On the morning of July 9, 2012, the world braced for an “internet doomsday”: a full-scale crash of the global internet.
Except it didn’t happen. And that non-event represented the culmination of a long and successful coordinated action taken between a huge number of organizations, spearheaded by the FBI.
It was one of the most remarkable operations in the history of cyber crime, and it led to lasting changes in how professionals think about and defend against malicious cyberattacks.
Operation Ghost Click
The story began in 2007 when an unethical Estonia-based spam advertising company called Rove Digital started to use a new trojan malware called DNSChanger, which went on to infect more than four million computers in over 100 countries. Some half a million systems were infected in the United States alone. The drive-by malware was falsely presented to users as a codec required to watch videos but was, in fact, the DNSChanger trojan. DNSChanger infected systems at the boot sector level, making it hard to remove.
The malware changed computers’ DNS entries to point to Rove Digital’s own rogue name servers, where advertising was injected onto web pages and personal information was stolen. In some cases, DNSChanger also had the self-defense mechanism of blocking operating systems and anti-virus software from updating.
The perpetrators reportedly got $14 million from their scheme.
What happened next was astonishing. The FBI launched a two-year operation called Operation Ghost Click, coordinating the FBI, NASA’s Office of Inspector General (OIG), the Estonian Police and Border Guard Board, the National High Tech Crime Unit of the Dutch National Police Agency, cybersecurity and technology specialists from Georgia Tech University, Internet Systems Consortium, Mandiant, National Cyber-Forensics and Training Alliance, Neustar, Spamhaus, Team Cymru, Trend Micro, the University of ..
Support the originator by clicking the read the rest link below.
