It's time to stop coddling DNS Changer Trojan victims; let them learn the hard way

By | May 01, 2012

Posted in: Network Security Trends

The last thing we need is the FBI acting as our cyber nanny.

Last November, a massive botnet for the DNS Changer Trojan had been taken down thanks to the FBI and law enforcement in Estonia. Six men were arrested for using the botnet of more than 500,000 infected machines, many of them within the U.S. government, to redirect web browsers to sites that earned them at least $14 million. All well and good. The FBI cyber crime unit should be doing as much of this as possible.  But, by succumbing to the desire to protect the innocent, the FBI has stepped over the line. 

The DNS Changer Trojan simply hijacks the DNS lookup that every computer does to find web addresses. adware and spyware has been doing this for more than10 years. In this first case of FBI interference, they have taken it upon themselves to consult with Paul Vixie of ISC and set up their own DNS servers to replace those of the bot herders and act, one assumes, as a legitimate DNS server.

From the Associated Press:

“On the night of the arrests, the agency brought in Paul Vixie, chairman and founder of Internet Systems Consortium, to install two Internet servers to take the place of the truckload of impounded rogue servers that infected computers were using.”

But the FBI’s funding for the servers ($87,000 to date) is running out and they fear that when they take those DNS servers offline on July 9 (the original March 8 deadline was extended) hundreds of thousands of users will not be able to reach the Internet.

I say, so what? These users were running unpatched, unprotected Windows PCs. Why should they be protected from their lack of knowledge? Why should they have been coddled for the last six months as they blithely continued to use the Internet, probably getting infected with other malware and exposing themselves and their employers to cyber criminals? Speaking of employers, why is the FBI protecting half the Fortune 500 from the consequences of their own inaction?

Everyone talks about security awareness, and the U.S. government spends millions on education programs and websites. Yet, the best teacher is experience. Who among us has not become infected with a Trojan harboring adware, spyware, and worse? I know I have.

The AP article goes on:

“"This is the future of what we will be doing," said Eric Strom, a unit chief in the FBI's Cyber Division. "Until there is a change in legal system, both inside and outside the United States, to get up to speed with the cyber problem, we will have to go down these paths, trailblazing if you will, on these types of investigations."

If there are half a million machines infected with DNS Changer there are half a million machines that need to be cleaned, patched, and protected. How does shielding the end users from their own behavior help that? It does not. It puts off the day when half a million people get a wake up call and become intimately aware of the dangers of unprotected Internet access.

The FBI should shut down their surrogate DNS servers now. Let these people and organizations deal with no Internet access until they clean up their machines.

This is not yet a nanny state.  The FBI’s job is to fight crime, not ignorance. Acting as overly protective net-nannies the FBI is supporting ignorance.

You May Also Be Interested In: