Officials charged the defendants with fraud and computer intrusion in a 27-count indictment on Nov. 3 and the records were unsealed today per media reports.
According to the Associated Press
, the seven "Internet bandits" created a scheme that hijacked over 4 million computers located in over 100 different countries.
To perpetuate the fraud, traffic on high-traffic websites such as Netflix, ESPN, Amazon, and the U.S. Internal Revenue Service, was manipulated and steered to other websites and, as a result, generated major click fraud
What was happening were users, unknowingly infected, were doing searches for certain information and instead of being directed to the official site, the computers were directed to other websites which would generate advertising revenue, which inflated the coffers of the fraudsters. Users who were manipulated in this scheme originally were infected through manipulation, which led them to download the malware which facilitated the fraud.
The New York Times
shows an image of an infected computer and a computer that had not been tainted by the malware. According to the NYT report, " Searches for terms like “IRS” and “iTunes” on an infected computer would send the user to sites that would pay the scammers a referral fee."
Bloomberg's Business Week
reported the indictment said,
“To protect the scheme from being thwarted, the malware used by the defendants and their co-conspirators was designed to prevent the installation of anti-virus software updates -- leaving the infected computers and their users unable to detect or stop the defendants’ malware."
At least 500,000 of the 4 million computers infected were infected in the U.S. Amongst the infected included NASA, several non-profits, educational institutions, commercial businesses and individual users. Reportedly this fraud has occurred over a five-year period and came to light when NASA discovered an infection.
"On a massive scale, the defendants gave new meaning to the term 'false advertising,'" U.S. Attorney Preet Bharara said, per the AP report. The problem was first discovered at NASA, where 130 computers were infected. Investigators followed a digital trail to Eastern Europe, where the defendants operated "companies that masqueraded as legitimate participants in the Internet advertising industry."
The crime gang, originating from Eastern Europe, are mostly in custody. Six of the accused are from Estonia and have been detained in that country, but the seventh member of the group is from Russia and is still at large. U.S. officials are looking to extradite the accused to the United States to answer to these charges.
Business Week reported this case is listed as U.S. v. Tsastsin, 11-cr-878, U.S. District Court, Southern District of New York (Manhattan).