Archive
Seven Individuals Indicted for Engineering Sophisticated Internet Fraud Scheme That Infected Millions of Computers Worldwide
On November 9, 2011 the United States Attorney for the Southern District of New York announced charges against against six Estonian nationals and one Russian national for engaging in a massive and sophisticated Internet fraud scheme that infected with malware more than four million computers located in over 100 countries. Of the computers infected with malware, at least 500,000 were in the United States, including computers belonging to U.S. government agencies, such as NASA; educational institutions; non-profit organizations; commercial businesses; and individuals. The malware secretly altered the settings on infected computers enabling the defendants to digitally hijack Internet searches and re-route computers to certain websites and advertisements, which entitled the defendants to be paid. The defendants subsequently received fees each time these websites or ads were clicked on or viewed by users. The malware also prevented the installation of anti-virus software and operating system updates on infected computers, leaving those computers and their users unable to detect or stop the defendants’ malware, and exposing them to attacks by other viruses.
Six of the defendants, Vladimir Tsastin, Timur Gerassimenko, Dmitri Jegorov, Valeri Aleksejev, Konstantin Poltev and Anton Ivanov, all Estonian nationals, were arrested and taken into custody November 8, 2011 in Estonia by the Estonian Police and Border Guard Board. The U.S. Attorney’s Office will seek their extradition to the United States. The seventh defendant, Andrey Taame, a Russian national, remains at large.
As alleged in the indictment, from 2007 until October 2011, the defendants controlled and operated various companies that masqueraded as legitimate publisher networks (the “Publisher Networks”) in the Internet advertising industry. The Publisher Networks entered into agreements with ad brokers under which they were paid based on the number of times that Internet users clicked on the links for certain websites or advertisements, or based on the number of times that certain advertisements were displayed on certain websites. Thus, the more traffic to the advertisers’ websites and display ads, the more money the defendants earned under their agreements with the ad brokers. As alleged in the indictment, the defendants fraudulently increased the traffic to the websites and advertisements that would earn them money. The defendants accomplished this by making it appear to advertisers that the Internet traffic came from legitimate clicks and ad displays on the defendants’ Publisher Networks when, in actuality, it had not.
The defendants accomplished their scheme by employing both “click hijacking” and “advertising replacement fraud.” In “click hijacking” schemes the user of an infected computer clicks on a search result link displayed through a search engine query, the Malware causes the computer to be re-routed to a different website. Instead of being brought to the website to which the user asked to go, the user is brought to a website designated by the defendants. In “advertising replacement fraud” schemes the defendants used malware and rogue DNS servers which replaced legitimate advertisements on websites with substituted advertisements that triggered payments to the defendants. It is alleged in the indictment that both schemes earned the defendants at least $14 million in ill-gotten gains.
The defendants are being charged with wire fraud conspiracy, wire fraud, computer intrusion, computer intrusion conspiracy, and computer intrusion by transmitting information. The indictment also alleges that the defendants laundered the proceeds of the scheme through numerous companies.
The author of this blog is Erich Ferrari, an attorney specializing in Federal Criminal Defense matters. If you have any questions please contact him at 202-280-6370 or ferrari@ferrari-legal.com.
New York Appellate Court Broadens Reading of “Enterprise” Element of Racketeering Law – A “Cyber Crime” Enterprise
A majority panel of New York State Appellate Court judges reversed a lower court’s decision to throw out an indictment against an online money-transfer business for catering to buyers and sellers of stolen credit card information. The court determined that providing an online forum that facilitates some transactions between criminals is an ascertainable structure distinct from the criminal conduct itself.
Unlike an “enterprise” under the federal Racketeer Influenced and Corrupt Organizations (RICO) Act, New York state law requires an enterprise to have “an ascertainable structure distinct from that pattern of [criminal] activity.” Section 460.10. However, New York law does not require any particular structure for the enterprise, and nowhere does it indicate that it contemplates a traditional hierarchial organized model. Relying heavily on this last point, the court further eroded the difference between federal and state corrupt enterprises when it decided to reinstate the indictment against Western Express International.
The court stated that nothing in the statute requires the structure of a targeted enterprise to represent a “corporate flow chart,” “structure,” or “chain of command.” The opinion stated further that the indictment’s allegation that Western Express was a “cyber crime” enterprise was accurate since it enabled criminals to associate. The court opined that Western Express and its internet based business knowingly provided the forum and means with which criminals sold and purchased stolen credit card information. The court summarized the critical element opening Western Express to criminal liability with this: “the ‘structure’ at issue here is, essentially, a web site.”
The court went on to justify its position by stating that “although the forms of Internet crime have been evolving and becoming far more sophisticated over the decades since the [corrupt enterprises law] was first enacted, the question is not whether the Legislature had this particular type of criminal enterprise in mind when it formulated the language of the statute. Rather, we need only decide whether the structure of the enterprise at issue falls within its definition of enterprise corruption.”
The dangers of including websites as distinct structures for purposes of establishing a corrupt enterprise are apparent. Very little keeps an aggressive prosecutor from indicting websites that host chat rooms, publish comments, or any other online services that can be used by criminals to facilitate their activities. Blurring the line between reality and the seemingly anonymous world of the internet can sweep up more innocent individuals into the web that is criminal investigations.
The author of this blog is Erich Ferrari, an attorney specializing in Federal Criminal Defense matters. If you have any questions please contact him at 202-280-6370 or ferrari@ferrari-legal.com.
