'Rational Actors,' meaning hostile governments, pose big cyber threat

As Congress debates the merits of Internet security legislation, it’s worthwhile to take a moment and contemplate the enormity of the online security threat. Speaking at a Carnegie Endowment for International Peace event on May 17, Rep. Mike Rogers (R-Mich.), chairman of the House Intelligence Committee, declared “we are headed for a catastrophic cyber-attack in this country,” and our intelligence services “don’t know if they can stop it.”

Rogers sees the greatest threat looming from the involvement of “rational actors,” meaning hostile governments. The achievements of irrational actors are nothing to sneeze at. Just look at the July virus, which just might blow hundreds of thousands of computers off the Internet on July 9.

This viral attack was apparently cooked up by a small gang of Estonian hackers who were, believe it or not, trying to steal online advertising revenue. Their scam involved herding unwitting Internet surfers to legitimate advertising sites, which pay a small bounty for each user who follows a link to one of their clients. The idea is to provide a financial incentives for many websites to link to the advertisers’ content.

The Estonian hackers perverted this conventional business arrangement 

by creating a powerful virus which hijacked the communications between personal computers and DNS servers. These are the central computers that convert Web addresses, such as, with the  Internet Protocol address numbers that actually guide Internet traffic.

An IP address looks like this: Obviously, human users would much rather try to remember words like or than these cumbersome numbers. Big websites often have several IP addresses associated with their names, to handle large amounts of traffic. DNS servers handle all of this quickly and invisibly, so the average Internet user is blissfully unaware of precisely which IP address he arrives at when he types into his Web browser.

The Estonian virus began feeding different IP addresses into infected Web browsers, over-riding the DNS servers. Imagine hopping into a taxicab and asking to be driven to the nearest T.G.I. Friday’s, only to be dropped off at an Applebee’s restaurant instead. The virus was even capable of swapping out in-line advertisements on Web sites, replacing ads the proprietor was contracted to host with the hackers’ preferred ads instead. The hackers delivered enough kidnapped Web surfers to their unwitting, business partners to rake in $14 million in entirely legitimate fees.

Unfortunately, like all viruses, the July virus has weapons to defend itself, and a burning desire to reproduce. It disabled security software on infected computers, opening them up to further infection. It spread rapidly to over half a million computers in the U.S. alone, including many government systems. In fact, the virus was first brought to the attention of the FBI after it was found on computers at the New York offices of NASA.

The FBI partnered with a security firm to prepare a free service, found at that can scan your computer for infection, and help you remove the virus if you’ve got it. This service has reduced the number of infected computers to about 350,000 worldwide, with an estimated 85,000 infected systems remaining in the U.S.

Here’s the really ugly part of the story: computers infected by this virus are still linked to the Estonian hackers’ pirate DNS servers and they no longer exist. They were taken offline when the crooks got busted. The FBI replaced them with clean and functional DNS servers, but those replacements will be shut down for good on July 9. At that point, any computer still infected by the virus will become incapable of accessing any websites at all. Every attempt by a polluted system to convert website names to those crucial IP address numbers will be met by the silence of an electronic tomb.

This immense global security crisis is due to a small gang of cheap hoods looking to steal a few million dollars. Imagine what an aggressive enemy government, with deep pockets and plenty of manpower, could do if they wanted to engineer a July 9 blackout on purpose.