7 charged in first-of-kind online ad scam
If you're an internet enthusiast, there are several jobs available that can make use of your skills. Credit: ISTOCK
Manhattan federal prosecutors Wednesday charged seven Eastern European men in a first-of-its-kind cybercrime case, accusing them of using malware to hijack clicks on 4 million computers that generated $14 million in fraudulent ad revenue.
The alleged scam, which began in 2007 and was first detected on NASA computers, directed users to unwanted sites -- rerouting those who clicked on irs.gov to H&R Block, for example -- and also made unauthorized ads pop up on popular websites such as The Wall Street Journal.
The alleged fraudsters, six Estonians who are in custody and one fugitive Russian, had contracts that allowed them to profit from artificial spikes in advertisers' Web traffic. The advertisers were duped, prosecutors said.
"These defendants gave new meaning to the term false advertising," said Manhattan U.S. Attorney Preet Bharara. "They were international cyberbandits who hijacked millions of computers at will and rerouted them to Internet websites of their own choosing, collecting millions in undeserved commissions."
The key to the scheme was malicious software that was embedded on millions of computers in more than 100 countries -- including 500,000 in the United States -- when they visited certain websites or downloaded software to watch videos online.
That malware secretly altered Domain Name System settings on the computers, causing clicks to certain websites to be routed to servers controlled by the fraudsters, who redirected the user to a different site or inserted an unwanted ad.
Among other diversions, prosecutors said, the servers redirected users who wanted to go to Netflix to a website called Budget Match, and redirected users who thought they were going to the iTunes store to the site of a third-party marketer of Apple software.
In addition to The Wall Street Journal site, the server replaced a Dr Pepper ad on ESPN's website with a timeshare ad, and planted an ad for an email marketing business on the Amazon.com website. The malware also disabled anti-virus programs on infected computers to immunize itself.
Bharara said the amount of money stolen from advertisers and ad brokers, combined with the use of malware that connected users to fraudulently rigged servers, made the case a first-of-its-kind prosecution.
Officials said they disconnected rogue servers in New York, Chicago and elsewhere at 3 a.m. Wednesday, and immediately replaced them with legitimate servers so that service would not be interrupted on infected computers.
Authorities said instructions are available on the FBI website for individuals who want to check if their computer is infected.
Estonian police arrested six of the defendants -- ages 26 to 33 -- on Tuesday. Russian Andrey Taame, 31, is at large. They face multiple charges of wire fraud, conspiracy, computer intrusion and money laundering, with maximum sentences totaling more than 100 years.
Correction: A previous version of this story had a wrong byline.
Visiting Christmasland in Deer Park ... LI Works: Model trains ... Get the latest news and more great videos at NewsdayTV
Visiting Christmasland in Deer Park ... LI Works: Model trains ... Get the latest news and more great videos at NewsdayTV
