Security researcher Brian Krebs has observed that the police action – against the gang that raked in at least $14 million – is possibly the “biggest cybercriminal takedown in history.”
According to the Krebs on Security newswire researcher, the swarm that the hackers controlled included a half a million machines in the US and that the action – 'Operation Ghost Click' – is the result of a multi-year investigation.
Estonian authorities, Krebs relayed, have arrested six men, including a 31-year-old who is the owner of several internet companies that have been closely associated with the malware community for many years. He is said to have previously headed EstDomains, a domain name registrar that handled the registrations for tens of thousands of domains associated with the infamous Russian Business Network.
“Reporting for the Washington Post in September 2008, I detailed how [a Russian's] prior convictions in Estonia for credit card fraud, money laundering and forgery violated the registrar agreement set forth by the Internet Corporation for Assigned Names and Numbers (ICANN), which bars convicted felons from serving as officers of a registrar. ICANN later agreed, and revoked EstDomains’ ability to act as a domain registrar, citing Tsastsin’s criminal history”, said Krebs in his latest security posting.
All six men, he added, were arrested and taken into custody this week by the Estonian Police and Border Guard. A seventh defendant, a 31-year-old Russian national, is still at large, he noted.
“Indictments returned against the defendants in the US District Court for the South District of New York detail how the defendants allegedly used a strain of malware generically known as DNS Changer to hijack victim computers for the purposes of redirecting web browsers to ads that generated pay-per-click revenue for the defendants and their clients”, he wrote, adding that the authorities allege the men made more than $14 million through click-jacking and advertisement replacement fraud.
In a press call with reporters, Krebs says that FBI officials reported they would be working with the IT industry to help notify ISPs about customers infected with DNS Changer.