NEW YORK (AP) — Internet bandits devised an international scheme to hijack more than 4 million computers in more than 100 countries, manipulating traffic on Netflix, the U.S. Internal Revenue Service and other popular websites to generate at least $14 million in fraudulent advertising revenue, federal prosecutors said Wednesday.
Six of the seven people named in the indictment unsealed Wednesday are Estonians who are in custody in that country, and prosecutors said extradition was being sought. One Russian remains at large.
About 500,000 computers in the United States were infected with malware, including those used by individuals, educational institutions, nonprofits and government agencies like NASA, U.S. Attorney Preet Bharara told a news conference.
Bharara called the case the first of its kind because the suspects set up their own "rogue" servers to secretly reroute Internet traffic to sites where they had a cut of the advertising revenue.
"On a massive scale, the defendants gave new meaning to the term 'false advertising,'" Bharara said.
The problem was first discovered at NASA, where 130 computers were infected. Investigators followed a digital trail to Eastern Europe, where the defendants operated "companies that masqueraded as legitimate participants in the Internet advertising industry," according to the indictment.
"Without the computer users' knowledge or permission, the malware digitally hijacked the infected computers to facilitate the fraud," the indictment says.
Once their computers were infected, people seeking to visit Netflix, the IRS, ESPN, Amazon and other legitimate sites were redirected to sites where the defendants collected income for each click on an ad, authorities said. The malware and corrupted servers also allowed the defendants to substitute legitimate ads on other websites with replacement ads that earned them more illicit income, they added.
The indictment estimated the defendants "reaped least $14 million in ill-gotten gains" over a five-year period.
