DOJ indicts 7 very clever Internet crooks.

illustration by Russ Bellew

This scam rewarded hard work with huge income, while it lasted.

I’m not smart enough to have dreamed up this scam: hi-jack millions of users’ clicks and redirect them to ads that pay the crooks for each click. Allegedly, over 14 million dollars of income was collected since 2007. Six of the 7 indicted people reside in Estonia, where they have been arrested by the Estonian police. The US Department of Justice (DOJ) is seeking their extradition for trial in US federal court on charges of wire fraud and computer intrusion. The seventh suspect has not yet been located.

Part of the scheme employed a piece of malware that’s named DNSChanger. These guys spent serious time fabricating this scam: they had to first set up 2 bogus DNS (Domain Name Service) servers in the U.S., create and propagate the malware, create affiliate relationships with advertisers, create bogus websites, arrange payment with advertisers, etc. Basing the bogus DNS servers in the U.S. would guarantee fast DNS lookups for hijacked American victims.

I see plenty of DNSChanger infections

Want more info?
DNSChanger Malware details from the FBI (a well-done 6-page 360KB PDF file)

Last year I wrote about one instance (of many that I see) of DNS hijacking (Malware hi-jack of DNS address). A computer whose DNS record points to a malicious DNS server is “owned” by the bad guy who installed the redirection. My first thought was that the bad guy could harvest on-line banking login credentials. These Estonians fabricated a much more elaborate scheme, which was probably harder to detect than the scam that I’d imagined.

Articles with details of this scam

Joab Jackson, in a Computerworld article titled DOJ charges seven in massive clickjacking scheme fleshes out this story and CNET’s Seven accused in $14 million click-hijacking scam article by Elinor Mills adds still more detail. According to her story, the FBI spent 2 years investigating this case after NASA discovered DNSChanger on over 100 of its computers. This led to the discovery that the infection had spread to millions of computers in over 100 countries.

Visit my website:
© Russ Bellew · Fort Lauderdale, Florida, USA · phone 954 873-4695

One thought on “DOJ indicts 7 very clever Internet crooks.”

  1. It is amazing that the DOJ was on top of this!

    I’ve just been reading about their pals at the SEC, who were too busy reading porn for FOUR hours a day to catch Madoff, even after he was handed to them on a silver platter numerous times over the course of 10 years. The whistle-blower Markopolos said that half the lawyers working at the SEC should be fired for incompetence and that they “couldn’t find a steak at an Outback.”

    Today, 3 years later, the SEC announced disciplinary actions against those employees that were as harsh as a 30-day suspension for one while others received “counseling memos.” I don’t know what would happen to you if you failed to find a $50-billion fraud over the course of 10 years but I think most of us would be lucky if we were just fired!

    Anyhow, it’s nice to know that some small part of our government is functioning as it should. Hats off to DOJ on this one!


Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s