NASA, IRS hit in international cyber hijacking

Wednesday - 11/9/2011, 7:55pm EST

By TOM HAYS
Associated Press

NEW YORK (AP) - NASA and the Internal Revenue Service were among the victims of a crew of Internet bandits. The hackers devised an international scheme to hijack more than 4 million computers to generate at least $14 million in fraudulent advertising revenue, federal prosecutors said Wednesday.

About 500,000 computers in the United States were infected with malware, including those used by ordinary users, educational institutions, nonprofits and government agencies, U.S. Attorney Preet Bharara said at a Manhattan news conference.

Bharara called the case "the first of its kind" because the suspects set up their own "rogue servers" to secretly reroute Internet traffic to sites where they had a cut of the advertising revenue.

Six of the seven people named in the indictment were Estonians who were in custody in that country, and extradition was being sought, prosecutors said; one Russian remained at large. As part of the takedown, the FBI disabled the rogue servers without interrupting Internet service, authorities said.

The problem was first discovered at NASA, where 130 computers were infected. Investigators followed a digital trail to Eastern Europe, where the defendants operated "companies that masqueraded as legitimate participants in the Internet advertising industry," according to an indictment unsealed on Wednesday.

The defendants "engaged in a massive and sophisticated scheme that infected at least 4 million computers located in over 100 countries with malicious software or malware," the indictment said. "Without the computer users' knowledge or permission, the malware digitally hijacked the infected computers to facilitate the fraud."

Once their computers were infected, people seeking to visit Netflix, the IRS, ESPN, Amazon and other legitimate sites were redirected to sites where the defendants collected income for each click on an ad, authorities said. The malware and corrupted servers also allowed the defendants to substitute legitimate ads on other websites with replacement ads that earned them more illicit income, they added.

"On a massive scale, the defendants gave new meaning to the term `false advertising,"' Bharara said.

The indictment estimated the defendants "reaped least $14 million in ill-gotten gains" over a five-year period.

(Copyright 2011 by The Associated Press. All Rights Reserved.)

This story is part of Federal News Radio's daily Cybersecurity Update. For more cybersecurity news, click here.