The world prepared for an “cybersecurity internet doomsday” on July 9, 2012: a complete collapse of the global internet.
But that never happened. And that non-event was the result of a prolonged and well-concerted effort by a great number of organizations, led by the FBI.
It was one of the most remarkable cybercrime operations ever, and it had a long-lasting impact on how experts viewed and defended against malicious cyberattacks.
The story began in 2007 when Rove Digital, an unethical spam advertising corporation with offices in Estonia, began to employ a new trojan malware program called DNSChanger. This program went on to infect more than four million machines across more than 100 nations. Only in the United States are about 500,000 systems infected. Drive-by malware, which was actually the DNSChanger trojan, was misrepresented to customers as a codec needed to view videos. Systems were infected by DNSChanger at the boot sector level, making removal challenging.
The malware changed PCs’ DNS entries to link to Rove Digital’s fake name servers, which were used to inject advertisements into websites and steal user data. DNSChanger occasionally included a self-defense feature that stopped OS systems and antivirus software from being updated.
According to reports, the con artists made $14 million from their operation.
The subsequent actions were astounding. The National High Tech Crime Unit of the Dutch National Police Agency, the Estonian Police and Border Guard Board, the FBI, NASA’s Office of Inspector General (OIG), Internet Systems Consortium, Mandiant, National Cyber-Forensics, and Training Alliance, Neustar, Spamhaus, Team Cymru, Trend Micro, and the University of Alabama collaborated on the two-year operation known as Operation Ghost Click (DCWG).
Following the investigation, six Estonians were arrested on November 8, 2011, extradited to the United States, and accused of involvement in an Internet fraud ring. A seventh alleged conspirator, a Russian national, is still at large but has been charged with many offenses and added to the FBI’s list of Cyber Most Wanted. Two new servers were installed in exchange for their two seized servers.
But the DNSChanger malware, which would stop the other victims from accessing the internet, was left in place by the FBI. Instead, they led a successful operation to help victims securely remove the malware from their computer systems while collaborating with ISPs and others.
The FBI built a victim help office with a hotline to call and a wealth of tools for understanding and resolving DNSChanger malware impacts.
In addition, authorities froze the offenders’ bank accounts and seized hard drives from more than 100 malware servers believed to be a part of the group’s command and control network in data centers in Chicago and New York.
Estimates indicate that the initiative was a resounding success in the majority of cases, with only 41,800 systems still affected when the FBI shut down its servers.
The “Internet Doomsday” happened on July 9, 2012, a Monday. But the end of the world was avoided thanks to Operation Ghost Click’s coordinated efforts. Nothing bad happened.
In the end, the entire operation was among the best law enforcement initiatives against cybercrime ever.
The whole thing was successful and changed how law enforcement deals with cybercrimes. The operation specifically taught them:
The entire Operation Ghost Click, DNSChanger, and “internet doomsday” event stunned and fascinated the online and cybersecurity community a decade ago. It serves as a case study for today’s students on how to look into, prosecute, and—most importantly—protect the public from transnational cybercrime.
Want to know more about Cybersecurity? Visit our course now.
Here at CourseMonster, we know how hard it may be to find the right time and funds for training. We provide effective training programs that enable you to select the training option that best meets the demands of your company.
For more information, please get in touch with one of our course advisers today or contact us at training@coursemonster.com