MYFOXNY.COM – Authorities have arrested and charged six people from Estonia in an elaborate Internet fraud malware operation that infected millions of computers, including some at NASA and other U.S. government agencies, according to federal authorities.
The Estonian police and border guard arrested Vladimir Tsastsin, 31, Timur Gerassimenko, 31, Dmitri Jegorov, 33, Valeri Aleksejev, 31, Konstantin Poltev, 28, and Anton Ivanov, 26, in Estonia on Monday. The U.S. Attorney’s Office in Manhattan will seek extradition. A seventh suspect, Andrey Taame, 31, a Russian national, is still on the loose, authorities said.
A federal grand jury indicted the suspects on various charges, including wire fraud conspiracy, computer intrusion conspiracy, and more. The feds unsealed the indictment Tuesday.
“The international cyber threat is perhaps the most significant challenge faced by law enforcement and national security agencies today, and this case is just perhaps the tip of the Internet iceberg,” said Preet Bharara, the U.S. attorney for the Southern District of New York. “It is also an example of the success that can be achieved when international law enforcement works together to root out internet crime. We are committed to continuing our vigilance and efforts–it is essential to our national security, our economic security, and our citizens’ personal security.”
The cyber scam involved using a class of malware called DNSChanger to infect approximately 4 million computers in more than 100 countries. About half a million computers in the United States were infected, authorities said. Among them were computers belonging to individuals, businesses, nonprofits, and government agencies. About 130 computers at NASA were infected, the AP reported. In fact, that discovery then led investigators on a digital trail to Eastern Europe.
The malware would change the DNS server settings on infected computers, according to the indictment. The computers would become infected when users visited certain websites or downloaded certain software to watch videos. The malware would then alter the DNS server settings to route the infected computers to the rogue DNS servers controlled and operated by the suspects, the indictment said.
Once rerouted, the computers would display fraudulent advertising ads and links that replaced legitimate ones on websites that users visited. Clicks to these ads and links resulted in payments to the suspects, the indictment said. They earned about $14 million in five years, authorities said.
The indictment outlines these examples of ad replacement fraud, according to the FBI:
- When the user of an infected computer visited the home page of the Wall Street Journal, a featured advertisement for the American Express “Plum Card” had been fraudulently replaced with an ad for “Fashion Girl LA.”
- When the user of an infected computer visited the Amazon.com website, a prominent advertisement for Windows Internet Explorer 8 had been fraudulently replaced with an ad for an email marketing business.
- When the user of an infected computer visited the ESPN website, a prominent advertisement for “Dr Pepper Ten” had been fraudulently replaced with an ad for a timeshare business.
“The Internet is pervasive because it is such a useful tool, but it is a tool that can be exploited by those with bad intentions and a little know-how,” said FBI Assistant Director in Charge Janice Fedarcyk. “In this context, international law enforcement cooperation and strong public-private partnerships are absolute necessities, and the FBI is committed to both.”
RESOURCES
Article source: http://www.myfoxny.com/dpp/news/fbi-malware-ring-infected-millions-of-computers-20111109-akd
View full post on National Cyber Security » Virus/Malware/Worms