FBI disrupts international cybercrime rings distributing 'scareware'

[News_Editor]

FBI disrupts international cybercrime rings distributing 'scareware'

2011-06-23 06:30:35 GMT+7 (ICT)

WASHINGTON, D.C. (BNO NEWS) -- U.S. prosecutors on Wednesday announced that the U.S. Federal Bureau of Investigation (FBI), along with other international law enforcement agencies, has indicted two citizens from Latvia and disrupted international cybercrime rings which were distributing so-called scareware.

Scareware is malicious software that poses as legitimate computer security software and purports to detect a variety of threats on the affected computer that do not actually exist. Users are then informed they must purchase what they are told is anti-virus software in order to repair their computers. The users are then barraged with aggressive and disruptive notifications until they supply their credit card number and pay for the 'anti-virus' product, which is, in fact, fake.

According to the U.S. Department of Justice, Operation Trident Tribunal led to the indictment of two individuals in Latvia and the seizure of more than 50 computers, servers and bank accounts in a number of countries. It is estimated that the targeted cybercrime rings caused more than $74 million in total losses to more than one million computer users through the sale of fraudulent computer security software.

The operation led to the seizure of 22 computers and servers in the United States that were allegedly involved in facilitating and operating a scareware scheme. In addition, 25 computers and servers located abroad were taken down as part of the operation, including equipment in the Netherlands, Latvia, Germany, France, Lithuania, Sweden and the United Kingdom.

The first of the international criminal groups disrupted by Operation Trident Tribunal infected hundreds of thousands of computers with scareware and sold more than $72 million worth of the fake antivirus product over a three-year period. The scareware scheme used a variety of ruses to trick consumers into unknowingly infecting their computers with the malicious scareware products, including web pages featuring fake computer scans.

Once the scareware was downloaded, victims were notified that their computers were infected with a range of malicious software, such as viruses and Trojans and badgered into purchasing the fake antivirus software to resolve the non-existent problem at a cost of up to $129. An estimated 960,000 users were victimized by this scareware scheme, leading to $72 million in actual losses. Latvian authorities also executed seizure warrants for at least five bank accounts that were alleged to have been used to funnel profits to the scam's leadership.

A second international crime ring disrupted by Operation Trident Tribunal relied on online advertising to spread its scareware products, a tactic known as "malvertising." An indictment unsealed on Wednesday in the U.S. District Court in Minneapolis charges the two operators of this scareware scheme with two counts of wire fraud, one count of conspiracy to commit wire fraud and one count of computer fraud.

The defendants, Peteris Sahurovs, 22, and Marina Maslobojeva, 23, were arrested on Tuesday in Rezekne, Latvia, on the charges filed in the District of Minnesota. According to the indictment, the defendants created a phony advertising agency and claimed that they represented a hotel chain that wanted to purchase online advertising space on the Minneapolis Star Tribune's news website, startribune.com. The defendants provided an electronic version of the advertisement for the hotel chain to the Star Tribune, and technical staff at startribune.com tested the advertising and found it to operate normally.

According to court documents, after the advertisement began running on the website, the defendants changed the computer code in the ad so that the computers of visitors to startribune.com were infected with a malicious software program that launched scareware on their systems. The scareware caused users' computers to "freeze up" and then generate a series of pop-up warnings in an attempt to trick users into purchasing purported "antivirus" software, which was, in fact, fake.

Users' computers "unfroze" if the users paid the defendants for the fake antivirus software, but the malicious software remained hidden on their computers. Users who failed to purchase the fake antivirus software found that all information, data and files stored on the computer became inaccessible. The scam allegedly led to at least $2 million in losses.

If convicted, the defendants face penalties of up to 20 years in prison and fines of up to $250,000 on the wire fraud and conspiracy charges, and up to 10 years in prison and fines of up to $250,000 on the computer fraud charge. The defendants also face restitution and forfeiture of their illegal profits.

"Today's operation targets cybercrime rings that stole millions of dollars from unsuspecting computer users," said Assistant Attorney General Lanny A. Breuer of the Justice Department's Criminal Division. "These criminal enterprises infected the computers of innocent victims with malicious scareware, and then duped them into purchasing fake anti-virus software. Cybercrime is profitable, and can prey upon American consumers and companies from nearly any corner of the globe. We will continue to be aggressive and innovative in our approach to combating this international threat. At the same time, computer users must be vigilant in educating themselves about cyber security and taking the appropriate steps to prevent dangerous and costly intrusions."

"This case shows that strong national and global partners can ensure there is no sanctuary for cyber-crooks," said U.S. Attorney Jenny A. Durkan of the Western District of Washington. "We will continue to work with the public and the computer industry, to fortify our cyber defenses. A combination of safe online habits and smart technology will help reduce the threat posed by these organized criminal groups."

on Tuesday, the New York Times reported that the FBI had seized web servers in a raid on a data center in Reston, Virginia. While the FBI has not commented on the raid, it may be related to Wednesday's announcement.

According to the report, the FBI raid happened at around 1.15 a.m. local time and targeted servers of DigitalOne, which is based in Switzerland. It knocked dozens of websites offline which were apparently not the target of the investigation.

"After FBI's unprofessional 'work' we can not restart our own servers, that's why our Web site is offline and support doesn't work," DigitalOne's chief executive, Sergej Ostroumow, was cited as saying. Their sites remained offline on late Wednesday evening, nearly two days after the raid took place.

-- © BNO News All rights reserved 2011-06-23