Skip Navigation

Close and don't show again.

Your browser is out of date.

You may not get the full experience here on National Journal.

Please upgrade your browser to any of the following supported browsers:

FBI Teams With 11 Countries to Unmask Scareware Ringleaders FBI Teams With 11 Countries to Unmask Scareware Ringleaders

This ad will end in seconds
 
Close X

Not a member? Learn More »

Forget Your Password?

Don't have an account? Register »

Reveal Navigation
 

 

Tech / TECHNOLOGY

FBI Teams With 11 Countries to Unmask Scareware Ringleaders

June 24, 2011

Nextgov.com is part of the National Journal Group Inc. and the Atlantic Media Company. It is a spin off of GovernmentExecutive.com and provides coverage and commentary on the management of information technology in the federal government. From time to time, Nextgov and GovernmentExecutive.com will share content and collaborate on features and events.

FBI officials coordinated with nearly a dozen countries to squelch two cybergangs that netted $74 million by downloading viruses onto more than 1 million victims' computers and then threatening to erase their hard drives unless they purchased pricey fixes.

The shakedown on purveyors of "scareware" is one of several recent law-enforcement efforts to nab the leaders of cybercrime rings by obtaining financial clues from overseas accounts through international cooperation, security experts say.

The nature of the Internet makes it hard for authorities to attribute computer crimes to specific individuals. Offenders exploit the anonymity of the Web to hide their true identities and use various foreign servers and bank accounts that are outside U.S. law enforcement's jurisdiction.

 

So Washington often relies on international partners to pinpoint a suspect's tangible assets, which are harder to conceal than virtual, online transactions, said Jesse McKenna, an analyst at fraud-prevention firm Silver Tail Systems; he previously designed intrusion -detection systems for online auction site eBay and its payment processing division, PayPal.

The scareware case, called Operation Trident Tribunal, involved 12 countries: the United States, Canada, Cyprus, France, Germany, Latvia, Lithuania, Netherlands, Romania, Sweden, Ukraine, and the United Kingdom.

"It's easy to mask your identity online," McKenna said. "It's pretty trivial to have a domain name registered under a fictitious identity ... [but] at the end, there is going to be a bank account, and someone is going to need to get to those funds."

During Trident Tribunal, U.S. authorities probably first focused attention on the malware inserted on the victims' computers rather than the perpetrators' servers at the other end, McKenna said.

"It's easy to create a fictitious identity to deceive forensic analysts on the server side," he said, but the user side is where the money exchange begins.

"At the end of the line, there is going to be a person who has a passport or some other identification who has set up the account because they need to get the money out," McKenna explained.

Earlier this month, U.S. Immigration and Customs Enforcement authorities thanked overseas attaché offices in Buenos Aires, Argentina; Brasilia, Brazil; and Bern, Switzerland; for help in seizing about $15 million in sales of counterfeit antivirus software from a fugitive's Swiss bank account.

In one of the two scareware investigations, an indictment unsealed on  Wednesday in federal court in Minneapolis said that defendants Peteris Sahurovs and Marina Maslobojeva defrauded Internet users of more than $2 million by infecting their computers with malicious software that froze or slowed their machines.

A copy of the document reviewed by Nextgov states that the pair corrupted computers by creating bogus advertising agencies such as "RevolTech Marketing" that placed malicious Internet ads on legitimate websites, including the Minneapolis Star Tribune's online newspaper.

The ads, "unbeknownst to the victim companies, contained computer code, which, in turn, caused the Internet browsers of victim Internet users who visited the victim companies' websites to be 'hijacked' or redirected without their consent to websites controlled by [the defendants]," the indictment stated. Then the visitor would be prompted with "a series of materially false 'security alert' messages, which claimed that the user's computer had been infected with malware and that the victim Internet user needed to purchase an antivirus product to fix the 'security issue.'"

The notices peddled a $49.95 product called Antivirus Soft.

In February 2010, the defendants' front company, RevolTech, placed an "ad" for Best Western International in the Star Tribune. The image actually redirected readers to a website hosted in Latvia that automatically downloaded scareware onto the victims' computers. Throughout the month, "visitors to the startribune.com website began experiencing slow system performance, unwanted pop-ups and total system failure," the indictment stated.

Users would then receive pop-ups with a phony "Windows Security Alert" message stating, "Windows reports that computer is infected. Antivirus software helps to protect your computer against viruses and other security threats. Click here for the scan you computer [sic]. Your system might be at risk now."

Next, messages notified the visitors that they needed Antivirus Soft to fix the security issue and instructed them to pay for the service by entering their credit-card numbers. If users ignored the messages, they would be bombarded by security alerts and unable to access anything on their computers. The indictment stated, "Victim computer users had to either pay $49.95 ... or over-write the computer hard-drive and lose all applications and data."

In the other scareware scheme, investigators at the FBI's Seattle office identified a variety of conceits that another group used to swindle $72 million from about 960,000 victims, such as guiding consumers to Web pages displaying bogus computer scans. The visitors' computers then flashed pop-ups stating that their systems contained viruses that required $129 antivirus software.

"Cyberthreats are a global problem, and no single country working alone can be effective against these crimes," Gordon M. Snow, assistant director of the FBI's  Cyber Division said in a statement.

U.S. Attorney B. Todd Jones of the District of Minnesota added, "The FBI, collaborating with our international law-enforcement and prosecution partners, have worked tirelessly to disrupt two significant cybercriminal networks. Their efforts demonstrate that no matter the country, Internet criminals will be pursued, caught and prosecuted."

LIKE THIS STORY? Sign up for Tech Edge

Sign up for our daily newsletter and stay on top of tech coverage.

Sign up form for Tech Edge
Job Board
Search Jobs
Biomedical Service Internship Position
American Society of Civil Engineers | Flint, MI
Fire Sprinkler Inspector
American Society of Civil Engineers | Charlotte, NC
Professional Development Program Engineer
American Society of Civil Engineers | Farmington Hills, MI
Deputy Director of Transit Operations
American Society of Civil Engineers | San Jose, CA
Transportation Planner
American Society of Civil Engineers | Salinas, CA
Assistant Professor - Water Resources/Ecological Engineering
American Society of Civil Engineers | Auburn, AL
Product Manager - Chemical Development and Supply - Tulsa, OK
American Society of Civil Engineers | Tulsa, OK
Commissioning Intern
American Society of Civil Engineers | Chicago, IL
Assessment and Remediation Team Lead
American Society of Civil Engineers | Regina, SK
Business Development Manager
American Society of Civil Engineers
Sr. Controls Systems Engineer
American Society of Civil Engineers | Grand Island, NE
Senior Project Manager- Transportation
American Society of Civil Engineers | San Antonio, TX
Materials Engineer 2
American Society of Civil Engineers | IL
Land Surveyor
American Society of Civil Engineers
Quality Engineer
American Society of Civil Engineers | Attica, IN
 
Comments
comments powered by Disqus