US dismantles massive cybercrime syndicate

Article posted in the BBC (www.bbc.co.uk) on 10th November 2011.

Cyber criminals who are alleged to have made $14m (£9m) from advertising fraud have been arrested in Estonia.

The FBI alleged that the gang infected more then four millioin computers in 100 countrieds with code that redirected users to online ads.

The six arrested are Estonian nationals while the seventh member of the gang, a Russian remains at large.

Security firms hailed the arrests as the “biggest cyber criminal take down in history.”

About 500,000 of the affected computers were in the US and many of the millions inadvertently enrolled in the fraud scheme were in government offices, schools and corporates.

Aiding the investigation into the scale of the scheme was US space agency Nasa which first discovered the malcious software on 130 of its computers. Security firm Trend Micro also provided key intelligence during the long investigation.

The FBI claimed that the “massive and sophisitcated internet fraud scheme” revolved around servers set up to surreptitiously reroute traffic to websites where the gang would get a cut of the advertising revenue.

Victims would start out trying to visit sites such as Amazon, Netflix and ESPN but instread end up on sites displaying adverts put together by the gang, said the FBI in a statement.

“These defendants gave new meaning to the term, ‘false advertising’” said Manhattan US attornery Preet Bharara, in a statement detailing the take down which the FBI dubbed “Operation Ghost Click.”

Describing the gang as “cyber bandits”, Mr Bharara alleged they collected “millions in undeserved commissions for all the hijacked computer cliks and internet ads they fraudulently engineered.”

The FBI, has produced a software tool that people can download to ru to see if they had been hit by the gang and were being re-directed. The gang reportedly tricked people into stalling the malicious code that hijacked their PC by disguising it as a codec required to watch adult movies.

More than 100 computers were seized in raids conducted at the same time as the arrests. The rogue address books have now been switched for servers that direct people to where they wanted to go.

Domestic ISPs are also being told about the people that were infected to give them a chance to clean up.

The defendants have been charged with five counts of wire fraud and computer intrusion crimes. If found guilty they have heavy jail sentences.