A $14-million international Internet advertising fraud scheme has been brought down by a coalition of American and Estonian authorities, Preet Bharara, U.S. attorney for New York's southern district, said during a Wednesday afternoon press conference in Manhattan.
The scheme, which Bharara deemed a massive Internet fraud, and was allegedly led by six Estonian nationals arrested in recent days in that Eastern European country and one unapprehended Russian national believed to still be on the run in Russia as of Wednesday afternoon, targeted more than four million computers worldwide.
He went on to say that he believes it is the first case of its kind to yield criminal charges, as the international law enforcement community is trying to adapt to the changing methods of Internet criminals.
What we see in cases like today's is likely just the tip of the internet iceberg, Bharara said. Today's case is just the latest iteration of the growing Internet threat.
An indictment detailing the wire fraud, conspiracy to commit wire fraud, computer intrusion, conspiracy to commit computer intrusion and money laundering charges the men face was unsealed and released at the Wednesday press conference.
The scam worked on a number of levels. Under one method, called click hijacking, people's computers were infected with malicious software on their computers that then redirected them from the websites they clicked on in search results or typed in their menu bars.
Rather than reaching the sites they wanted, targeted individuals would instead be sent to sites where the suspects allegedly were running web ads and getting paid by advertisers for it through phony companies they set up all over the world.
Janice Fedarcyk, assistant director-in-charge of the New York office of the FBI, who was a key player in the investigation of the scheme, called the malware akin to an antibiotic-resistant bacterium.
Another scheme detailed in the indictment is known as advertising replacement, under which the suspects allegedly replaced legitimate advertisements on websites with ones that triggered payments to their companies.
On a massive scale, then, the defendants gave new meaning to the term false advertising, Bharara said in explaining the scheme.
The suspects allegedly even went so far as to block the anti-virus software and operating system updates of the infected users' computers, thereby ensuring they would not be able to fix the problem.
At 3 a.m. Wednesday, the FBI unplugged and dismantled the defendant's alleged bad servers, which were key in furthering their scheme, let Internet service providers know what was going on, and moved affected computer users onto good servers, all with little to no Internet service interruption, Bharara and Fedarcyk said.
Today with the flip of a switch, the FBI, with the help of its partners, dismantled an international criminal enterprise, Fedarcyk said.
The scheme came to light when about 130 computers at the National Aeronautics and Space Administration (NASA) became infected with malware, and took nearly four years to bring to a successful resolution.
Paul Martin, inspector general at NASA, said at the press conference that there were no indications that there has been any operational harm due to the fraud scheme or the malware.
The apprehended Estonian suspects are Vladimir Tsatsin, Timur Gerassimenko, Dmitri Jegorov, Valeri Aleksejev, Konstatin Poltev and Anton Ivanov. They are in custody in Eastern Europe awaiting extradition to the U.S., Bharara said. The Russian man still on the run as of Wednesday is Andrey Taame.
For tips on how to avoid becoming a victim of internet fraud, visit fbi.gov.