The US Department of Justice has indicted seven people for allegedly hijacking millions of computers and running a massive click-jacking fraud scheme that generated more than $14 million in advertising revenue. The defendants -- six Estonians and one Russian -- manipulated the Internet searches of said computers, redirecting users to sites they never intended to visit or swapping out advertisements on web pages, according to the indictment.
The criminal investigation started about two years ago as "Operation Ghost Click", after NASA discovered a virus on more than 100 of its computers. Investigators followed a digital trail to Eastern Europe, where the defendants had set up several companies masquerading as legitimate online advertisement publishers.
Using malware known as 'DNSChanger', they were able to force infected machines to rely on rogue DNS servers located in New York and Chicago and redirect victims' web searches to fraudulent IP addresses for over 15,000 domains. This resulted in many high profile websites, from iTunes to Amazon, redirecting users to other sites or replacing legitimate ads with on those pages with substitutes that triggered millions of dollars in ad revenue for the hackers.
The six Estonian defendants were arrested Tuesday in collaboration with the Estonian Police, but the U.S. is seeking to extradite them to face prosecution on American soil. The Russian suspect, Andrey Taame, is still on the loose. All of them are facing five counts of computer crime and wire fraud, while one of the Estonians, Vladimir Tsastsin, faces an additional 22 counts of money laundering. The wire fraud charges alone carry a maximum penalty of 30 years.