FBI breaks up two international scareware rings

Share this article:

The FBI, with the help of international partners, has broken up two criminal rings believed to be responsible for peddling scareware, federal prosecutors announced Wednesday.

The effort, dubbed “Operation Trident Tribunal,” led to the arrest of two individuals from Latvia who allegedly used malicious advertisements to distribute scareware. As part of the operation, authorities also seized dozens of computers and servers involved in facilitating and operating the scams, including 22 in the United States and 25 in the Netherlands, Latvia, France, Germany, Sweden and the United Kingdom. 

Scareware, also known as rogue anti-virus (AV) software, pretends to be legitimate computer security software that detects a myriad of threats, but which do not actually exist on an affected system. Such programs continually display disruptive notifications until users enter their credit card number to pay for fake solutions to fix the nonexistent issues.

One of the rings was responsible for the infection of an estimated 960,000 computers, causing more than $72 million in losses to victims in a three-year period, prosecutors said. Latvian authorities seized at least five bank accounts that were used to funnel profits to the operation's leadership.

“We will continue to be aggressive and innovative in our approach to combating this international threat,” U.S. Assistant Attorney General Lanny Breuer said in a statement. “At the same time, computer users must be vigilant in educating themselves about cybersecurity and taking the appropriate steps to prevent dangerous and costly intrusions.”

Law enforcement agencies in Britain, Canada, Cyprus, France, Germany, Latvia, Lithuania, the Netherlands, Romania, Sweden and Ukraine aided in the operation, the Justice Department said.

The second racket that was disrupted resulted Tuesday in the arrests of Peteris Sahurovs, 22, and Marina Maslobojeva, 23, in Rezekne, Latvia, prosecutors said. The defendants were charged with two counts of wire fraud and one count of conspiracy to commit wire fraud and computer fraud, according to an indictment unsealed in U.S. District Court in Minnesota

The defendants allegedly posed as an advertising company whose client wanted to purchase ad space on the Minneapolis Star Tribune newspaper's website. The paper's technical staff examined the ad and found it to operate normally. After the ad began running on the site, however, the defendants changed the computer code so computers that visited startribune.com were infected with the fake anti-virus programs.

The scheme resulted in at least $2 million in losses, prosecutors said.

If convicted, the defendants face up to 30 years in prison. Each charge carries a fine of up to $250,000.

Share this article:

Sign up to our newsletters

More in News

Latest Citadel trick allows RDP access after malware's removal

Latest Citadel trick allows RDP access after malware's ...

Trusteer, an IBM company, said the new Citadel configuration was detected this month.

Cryptoblocker variant emerges, encryption differs from CryptoLocker

Trend Micro has detected a variant of CryptoLocker in the wild that relies on the advanced encryption standard.

Jimmy John's sandwich chain investigating possible breach

Some financial institutions have indicated that credit cards recently used at Jimmy John's locations have been used to make fraudulent purchases.