Share

Related Links

  • Krebs on Security
  • Reed Exhibitions Ltd is not responsible for the content of external websites.

Related Stories

  • The real world consequences of an APT hack
    Security researcher Brian Krebs has detailed an interesting analysis of how an APT attack ended up with Chinese hackers effectively running amok on a hedge fund's IT resource – and how the company dealt with the problem.
  • Large-scale spam campaigns lead to online banking heists
    According to security researcher Brian Krebs, phishers and cybercriminals have been casting an unusually wide net of late, sending out huge volumes of fraudulent email designed to spread password-stealing banking trojans. And, he reports, judging from the number of victims that have reportedly costly cyberheists in the past two weeks, many small to medium sized organizations have been taking the bait.
  • MySQL.com web site hacked to serve up malware
    Reports are coming in that the MySQL.com site was hacked and booby-trapped to serve up malware earlier this week – unconfirmed reports from security researcher Brian Krebs suggest that hacked access to the site was sold by cybercriminals for $3,000.
  • Arrested LulzSec suspect was looking for position with US Department of Defense
    As reported elsewhere over the weekend, a 23-year-old Arizona man was arrested late last week in connection with the hack of Sony Pictures Entertainment in May and was, according to security researcher Brian Krebs, a model student who saw himself one day defending networks at the Department of Defense and the National Security Agency.
  • Security researcher reveals who may be the TDSS botnet master's identity
    As part of an ongoing series of reports into the TDSS botnet, security researcher Brian Krebs has revealed some interesting information on the Russian who “has close ties” to the botnet's operation.

Top 5 Stories

News

Estonia takes down massive cybercriminal net

10 November 2011

Reports are coming in that officials in Estonia – arguably one of the most internet-savvy governments in the world – have taken down a massive DNS-changing cybercrime operation involving a click-fraud program that infected more than four million computers in over 100 countries.

Security researcher Brian Krebs has observed that the police action – against the gang that raked in at least $14 million – is possibly the “biggest cybercriminal takedown in history.”

According to the Krebs on Security newswire researcher, the swarm that the hackers controlled included a half a million machines in the US and that the action – 'Operation Ghost Click' – is the result of a multi-year investigation.

Estonian authorities, Krebs relayed, have arrested six men, including a 31-year-old who is the owner of several internet companies that have been closely associated with the malware community for many years. He is said to have previously headed EstDomains, a domain name registrar that handled the registrations for tens of thousands of domains associated with the infamous Russian Business Network.

“Reporting for the Washington Post in September 2008, I detailed how [a Russian's] prior convictions in Estonia for credit card fraud, money laundering and forgery violated the registrar agreement set forth by the Internet Corporation for Assigned Names and Numbers (ICANN), which bars convicted felons from serving as officers of a registrar. ICANN later agreed, and revoked EstDomains’ ability to act as a domain registrar, citing Tsastsin’s criminal history”, said Krebs in his latest security posting.

All six men, he added, were arrested and taken into custody this week by the Estonian Police and Border Guard. A seventh defendant, a 31-year-old Russian national, is still at large, he noted.

“Indictments returned against the defendants in the US District Court for the South District of New York detail how the defendants allegedly used a strain of malware generically known as DNS Changer to hijack victim computers for the purposes of redirecting web browsers to ads that generated pay-per-click revenue for the defendants and their clients”, he wrote, adding that the authorities allege the men made more than $14 million through click-jacking and advertisement replacement fraud.

In a press call with reporters, Krebs says that FBI officials reported they would be working with the IT industry to help notify ISPs about customers infected with DNS Changer.

This article is featured in:
Compliance and Policy  •  Internet and Network Security  •  Malware and Hardware Security

 

Comment on this article

You must be registered and logged in to leave a comment about this article.

We use cookies to operate this website and to improve its usability. Full details of what cookies are, why we use them and how you can manage them can be found by reading our Privacy & Cookies page. Please note that by using this site you are consenting to the use of cookies. ×