Hackers Hijack Millions of Computers For Online Ad Scam

More than four million computers around the world were hijacked by hackers who diverted Internet traffic to reap millions of dollars from online advertisements, federal authorities said Wednesday.

The FBI said it had arrested six men from Estonia and charged them with running a sophisticated Internet fraud ring that netted more than $14 million in online advertising revenue.

The two-year FBI investigation, which was dubbed "Operation Ghost Click," found that hackers were running companies that were paid based on the number of times Internet users clicked on links for certain advertisements or how often those ads were displayed on certain websites, authorities said. According to the indictment, the computers were infected with malware when they visited certain websites or downloaded certain software from websites, including software used to watch online videos.

Since 2007, the men infected computers in 100 countries with a virus that redirected unsuspecting Internet users to bogus websites featuring those advertisements, according to an indictment unsealed Wednesday in the US District Court for the Southern District of New York.

"[The indictment] describes an intricate international conspiracy conceived and carried out by sophisticated criminals," FBI Assistant Director in Charge Janice Fedarcyk said.

One part of the scheme involved what authorities call "click-hijacking." When users of the infected computers clicked on a link in a search result, they were redirected to a different website that generated ad revenue for the hackers, authorities said.

For example, if a user searched for the term "itunes," the search result would display the official iTunes website -- www.apple.com/itunes -- but would take the user to another website not affiliated with Apple. Users were similarly rerouted to unaffiliated sites when searching for the official websites of Netflix and the Internal Revenue Service, according to the indictment.

Another scheme involved what is called "advertising replacement fraud," in which the defendants replaced legitimate advertisements on websites with substitute advertisements that generated revenue for the hackers, authorities said. The defendants were able to replace ads on the websites of the Wall Street Journal, Amazon.com and Espn.com, according to the indictment.

Those charged are Vladimir Tsastsin, Timur Gerassimenko, Dmitri Jegorov, Valeri Aleksejev, Konstantin Poltev and Anton Ivanov. They were arrested Tuesday in Estonia by local authorities, and the U.S. will seek to extradite them, the FBI said. A seventh alleged hacker, Andrey Taame of Russia, has been charged but not yet arrested.

The malware used in the scheme is called a "DNSChanger" and was also designed to prevent the infected computers from installing antivirus software updates. The defendants registered thousands of IP addresses and rented servers from a data center in New York to run the scheme, authorities said.

Fedarcyk said the online fraud ring shows the dark side of what Thomas Friedman described in his popular book "The World is Flat."

"By identifying subjects in Estonia who caused a server in Manhattan to direct a user in Germany to a website in California, the FBI has proved the world is truly flat," Fedarcyk said.