Six Estonians operated a vast internet fraud that infected approximately 4 million computers in more than a hundred countries–500,000 of which were in the US–according to a federal indictment unsealed in New York Wednesday. Their arrests in Estonia on Tuesday were the culmination of a two-year FBI probe named Operation Ghost Click.
The cyber ring, beginning in 2007, used what is called a DNSChange to interfere with unsuspecting people’s web browsing.
DNS, which stands for Domain-Name-System, is the system by which website names and urls are converted into numbers, allowing computers to communicate over a network. The DNSChanger was able to manipulate Internet advertising by redirecting user’s browsers not to the sites they intended to go to, but related sites controlled by the group. They generated $14 million in illicit fees from the scheme, and deprived legitimate businesses and advertisers of potential revenue.
The DNSChanger disabled the anti-virus software of some victim’s computers, exposing them to further viruses.
“They were organized and operating as a traditional business but profiting illegally as the result of the malware,” said one cyber agents that worked the case. “There was a level of complexity here that we haven’t seen before.”
The six Estonians were arrested in their homeland by local authorities on Tuesday, and the U.S. will seek extradition.