US: Estonian Sentenced For Fraud that Infected Four Million Computers

An Estonian national who ran an internet fraud scheme that infected more than four million computers worldwide was sentenced yesterday to more than seven years in prison, the US Attorney’s Office in New York said.

Screen_Shot_2016-04-27_at_4.54.03_PM.png(Photo Credit: Wikimedia) Judge Lewis Kaplan called the crimes “brazen, sophisticated, and outrageous”, and sentenced Vladimir Tsastsin to 87 months in prison. He was fined US$ 2.5 million, will have to pay a US$ 200 special assessment fee, and was given one year of supervised release, the Attorney’s Office wrote.  

The office said that Tsastsin pled guilty last year on a charge of conspiracy to commit wire fraud and computer intrusion for his role in the scheme, which netted him and his co-conspirators more than US$ 14 million. From 2007 until October 2011, the cybercriminals operated fraudulent companies in the internet advertising industry that entered into legitimate deals with ad brokers. The criminals used malware and rogue domain name servers to reroute legitimate websites to ones where the criminals could collect advertisement revenue.

Advertisers who paid for internet traffic were not aware that the activity was based on so called “hijacked” clicks, according to Bloomberg. Another part of the scheme saw the cybercriminals replacing ads on websites with their own, depriving the actual operators of revenue, Bloomberg said. At least a dozen front companies were created in order to acquire infrastructure, enter into contracts and launder proceeds from the scheme, the Attorney’s Office wrote.

Bloomberg said that computers in at least 100 countries were infected, including users within the National Aeronautics and Space Administration and other US government agencies. In 2008, Tsastsin was convicted in Estonia over a payment hacking scheme. He faces further prison time in Estonia after being convicted in 2011 over money-laundering charges, Reuters reported.

Cybercrime is a hugely profitable industry, with the average annual losses to U.S. companies from cybercrime exceeding US$ 15 million in 2015, according to the International Business Times. Most cybercrime gangs operate in former Soviet states, but concerns are that cybercriminal activity could establish itself in Africa due to increased connectivity within the continent.