Related Links

  • Krebs on Security
  • Reed Exhibitions Ltd is not responsible for the content of external websites.

Top 5 Stories


Estonia takes down massive cybercriminal net

10 November 2011

Reports are coming in that officials in Estonia – arguably one of the most internet-savvy governments in the world – have taken down a massive DNS-changing cybercrime operation involving a click-fraud program that infected more than four million computers in over 100 countries.

Security researcher Brian Krebs has observed that the police action – against the gang that raked in at least $14 million – is possibly the “biggest cybercriminal takedown in history.”

According to the Krebs on Security newswire researcher, the swarm that the hackers controlled included a half a million machines in the US and that the action – 'Operation Ghost Click' – is the result of a multi-year investigation.

Estonian authorities, Krebs relayed, have arrested six men, including a 31-year-old who is the owner of several internet companies that have been closely associated with the malware community for many years. He is said to have previously headed EstDomains, a domain name registrar that handled the registrations for tens of thousands of domains associated with the infamous Russian Business Network.

“Reporting for the Washington Post in September 2008, I detailed how [a Russian's] prior convictions in Estonia for credit card fraud, money laundering and forgery violated the registrar agreement set forth by the Internet Corporation for Assigned Names and Numbers (ICANN), which bars convicted felons from serving as officers of a registrar. ICANN later agreed, and revoked EstDomains’ ability to act as a domain registrar, citing Tsastsin’s criminal history”, said Krebs in his latest security posting.

All six men, he added, were arrested and taken into custody this week by the Estonian Police and Border Guard. A seventh defendant, a 31-year-old Russian national, is still at large, he noted.

“Indictments returned against the defendants in the US District Court for the South District of New York detail how the defendants allegedly used a strain of malware generically known as DNS Changer to hijack victim computers for the purposes of redirecting web browsers to ads that generated pay-per-click revenue for the defendants and their clients”, he wrote, adding that the authorities allege the men made more than $14 million through click-jacking and advertisement replacement fraud.

In a press call with reporters, Krebs says that FBI officials reported they would be working with the IT industry to help notify ISPs about customers infected with DNS Changer.

This article is featured in:
Compliance and Policy  •  Internet and Network Security  •  Malware and Hardware Security


Comment on this article

You must be registered and logged in to leave a comment about this article.

We use cookies to operate this website and to improve its usability. Full details of what cookies are, why we use them and how you can manage them can be found by reading our Privacy & Cookies page. Please note that by using this site you are consenting to the use of cookies. ×