Welcome to Benchmark!

Aidan Hiljeh

Estonian Hackers Perpetrate Massive Botnet Scam

Nov 30 2011, 07:52 PM by

We hear it all the time: “Beware. The internet is a dangerous place.” We often blow it off as an afterthought until hearing through the grapevine how someone caught a virus and had to wipe their hard drive clean to get rid of it. Or in this case, how a cyber crime ring took control of millions of computers and thieved millions of dollars in profits.

The FBI recently published a press release detailing what looks to be one of the most intricate hacking attacks in history. Seven people, six from Estonia and one from Russia, were indicted in a Manhattan court for allegedly pulling off a massive scheme that involved hijacking more than 4 million computers worldwide and using them to swindle millions of dollars in advertising revenue. The scam victimized machines in more than 100 countries, with at least 500,000 of them in the United States. Hijacked computers in the U.S. belonged to individuals, non-profit organizations, educational institutions and even government agencies like NASA.
A Detailed Look at the Alleged Crimes
The press release said the seven defendants are accused of utilizing malware to compromise vulnerable systems and literally force them to participate in the scam. The team of hackers are alleged to have committed the following crimes:
Internet-Based Fraud Scam
According to the indictment papers, the hackers carried out an elaborate scheme that ran from some time in 2007 until October 2011. This was done by purporting to be companies recognized as legitimate publisher networks in the online advertising industry. As publishers networks, they were able to enter agreements with the ad brokers who would pay them each time internet users clicked advertisements on certain websites. With help from third parties who were said to be in on the scam, the hackers used a combination of malware, specifically a Trojan horse program and rogue Domain Name System (DNS) servers to change the DNS settings on compromised machines. This was done to generate the traffic that would drive more than $14 million in fraudulent clicks.
Click Hijacking
The Trojan program was so vital in the scheme because it left victims vulnerable to the scam by not only altering their settings but also preventing their system and security tools from removing the infection. Once an infected user clicked on a link in the search results, they were redirected to a rogue site set up by the criminals instead of their intended destination. From there, each click the user made added to the big payoff the scam artists received. What is so interesting about all this is that the alleged criminals were getting revenue for unpaid links and other miscellaneous clicks that are essentially worthless as far as an advertising campaign goes.
Ad Replacement Fraud
To make the rogue sites appear legit to the infected user, the group of ambitious hackers replaced real advertisements with fake ads inserted with the sole purpose of padding their pockets. The example the indictment used was someone on an infected computer visiting the Wall Street Journal’s website and seeing a fraudulent advertisement for “Fashion Girl L.A.” in place of a legitimate ad for “American Express.” With this level of intricacy involved, it is safe to say that most users had no idea their machines were infected, nor that they were playing an active role in the scam.
Don’t Sleep on Security
The fact that the alleged hackers hijacked the computers of entities ranging from everyday Joes to corporations and government parties is another reminder that any system can be compromised. This particular group of criminals is likely going down, but we will surely see crimes similar to the ones they are said to have committed again. When the cyber attacks are launched, will your security system be strong enough to keep you protected?

Posted in Current Events

Related Blogs