The Department of Justice, the FBI, and multiple international law enforcement partners, announced this week they have indicted two individuals from Latvia and seized more than 40 computers, servers, and bank accounts. Part of Operation Trident Tribunal, which targets international cyber crime, the latest raid disrupted cyber crime groups that caused more than $74 million in losses to more than 1 million computer users via the sale of scareware.

Warrants obtained in the US led to the seizure of 22 computers and servers while 25 computers and servers located abroad were also taken down as part of the operation, including equipment in the Netherlands, Latvia, Germany, France, Lithuania, Sweden, and the UK. The computers were used to operate a scareware scheme, which consists of tricking users into paying for fake security software.

Scareware refers to malicious software that poses as legitimate antimalware software and purports to detect a variety of threats on the affected computer that do not actually exist. Users are then informed they must purchase a tool to repair their computers and are bombarded with notifications until they supply their credit card number to pay for the fake product.

The FBI is warning users they should avoid purchasing computer security products that use unsolicited "free computer scans" to sell their products. Instead, they should maintain an updated operating system and use legitimate up-to-date antivirus software, which can detect and remove fraudulent scareware products. If you think you have been victimized by scareware, you can file a complaint with the FBI's Internet Crime Complaint Center. The organization gives three tips for spotting a scareware scam:

  • Scareware advertising is difficult to dismiss. Scareware purveyors employ aggressive techniques and badger users with pop-up messages into purchasing their products. These fake alerts are often difficult to close and quickly reappear.
  • Fake anti-virus products are designed to appear legitimate, and can use names such as Virus Shield, Antivirus or VirusRemover. Only install software from trusted sources that you seek out. Internet service providers often make name-brand anti-virus products available to their customers for free.
  • Become familiar with the brand, look and functionality of the legitimate anti-virus software that is installed on your computer. This will assist you in identifying scareware.

Operation Trident Tribunal was conducted by the following groups:

FBI's Cyber Division, Seattle Field Office and Minneapolis Field Office; the Computer Crime and Intellectual Property Section and the Asset Forfeiture and Money Laundering Section of the Justice Department's Criminal Division; the U.S. Attorney's Office for the District of Minnesota; and the U.S. Attorney's Office for the Western District of Washington. Operation Trident Tribunal was the result of significant international cooperation and substantial assistance from the Criminal Division's Office of International Affairs. Multiple foreign law enforcement partners provided invaluable assistance in this operation, including the Cyprus National Police in cooperation with its Unit for Combating Money Laundering (MOKAS); German Federal Criminal Police (BKA); Latvian State Police; Security Service of Ukraine; Lithuanian Criminal Police Bureau; French Police Judiciare; the Netherlands' National High-Tech Crime Unit; the Cyber Unit of the Swedish National Police; London Metropolitan Police; Romania's Directorate for Combating Organized Crime; and the Royal Canadian Mounted Police.

"Scareware is just another tactic that cyber criminals are using to take money from citizens and businesses around the world," Gordon M. Snow, Assistant Director of the FBI's Cyber Division, said in a statement. "This operation targeted a sophisticated business enterprise that had the capacity to steal millions. Cyber threats are a global problem, and no single country working alone can be effective against these crimes. The FBI thanks the participating foreign law enforcement agencies for their ongoing partnership and commitment in disrupting this threat."