US anti-crime agency in a new war

Our Bureau Updated - November 16, 2017 at 03:56 PM.

Hollywood will replace Moscow, Vietnam and Afghanistan with countries like Estonia in its future scripts. Its heroes, including James Bond, would soon go after cyber criminals sitting in countries like Estonia.

Data centres raided

The US, which has set up a Cyber Command involving all Forces, has launched a high profile attack on cliques of cyber criminals that infected lakhs of computers across the world with a stealth DNS Changer virus.

In the operation Code named ‘Operation Ghost Click’, the US Federal Bureau of Investigation had raided two data centres in New York and Chicago and taken offline over 100 servers a few months ago. Around the same time, Estonian police held people responsible for this. An Estonian company had sprouted a few more firms to spread the deadly contagion across world.

The FBI described it an intricate international conspiracy conceived and carried out by sophisticated criminals. “The harm inflicted by the defendants was not merely a matter of reaping illegitimate income,” it said.

By changing Domain Name System settings in a PC secretly, this virus take control of the PC and direct some traffic to the sites controlled by them. As a result of this, victims are unsuspectingly go to malicious sites.

In the last five years, the cyber ring infected about 40 lakh computers in more than 100 countries, including five lakh in the US.

Monetisation

Sleuths found that cyber criminals do not do this for fun.

“A variety of ways are used to monetise the rerouted traffic. This includes replacement of advertisements on websites, hijacking of search results and spreading more malware,” Mr Baburaj Varma, Head (Technical Serves (India and SAARC) of Trend Micro, said.

eScan, which has also announced a free toolkit to free PCs of the malware, found the hackers could siphon off $14 million in illicit fee.

Through a court order, the FBI asked the Internet Systems Consortium (ISC) to deploy and maintain clean DNS servers in place of the rogue ones to give users with compromised computers enough time to remove the threat.

“This is only a temporary solution. The servers, operated by ISC under the court order, will go offline on July 9,” a Symantec executive said.

> kurmanath@thehindu.co.in

Published on July 6, 2012 16:20