Lessons from 'Internet Doomsday' on Why IT Security Matters

IT Security and Trojan VirusesOn July 9th, 2012, the Internet was supposed to hit doomsday. Millions of machines worldwide were expected to no longer have access to the Internet resulting in huge losses to businesses and swamped ISP helpdesks. 


To explain what Internet Doomsday was, we need to explain some history about a well-known trojan in the IT security industry called "DNSChanger". This malware has actually been in existence for years. Between 2007 and 2011, it infected up to 4 million systems simultaneously at its peak. 

Unlike most malware which is designed to disrupt services, DNSChanger was designed to make money. Rove Digital, an Estonian-company that was once the number two spammer in the world and known for creating malware, masterminded a scheme where infected users would be redirected to websites that would bombard them with advertisements. 

This was done by changing DNS settings on infected computers to redirect to Rove Digital's own systems, which allowed them to redirect to any server they chose. In the end, these ads fetch Rove Digital approximately $14 million in revenue.

Operation Ghost Click

In November 2011, the US in cooperation with the Estonian government launched "Operation Ghost Click" and 7 people were arrested, all connected with DNSChanger and Rove Digital. The rogue DNS servers owned by Rove were seized by the FBI. 

Now, if the FBI had just shut down those malicious DNS servers, then anyone being directed to them as a result of infection would no longer have any access to the Internet at all. Instead, the Internet Systems Consortium enabled temporary DNS servers to pick up the infected traffic so that they continue to direct them accordingly around the internet. This was a stop-gap though, and users worldwide were pleaded by the FBI to check that they weren't already infected as soon as possible. 

Internet Doomsday

Due to the expense involved and the estimated impact to be minimal due to measures taken by internet service providers, Google and even Facebook at detecting infect users, eventually the FBI allowed the stop-gap servers to shut down on July 9th, 2012. 

CNN reported that "hundreds of thousands" of users who were still infected would lose access to the Internet and the date earned the name "Internet Doomsday". Even though investigators estimated only up to 42,000 US users would be infected on this date, a far cry from what the media reported, the event was sensationalized.

July 9th, 2012 came and went. IT service helpdesks, who had anticipated being swamped from helpless users that day, heard nothing. Life carried on as normal. The media once again took to the headlines at how much of a dud Internet Doomsday was.

Final Thoughts

There's no question that Internet Doomsday claims swayed from reality. The media added fuel to the fire by making wild claims over the impact of the shutdown and user communities chatted endlessly about it. This was viral content in full manifestation.

Much like the hype of the year 2000 "bug" and scenarios such as Internet Doomsday, this is resulting in a boy who cried wolf situation. Users are not oblivious to being caught in the crossfire of fictitious wild doomsday claims. Instead, this only serves to build up resiliency by everyday users by choosing to ignore future claims by the media and the like.

The greatest concern though is if in the future there is a real threat where millions of users were potentially impacted, due to exaggerated claims in the past, they will choose to ignore the threat and not take proactive action. This is probably the worst actual result that came from Internet Doomsday. Regardless of any threat of malware, your IT environment should be protected and inspected for any gaps in IT security.

Contact for a Free Consultation