Six Estonians arrested in ‘cyber-infestation’

Federal authorities charged six Estonians and a Russian with running a huge cybercrime enterprise Wednesday, alleging they infected more than 4 million computers in 100 countries with malicious software and earned $14 million in fraudulent advertising fees from them.

The FBI also got a judge’s permission to take off-line the cybergang’s servers, which were redirecting Web traffic from the infected computers. The first-of-its-kind court order highlights the kind of novel legal tactics federal authorities are using to fight Internet crime.

FBI Assistant Director Janice K. Fedarcyk said at a news conference in New York that the bureau had, “with the flip of a switch, dismantled the Rove criminal enterprise,” named for the Estonian firm, Rove Digital.

She called the enterprise “an intricate, international conspiracy conceived and carried out by sophisticated criminals” for more than four years.

Six suspects were arrested in Estonia on Wednesday, said Preet Bharara, the U.S. attorney for the Southern District of New York. He said the United States will seek the extradition of the six Estonians: Vladmir Tsastsin, 31; Timur Gerassimenko, 31; Dmitri Jegorov, 33; Valeri Aleksejev, 31; Konstantin Poltev, 28; and Anton Ivanov, 26.

The Russian suspect, Andrey Taame, 31, is still at large.

“We believe this criminal case is the first of its kind, and it arises from a cyber-infestation of the first order,” Mr. Bharara said.

The gang infected a half-million computers in the United States with malicious software, or malware, Mr. Bharara said. The gang mainly attacked home personal computers, but it also infected many computers in private-company and government networks, including more than 130 owned by NASA.

He explained that the malware - called DNSChanger - covertly redirected users of the infected computers to advertising or commercial websites when they clicked on search results.

The websites paid a small fee to front companies the gang set up. Such arrangements are common on the Internet, where advertisers pay per “click through” every time a user arrives on their site after clicking on an advertisement on another site.

The per-click payments are typically very small, just a fraction of a cent.

But with 4 million infected computers, the fees mounted quickly over the four years of the scheme, Mr. Bharara said. The gang is charged with collecting “at least” $14 million in undeserved commissions for all the hijacked computer clicks and Internet ads they fraudulently engineered,” he said.

The malware also prevented infected computers from downloading anti-virus updates, leaving them exposed to other kinds of malware as well, he said.

Ms. Fedarcyk touted the FBI’s efforts to help the owners of infected computers by seizing the servers used in the scam.

Officials emphasized that the case would have been impossible to build without international cooperation, especially from Estonian authorities.

NASA Inspector General Paul K. Martin said the case began when “members of the private-sector [computer] security community” raised concerns to his staff and FBI officials at a conference two years ago.