What DNSChanger should teach us

We may have avoided an Internet shutdown earlier this month, but the malware’s end may signal a new era of collective responsibility


In the end, July 9, 2012 was not the online doomsday everyone thought it might be. That doesn’t mean we should forget the significance of the threat so many of us faced.

There was widespread fear across North America and even beyond that hundreds of thousands of Internet users would fall victim to a sort of Black Monday as a result of DNSChanger, a powerful piece of malware that emerged around 2007 and spread like wildfire until law enforcement authorities in the U.S., including the FBI, managed to identify a ring of Estonian and Russian cybercriminals. What DNSChanger did was not new — it used rogue servers to redirect users’ system to illegitimate Web sites where it sold an estimated US$14 million in advertising. What really caused all the anxiety earlier this month was not the botnet but the band-aid solution put in place once the bad guys were apprehended.

The FBI worked with third parties to replace the rogue servers with what I’ll call “white hat” replacements that would direct Web traffic back to the Internet as before. After a time, though, the FBI wanted to shut the white hat servers down, which meant that unless users were proactive about wiping their systems clean, they would essentially be cut off from the Internet.

Fortunately, that didn’t seem to happen. Perhaps enough consumers began installing anti-virus, or the estimated half of the Fortune 500 who were reported to be infected by DNSChanger had good IT departments who sprang into action. No doubt network providers also worked hard to ensure the worst was avoided. The down side to all this, however, is that a lot of people probably didn’t know the full story and assumed DNSChanger was just another case of IT security experts crying wolf.

What’s important about the DNSChanger story is not whether it brought down the Internet, but why there were concerns in the first place. The FBI had wanted to shut down the white hat servers in March, but a U.S. judge ordered them to give users more time to respond. The FBI was probably being too hasty, but the rest of us were probably being too slow.

When someone breaks into your house, you expect (or hope) the police will catch who did it. You don’t expect them to clean up your house or install a new alarm system. The same should be true in cyberspace. We are entering into a new era of collective responsibility in which law enforcement officials will need to a better job of communicating what needs to be done in the case of an IT security incident, and in which users — businesses and consumers alike — will make themselves informed and take action quickly when they need to deal with the fallout. DNSChanger may have changed nothing about most users’ online experience this month, but it should change everything about how we should behave in the months ahead.

Comments are closed.