Slashdot Mirror
FBI To Shut Down DNSChanger Servers Monday -- But Should It Cut Off 300k PCs?
nk497 writes "The FBI is set to pull the plug on DNSChanger servers on Monday, leaving as many as 300,000 PCs with the wrong DNS settings, unable to easily connect to websites — although that's a big improvement from the 4m computers that would have been cut off had the authorities pulled the plug when arresting the alleged cybercriminals last year. The date has been pushed back once already to allow people more time to sort out their infected PCs, but experts say it's better to cut off infected machines than leave them be. 'Cutting them off would force them to get ahold of tech support and reveal to them that they've been running a vulnerable machine that's been compromised,' said F-Secure's Sean Sullivan. 'They never learn to patch up the machine, so it's vulnerable to other threats as well. The longer these things sit there, the more time there is for something else to infect.'"
those machines are primarily used to connect to Facebook... so allow me to say:
and nothing of value was lost
They should have cut them off immediately, when there were 4 million PCs connecting to them. How are people supposed to learn?
This. Also, there will be quite a few legit issues masked by this problem and tech support will just tell them "fix your DNS -click-" when in reality the issue could be on the ISPs end.
They should be redirected for all their query to a page telling them they are infected and they will be cut off...
It's not like this is coming out of the blue. Every one of the owners of those machines has had at least 6 months' warning of the problem. If they haven't done anything before this, they won't do anything about it until their Internet stops working and they have no choice. So stop with the hand-wringing, shut 'em down and let those people suffer the consequences of their own willful stupidity. It's the only way they'll learn.
Why not do what every ISP is doing - for every DNS request hitting the server, send them to a page that tells them their PC is infected and how to clean it.
They have to click again in order to get through. Set the TTL of the DNS caching to nil so it happens practically every link - simply bombard them through annoyance?
Oh, and sure it'll break stuff like e-mail and all sorts of other non-HTTP protocols, which is good because they'll hopefully call tech support or something.
Send all the hosts to a website saying hey guess what you've been compromised. blah blah blah to fix. We used to do this to customers back in the old dialup dayz
-Thorne
Looks like the usual target vector of infection. If you tell them to trust that kind of things, they will keep getting infected with malware (in fact, more people will fall into that, now malware writers will know how looks a page that is announced by the government as safe and that must be trusted)
When citizens start learning that they can't expect the DNS system to just allow them to continue to be a part of a BOT because they don't care because they are thrown off the Internet, the sooner they will learn to take responsibility for their own equipment one way or another.
About Time.... Then the people will know they have a problem.. right now, they think everything is fine.
I wonder if the real reason they kept this on life support for so long was to enjoy 6+ months of DNS queries for 4mil-300 thousand users?
Seems like an excellent opportunity to gather a large amount of intelligence without any messy subpoenas or warrants.
The FBI didn't change any settings. The malware did that, it alters the infected computer's DNS settings to use a set of servers run by the malware authors. What the FBI did was take over those servers and replace the malicious software running on them with software that does normal DNS so infected computers were no longer being redirected to the malware author's sites. And now the FBI's looking at shutting down the servers entirely, which would leave the infected computers with no DNS servers at all.
They didn't. The DNSChanger trogan, as the name implies, changed the DNS server configuration. The FBI was able to sieze control of those IP addresses and set up their own DNS servers there to mitigate the damage.
Clearly, then, they should redirect everyone to MyCleanPC ;)
If I have been able to see further than others, it is because I bought a pair of binoculars.
If you run a botnet, better check any of your zombies for this and fix them quickly. Otherwise they might get attention from a PC tech who'll remove your code as well.
(Isn't this the likely result from delays?)
It doesn't hurt to be nice.
The DNSChanger malware can change DHCP server settings on some routers. If your home router has been tampered with, it may continue to provide rogue DNS settings even after your PC has been cleaned or reinstalled.
For months, the FBI has been, essentially, providing DNS service for lots of people who didn't even know their machine had been compromised. This is the FBI, remember. If the FBI announced it was going to muck around with the DNS of millions of people, the Usual Suspects here would be ranting about the Evil Of It All.
Most of those 300,000 remaining victims will likely never fix anything. They're only been on the internet for these last several months thanks to the FBI, and they don't even know it.
Pull the plug and go catch some crooks.
-- Slashdot: When Public Access TV Says "No"
Most users are stupid and will click okay to anything. They should have redirected to a page with an applet, activex, or some other bit of code that the user will blindly click okay to run that will change their DNS settings to OpenDNS or google's public DNS servers.
The "rightful owners" were the malware authors who were infecting PCs and running the botnet. The FBI got the authority when they charged those authors and got a warrant to seize the servers.
My guess is all the corporate phbs bigwigs who love to still use XP/IE 6 with no updates because it is cheaper to have IT just put out fires to help boast the share price are the ones in for a surprise.
With Symantec endpoint I am sure it would be detected ... yeah right
http://saveie6.com/
Seems that a clear posting that describes how to fix the problem would be the most useful to the most people.
As much as I'm glad of the herding of cattle, don't you think that this could be a premise for the government to take down other sites? Such as YouTube or possibly Face under the suspicion of fradulent activity which isn't too far-fetched seeing as how there are tons of videos on YouTube concerning taking down websites, creating viruses and the like while for Facebook there are scammers abound?
I'm giving a fair warning now: You may want to put your guard up while you still can. The government is taking down less legitamite sites in an attempt to pull the entire internet under one rule - Congressional rule. If we don't react, even without consideration for this incident, you may find yourself losing your rights online and possibly your computer which could be a potential cache of pirated software.
I'm not trying to be a fear-monger, I'm just stating the fact: The government wants to control the internet. While the FBI is taking down smaller sites, we neglect to see the bigger picture: it's going to be a domino effect. First with MegaUpload, then that other site (I can't remember), and now this? If this doesn't bring up red alerts in your head, you might as well just hand over your computer to Congress because you are ignoring the nuke with the keys turned.
If these machines are attempting infect others, sending spam, and doing all the other malicious botnet type activity they no doubt are being used for, or could be used for then cut them off.
Leaving them working, but infected because the user is too ignorant to fix the problem (which has been present for well over a year now) is a liability.
I run: Windows, OS X, Linux, FreeBSD. Just because you have a hammer, doesn't mean everything is a nail.
It really does matter for the underserved internet community who rely on affordable and sometimes outdated DSL modems for their access to the internet in rural areas. Many of these DSL modems have been infected by a scary variant of the DNSChanger Zlob trojan that actually changes the DSL modem's DNS settings and changes the DSL modem's password to an unguessable value. The most detrimental effect of this infection is a virtually irreversible firmware change in an unknown but probably high number of DSL modems worldwide which are permanently affixed to the rogue DNS servers, now siezed and run by the FBI as clean, boring caching DNS servers. They will be shut down July 9 because the FBI doesn't want to be an ISP, which has the effect of cutting off an unknown number of people from the internet.
It's not a small problem. It's a big problem. The cost of help desk calls alone will be devastating to the disadvantaged and underserved internet community, i.e., rural America, who may be using the affected DSL modems infected by this Zlob trojan variant.
The most important note you must realize about this problem is that DNSChanger actually changed the DNS servers on the DSL modem. Just in case you don't realize this: the DSL modem provides the DNS server info to the computer in the home. While the computer may no longer be infected, the DSL modem is configured to use the DNSChanger rogue DNS servers which the FBI siezed and will shut down on July 9.
It's a really big deal and we should treat it like that.
You can check more out here: http://www.dns-ok.us/
Kriston
Don't cut them off - do like the hotels do and take them to a splash screen asking for their credit card numbers so they can pay if they want to continue to use the internet on a service that is costing money to run and which they can't connect to normally because of their own wilful ignorance on security.
But if it affected every page you tried to visit, you'd eventually want to get your computer fixed, wouldn't you?
You're a temporary arrangement of matter sliding towards oblivion in a cold, uncaring universe
Rather than people infected with shit knowing there is a problem and getting help before they get even more owned the FBI activly acted to cover up the problem by continuing to run the DNS service leaving users to remain clueless.
God knows I hate lawsuits yet on some level it would be awesome if someone filed one against the FBI anyway even if it had no chance of succeeding. It just might make them think twice before they decide to repeat this stunt.
Congress has pretty broad authority over just about any communications related activities that occur on US shores. The FBI doesn't have to sneak congressional rule in. They have it. The FBI doesn't have to push for the authority to shutdown YouTube. Google, who owns YouTube is a US company, they just need to hand them a takedown order if Congress or the courts wanted it down.
I'm not seeing how this is devastating to rural America. This generates a service call. The ISP either gets an up-sell opportunity or they bill for the fix. The rural person making the call either gets a free fix or the pay $50 for service. The whole thing works about to (using the 4m number) at most 4mx$50 = $200m in costs. That's about a 1/2% of annual cable revenues in the US. Where is the devastation?
Except they have to follow the Fourth, Eight, and Nineth Amendments. I would love to see them try to get past a patriot, especially the Southerners who are all about protecting the Constitution. I will raise Hell should any of them be broken while I'm alive.
No I have not, which is a bit of a shame really.
One of the reports we were given has stated that the DSL modem variant of the DNSChanger Zlob trojan actually updates the firmware and it will effectively brick the modem when the FBI shuts its servers down.
Kriston
They won't bill for the fix and they won't try to up-sell. The real worry is the fact that modems will need to be replaced. I didn't make it clear in my original post that the DSL modem variant of the DNSChanger Zlob trojan really does brick the DSL modem once the FBI shuts the servers off. That costs a lot of money in labor and equipment.
Perhaps I also wasn't clear that these people don't have a lot of money to begin with.
Kriston
1. Yes they should shut it down.
2. The should have a stockpile of dunce caps ready to mail to people who, despite having had months of warning, never bothered to even check if they were infected. There have been a myriad of public warnings about this, and instructions/tools on how to check. I am a reasonably advanced tech person, and even I checked my machines because I am not so proud as to believe I am flawless.
3. For everyone talking about web sites... This is not just web sites. Everything you do on the internet requires DNS. *EVERYTHING*. No Web. No email. No instant messenger. No nothing. If an application does anything more than access your local hard drive, it won't work. That will be a monumental flag that something is wrong. If you have more than one pc in the house (or even better, a non-pc device) and it works and your pc doesn't, then that isn't just a smoking gun for the infection, it's a big flashing neon sign with a loud box underneath going AWOOGA AWOOGA. Even if you are not technically inclined, that should be enough for you to scratch your head and go, "Gee, maybe I should ask my geeksquad/coworker/5 year old child about this".
4,8,9?
4 doesn't apply to public information presented openly. If they don't have to search....
8 doesn't apply to a take down, that's neither cruel not unusual it is SOP for illegal content
9 would apply if the Congress did something like required all websites to get prior approval for all changes or additions, maybe.
4 because they still need a search warrant and the government can't hack into the site to see who is doing illegal activity, which they have been doing for ages
8 because I've seen some of the severity of these take downs. Computers taken from the user, the user's family, as well as any computers he may have been in contact with along with the computers connected to that one
9 because there are no laws concerning the Internet, thus it's in the public domain as how it should be handled. Yes, I know it was written in an age of quills and parchment, but if you are taking digital rights from people, that's a violation of this Amendment since it is not wrtten in the Constitution whatsoever, ergo, everything online is protected and the government should be sued for these takedowns.
Yeah! I have the same problem with the DEA! I mean, sure, they can arrest people for possession of drugs, but what gave them the authority to just _keep_ my drugs?
Wait, I forgot, I'm not an idiot who doesn't understand that, yes, the government will seize property that is actually part of a crime.
(As for the 'outside the US thing'...um, the FBI presumably worked with whatever country that was. Duh. Armed FBI agents don't just randomly break down doors and arrest people in other countries.)
If corporations are people, aren't stockholders guilty of slavery?
One of the reports we were given has stated that the DSL modem variant of the DNSChanger Zlob trojan actually updates the firmware and it will effectively brick the modem when the FBI shuts its servers down.
That's between you, your isp and the modem manufacturer to resolve. Not the FBI.
I took it that they would need to be flashed potentially. I figured a mass purchase of DSL modems are like $20 each. I had room for some level of service in my $50, estimate per head. The number might be too low, but where poverty is rampant labor is cheap. If my $50 is off and it should be $75 I would agree that rural DSL customers aren't likely to have lots of extra money.
Almost all the country at this point has Broadband. The FCC has been taxing to make availability happen. Looking at the current budget it is $7.2b in total spend. I just don't see a few hundred million as a disaster. An annoyance yes, a disaster no.
I don't think you know what 9 means. 9 prohibits the government from creating negative laws. Something like "everything on the internet is illegal unless specifically authorized" would be illegal under 9. 9 does not prohibit the government from creating black letter law about anything they want. Other parts of the constitution might but 9 does not.
Seizure of property as part of an arrest, is standard and has been. People suspected of shootings get their guns taken. People suspected of drug dealing have bank accounts frozen. Etc... There is nothing cruel or unusual about taking computers. You may not like the government's ability to take property in advance of conviction, I agree with that. But I'd have no problems with computers being taken after conviction.
As for 4. The government can't hack a site and use that evidence unless they have a court order. USA v. Jarrett for example where evidence given to the government by a hacker while acting as an agent of the state was tossed.
Just looked up "Black Letter Law." Basically, it means that they can fill in the blanks so long as it makes legal sense? Well then, may as well throw out the Constitution.
When George Washington founded this country, he thought of a country free from tyranny of government and little involvement from the country we live in. We were supposed to be a defensive nation. That was over 200 years ago. Today is a very, very dark sight.
Tuesday, November 2, 2000. This day is the start of our current situation and will be a roadmap for the future. On this day, George W. Bush was elected President. One year later, September 11, 2001. Terrorists attacked the Twin Towers, killing hundreds of people. We went to war with the Middle-East the very next day. Ten years it took to get both Saddam Hussein and Osama bin Laden. Why did it take so long? Hussein in a hole while bin Laden was literally waiting at home.
The reason ti took so long was because we didn't care about vengance. No, we were busy securing oil once Hussein was taken down in 2003. That still means it took us SEVEN YEARS to find the Al Queda leader literally sitting at his home, watching us pretend to look for him while, in fact, Wall Street was getting rich off the oil in Iraq and Afghanistan. Eight years Bush had to find him, and he didn't even make any sort of attempt to it.
Now, we are forcing democracy on the countries of Iran, Iraq, and Afghanistan for the sake of preventing this terrorism from happening again. We were meant to get in, shoot them, then get out. Why the hell are we still in the Middle-East? Many innocent men are losing their lives for no reason other than to make sure our profits are secured. We are no longer at war with these people, we have now become a nation bent on taking care of the rest of the world. We gave aid to the very country we went to war with which is stupid. They hate us and I don't blame them.
I'm not trying to say we shouldn't help people, but the Middle-East should help itself first. Otherwise, we'll be taking care of them for the rest of the forseeable future. Like black people. I am not racist, but I hate the younger generation who thinks I owe them crap because of what their ancestors went through. They can kiss my ass and go get a job themselves. I believe in reparations for the parents and older, but everyone under 30 need to stop bitching and do something. I'm not handing them a silver platter, I'm giving them a job application.
On top of that, we are currently helping out the European market with the bailouts. Why the hell are we putting money into a dying system? They were the ones who wanted to unify the entire Continent, so they can get out of the mess themselves. Since we are now sending money their way, they have taken bigger risks. Greece and Spain just got bailed out. How many more countries should we help bailout before we figure out that our three trillion dollar deficit is caused by us taking care of everyone?
With that, I end this history lesson.
There are a few Private DNS systems that live outside the 'official' DNS system that allow people to find what they want regardless of a domain being 'seized'. If they don't control the DNS system they can't remove widescale access to specific domain without actually getting to the physical server.
What I expect is going on is the FBI is going to kill access to these private DNS systems, or, they are engaging a global DNS logging system, or both.
Private DNS systems may be blocked for a short time until a way is engineered around them, or the FBI issues DMCA notices to companies for deploying their own DNS systems.
~ People that think they are better than anyone else for any reason are the cause of all the strife in the world.
Let me just point out a few George Washington quotes:
It may be laid down as a primary position, and the basis of our system, that every Citizen who enjoys the protection of a Free Government, owes not only a proportion of his property, but even of his personal services to the defense of it.
Laws made by common consent must not be trampled on by individuals.
The basis of our political system is the right of the people to make and to alter their constitutions of government.
I would suggest that you are reading far more into freedom than what was ever proposed. And considering the Constitution is considerably less free than the Articles of Confederation under Washington, that perhaps you might want to read the Constitution. America is not and was never established as an anarchy.
Never said America was supposed to be an anarchy. I was just saying that our government's involvement is far more than is necessary. We are not the world's protectors. We should concern our country first and everyone else second. It's currently everyone else first before the country.
That's completely irrelevant. The point is that the ISP needs to spend money to resolve this and in some cases spend a LOT of money to resolve it.
Kriston