Even NASA's computers were affected by the fraud scheme

Nov 10, 2011 08:00 GMT  ·  By

Six Estonians were arrested by the FBI for allegedly running the largest, most sophisticated international cyber criminal scheme the world has ever seen. While the crooks earned millions, the computers of individuals and organizations from 100 countries were infected with malicious software.

Operation Ghost Click ended after two years with the apprehension of the suspects which relied on clickjacking and DNS poisoning in order to complete their malevolent mission.

The numbers in this case are unbelievable high. Starting from 2007, the cybercriminals made $14 million (10 million EUR) in illegal income, 4 million computers being affected in over 100 countries, 500,000 of which were only from the US.

Devices belonging to individuals, government agencies, educational institutions, commercial businesses and even the National Aeronautics and Space Administration (NASA) were infected to take part in the sophisticated fraud.

The Estonians, Vladimir Tsastsin, 31, Timur Gerassimenko, 31, Dmitri Jegorov, 33, Valeri Aleksejev, 31, Konstantin Poltev, 28, And Anton Ivanov, 26, aided by a Russian who is still at large, served the victims pieces of malware that would alter their DNS settings to redirect them to advertisement websites which earned the villains tons of affiliate cash.

Besides this, the malware they spread also prevented the installation of security solutions, leaving the victims exposed to all sorts of threats coming from the internet.

“These defendants gave new meaning to the term, ‘false advertising.’ As alleged, they were international cyber bandits who hijacked millions of computers at will and re-routed them to Internet websites and advertisements of their own choosing—collecting millions in undeserved commissions for all the hijacked computer clicks and Internet ads they fraudulently engineered,” revealed Manhattan U.S. Attorney Preet Bharara.

“The international cyber threat is perhaps the most significant challenge faced by law enforcement and national security agencies today, and this case is just perhaps the tip of the Internet iceberg. It is also an example of the success that can be achieved when international law enforcement works together to root out internet crime. We are committed to continuing our vigilance and efforts—it is essential to our national security, our economic security, and our citizens’ personal security.”

The methods used by the suspects are not that uncommon, but because they didn't rely only on one single money making mechanism, they managed to earn millions.

By creating companies that masqueraded as legitimate publisher networks, they were able to sign contracts with ad brokers that paid them big-time for the traffic they generated. Also, to turn the odd in their favor, they hijacked websites and replaced the genuine ads with their own.

Each time an individual performed an internet search on a plagued machine, the rogue DNS servers would redirect them to a site cleverly designed by the defendants.

“These arrests illustrate the level of cooperation needed to confront the growing worldwide threat of cyber crime. We will continue working with our national and international colleagues to help protect governments, U.S. agencies like NASA, businesses, and individual users of the Internet from fraud and theft,” said NASA Inspector General Paul Martin.

Security solutions provider Trend Micro played an important role in the apprehension of the suspects and now, after the whole thing went down, the company posted an advisory for individuals and companies to learn if they are a victim of this scheme.

The FBI has built a database that contains the DNS addresses utilized by the suspects, so anyone who believes they might be a victim, can check their own DNS with the online tool provided by the Bureau.

Hopefully we'll soon manage to speak to Trend Micro’s Advanced Threats Researcher and key liaison with the FBI in this case, Paul Ferguson, so stay tuned to see how it all went down.