The defendants — six Estonians and one Russian — allegedly hijacked more than 4 million computers using malware that rerouted Internet traffic to websites where they would get a cut of the ad revenue. Infected computers with users looking for popular websites such as Netflix, Amazon, and iTunes were rerouted to webpages that featured the defendants’ ads.
This case is supposedly the “first of its kind,” according to US Attorney Preet Bharara, because the suspects set up their own “rogue servers” in order to perform the rerouting. Using their rogue servers, the defendants were allegedly able to substitute legitimate Internet ads with their own ads, thereby generating millions in advertising revenue.
According to BusinessWeek, the indictment cited a case in which an American Express ad on the Wall Street Journal’s home page was replaced — instantly, once users clicked on it — with an ad for “Fashion Girl LA.”
About 500,000 of the infected computers were located in the United States, Bharara said in a news conference in New York. The alleged scheme, which ran from 2007 to 2011, was first discovered at NASA, where 130 computers were infected.
The six Estonian defendants — Vladimir Tsastsin, Timur Gerassimenko, Dmitri Jegorow, Valeri Aleksejev, Konstantin Poltev, and Anton Ivanov — were arrested Tuesday, but the Russian suspect, Audrey Taame, remains at large.