An Estonian man who ran an organized cybercrime ring that infected more than four million PCs in over 100 countries with moneymaking malware has pleaded guilty in New York to wire fraud and computer intrusion charges.
Vladimir Tsastsin, 35, ran an online Web hosting and advertising empire in Estonia called Rove Digital. From 2007 to 2011, Tsastin and six other men cooked up and executed a scheme to deploy malware that altered the domain name system (DNS) settings on infected computers (there were versions of the malware for both Mac and Windows systems).
Known as DNSChanger, the malware replaced legitimate ads in victim Web browsers with ads that rewarded Rove Digital, and hijacked referral commissions from other advertisers when victims clicked on ads. The malware also prevented infected systems from downloading software updates and visiting many security Web sites.
Following the takedown of the crime gang, the U.S. government assumed control over the DNS servers that were used by the malware, and spearheaded a global effort to clean up infected systems. U.S. authorities allege that the men made more than $14 million through click hijacking and advertisement replacement fraud.
Tsastsin and his accomplices were arrested in 2011 by Estonian authorities for their role in the scheme, but ultimately the men were acquitted. In June 2014, however, the Estonian Supreme Court revoked that decision, finding them guilty of money laundering. Tsastsin in particular was also found guilty of leading a criminal gang. All but one of the seven were later extradited to the United States, and have already pleaded guilty and/or been imprisoned.
I first encountered Tsastsin in 2008, after research and collaboration with numerous security firms and researchers led to a Washington Post series detailing how Rove Digital and its hosting business — a company called EstDomains — were hosting huge numbers of Web sites that foisted malicious software. His response at the time to assertions that he was somehow tied to Russian organized cybercrime: “Rubbish!” Continue reading →