FBI Knocks Out Mammoth Estonian Cyber Ring
In one of the biggest cyber crackdowns in history, the FBI and international partners have arrested six Estonian nationals for hijacking computers worldwide to bilk the multi-billion dollar Internet advertising market, bureau officials announced on Wednesday.
About 4 million computers belonging to consumers, businesses and government agencies, including NASA, were infected by this "man-in-the-middle" attack that targeted the Domain Name System, or DNS, a service similar to a phone directory for the Internet. DNS translates alphabetical website names entered by users, like Apple.com, into numerical digits, or internet protocol addresses, that computers can understand and connect to.
In unsealing an indictment in New York on Tuesday, federal officials detailed a two-year FBI investigation dubbed Operation Ghost Click that pursued hackers operating mainly out of Estonia and Russia.
The indictment "describes an intricate international conspiracy conceived and carried out by sophisticated criminals," Janice Fedarcyk, assistant director in charge of the FBI New York office, said in a statement. "The harm inflicted by the defendants was not merely a matter of reaping illegitimate income."
Using malicious software called DNSChanger, the "Rove" criminal organization manipulated online ads to pocket at least $14 million, according to FBI officials. Sometimes, the gimmick opened up victims' computers to further corruption by preventing anti-virus software from updating.
DNSChanger can send visitors surfing on legitimate commercial websites, like iTunes, to bogus sites that purport to sell the company's goods. The ring would change the DNS settings on compromised computers to point to the wrong IP addresses. "They victimized legitimate website operators and advertisers who missed out on income through click hijacking and ad replacement fraud," Fedarcyk said.
The United States is trying to extradite the criminals, who were apprehended in Estonia on Tuesday. Internet users should be aware that DNSChanger may still be on their computers, bureau officials said, adding that people who believe their systems are infected should contact a computer professional.
Various private sector and international organizations assisted the FBI during the takedown, including the Estonia Police and Border Guard, Dutch National Police Agency, Georgia Tech University, Internet Systems Consortium, Team Cymru, Trend Micro and University of Alabama at Birmingham.