Estonians, Russian charged in Internet ad scam

November 9, 2011

The online fraud involved redirecting Internet users searching for websites such as iTunes, Netflix to other sites

A man uses a laptop computer at a wireless cafe. Six Estonians and a Russian were charged on Wednesday with infecting computers, including NASA machines, with malware as part of an online advertising scam that reaped at least $14 million.

Six Estonians and a Russian were charged Wednesday with infecting computers, including NASA machines, with malware as part of an online advertising scam that reaped at least $14 million.

The Internet fraud, which took place between 2007 and October 2011, involved redirecting users searching for websites such as iTunes, Netflix and even the US tax collection agency to other sites.

The six Estonians -- Vladimir Tsastsin, 31, Timur Gerassimenko, 31, Dmitri Jegorov, 33, Valeri Aleksejev, 31, Konstantin Poltev, 28, and Anton Ivanov, 26, -- were arrested in Estonia on Tuesday and the United States will seek their extradition, US officials said.

Andrey Taame of Russia, 31, remains at large.

According to the indictment unsealed by the US attorney for the Southern District of New York, the seven engaged in a "massive and sophisticated scheme that infected at least four million computers located in over 100 countries."

Around 500,000 of the infected computers were in the United States, according to the indictment, and at least 10 belonged to the US space agency NASA.

The indictment said the group engaged in "click hijacking fraud," by directing the user of an infected computer who clicks on a search result to a website different than the one they wanted.

A search for the website of the US tax collection agency at http://www.irs.gov would reroute a user, for example, to the website of a tax preparation service, generating a payment to the defendants under an advertising contract.

"These defendants gave new meaning to the term 'false advertising,'" US Attorney Preet Bharara said in a statement.

"They were international cyber bandits who hijacked millions of computers at will and rerouted them to Internet websites and advertisements of their own choosing -- collecting millions in undeserved commissions for all the hijacked computer clicks and Internet ads they fraudulently engineered."

The arrests were the result of a two-year investigation by the US Federal Bureau of Investigation code-named "Operation Ghost Click" that involved the cooperation of the authorities in Estonia and the Netherlands.

The seven were each charged with five counts of computer intrusion and wire fraud, crimes which can draw sentences of between five and 30 years in prison.

Tsastsin was also charged with 22 counts of money laundering.