When news of the domain name system (DNS)Changer malware broke in 2011, Internet Systems Consortium founder, Paul Vixie, was brought into the project by US law enforcement agencies as an advisor.
He provided advice on how to keep DNSChanger victims online without infection after six cyber criminals were arrested by the FBI in November 2011 and their servers shut down.
DNSChanger re-routes the affected person’s traffic through rogue DNS servers without their knowledge. The malware has to be removed from victim’s computers before 9 July when DNS servers maintained by the FBI will be switched off and victims lose access to the internet.
Vixie took time out from his busy schedule to talk with Computerworld Australia ahead of his visit to Australia for the AusCERT security conference.
How was the takedown of DNSChanger planned and executed?
We planned it during weekly conference calls for about 10 weeks before the arrests.
Have the majority of the DNSChanger infected computers been cleaned up or, as your blog states, is there still a risk that a new criminal empire could recapture some of the victims?
Our log files show that our servers are queried by half as many unique visitors per day than when we first started. A near-majority has been cleaned up, but a new criminal empire could be built out of the remaining victims if we don't make more progress on removing malware from their computers before 9 July [when the DNS servers will be switched off].
What lessons did you take from the DNS Changer takedown?
Tomorrow's heroes should plan first for remediation. Have the staff and budget; not just for collecting data about victims but doing good data science. Reach out to federal law enforcement in every affected country and have a realistic end-game plan.
As a digital society, where are we going wrong with information security and what needs to change?
We're assuming that computing and the internet are just utilities, like toasters and electric power, and that the worst thing that can happen is that the power won't come on or the toaster will burn the toast.
The truth is that computing and internet are a world unto themselves. We're tying our lives and our homes to that other world, and that world has incredibly different and more dangerous rules than ours. The worst thing that can happen isn't that it stops working, but rather, it's stealing your money and violating your privacy and you don't even notice that is happening.
As a security professional what keeps you awake at night?
Capital inertia and the politics of polarisation.
There's no profit to be made in cleaning up internet sludge, so we all just ship it down the river and look for sexy new things to build and sell.
Inept governance during the last century has given regulation a deservedly bad name, to the point where we either don't regulate at all for fear of screwing things up, or we over-regulate and somehow screw things up.
Vixie is scheduled to present at AusCERT in May.
IDG Communications is an official media partner for AusCERT 2012.
Got a security tip-off? Contact Hamish Barwick at hamish_barwick at idg.com.au
Follow Hamish Barwick on Twitter: @HamishBarwick
Follow Computerworld Australia on Twitter: @ComputerworldAU