A gang of internet 'cyber bandits' who stole $14 million after hacking into at least 4 million computers in an online advertising scam have been arrested following a joint investigation by the FBI and Nasa. Six men are in custody in Estonia, pending extradition to the United States, following a two-year investigation into an “intricate international conspiracy” that “hijacked” millions of computers around the world and stole more than US$14-million. The FBI's two-year investigation was dubbed "Operation Ghost Click".
Computers in more than 100 countries were infected by the “DNSChanger” malware, which redirected searches for Apple’s iTunes store to fake pages pretending to offer Apple software for sale, as well as sending those searching for information on the U.S. Internal Revenue Service to accounting company H&R Block, which allegedly paid those behind the scam a fee for each visitor via a fake internet ad agency.
“These defendants gave new meaning to the term ‘false advertising'," said Manhattan US Attorney Preet Bharara. "As alleged, they were international cyber bandits who hijacked millions of computers at will and re-routed them to websites and advertisements of their own choosing, collecting millions in undeserved commissions for all the hijacked computer clicks and internet ads they fraudulently engineered."
Here's some screenshots from the FBI's "Check to See if Your Computer is Using Rogue DNS" instructions.
Trend Micro, which helped supply information to the FBI on DNS Changer, hailed the law enforcement operation as the "biggest cyber criminal takedown in history." Whilst the rogue DNS servers have been replaced, many may still be infected. Head here to learn about how to check if your system is part of the DNS Changer botnet.