phone support, too.
Means more customers per hour, means more started work hours, means more money.
This is the easiest money you can have as support guy.

This actually fuels the economy.


Glassed Silver said,

As someone who works for an ISP, I would hate taking those calls all day only to tell the infected their 9x and NT are no longer supported.
I'm not sure we even provide support for XP anymore.

I know I'm being pedantic, but no one will lose internet access - they may lose the ability to browse the web and resolve DNS names - but the underlying connection will be fine

I've done internet support for a major US based ISP, to the average user they will see it as lost access. They likely won't know the difference. The support lines for many ISP's will be flooded on the 9th thats for sure!

duddit2 said,
I know I'm being pedantic, but no one will lose internet access - they may lose the ability to browse the web and resolve DNS names - but the underlying connection will be fine

AmazingRando said,

Geez even the image and everything.

lol I wonder how many times you visited and if you had any other source to know about this.
I am sure this is published everywhere but I check only and not and I am glad that they put this info here.
Also they have mentioned the image source, it is sometimes good to use the source image, if it's the actual source of news.

Geez whats wrong with people visiting neowin these days.