FBI breaks up two international scareware rings

Share this article:

The FBI, with the help of international partners, has broken up two criminal rings believed to be responsible for peddling scareware, federal prosecutors announced Wednesday.

The effort, dubbed “Operation Trident Tribunal,” led to the arrest of two individuals from Latvia who allegedly used malicious advertisements to distribute scareware. As part of the operation, authorities also seized dozens of computers and servers involved in facilitating and operating the scams, including 22 in the United States and 25 in the Netherlands, Latvia, France, Germany, Sweden and the United Kingdom. 

Scareware, also known as rogue anti-virus (AV) software, pretends to be legitimate computer security software that detects a myriad of threats, but which do not actually exist on an affected system. Such programs continually display disruptive notifications until users enter their credit card number to pay for fake solutions to fix the nonexistent issues.

One of the rings was responsible for the infection of an estimated 960,000 computers, causing more than $72 million in losses to victims in a three-year period, prosecutors said. Latvian authorities seized at least five bank accounts that were used to funnel profits to the operation's leadership.

“We will continue to be aggressive and innovative in our approach to combating this international threat,” U.S. Assistant Attorney General Lanny Breuer said in a statement. “At the same time, computer users must be vigilant in educating themselves about cybersecurity and taking the appropriate steps to prevent dangerous and costly intrusions.”

Law enforcement agencies in Britain, Canada, Cyprus, France, Germany, Latvia, Lithuania, the Netherlands, Romania, Sweden and Ukraine aided in the operation, the Justice Department said.

The second racket that was disrupted resulted Tuesday in the arrests of Peteris Sahurovs, 22, and Marina Maslobojeva, 23, in Rezekne, Latvia, prosecutors said. The defendants were charged with two counts of wire fraud and one count of conspiracy to commit wire fraud and computer fraud, according to an indictment unsealed in U.S. District Court in Minnesota

The defendants allegedly posed as an advertising company whose client wanted to purchase ad space on the Minneapolis Star Tribune newspaper's website. The paper's technical staff examined the ad and found it to operate normally. After the ad began running on the site, however, the defendants changed the computer code so computers that visited startribune.com were infected with the fake anti-virus programs.

The scheme resulted in at least $2 million in losses, prosecutors said.

If convicted, the defendants face up to 30 years in prison. Each charge carries a fine of up to $250,000.

Share this article:
You must be a registered member of SC Magazine to post a comment.

Sign up to our newsletters

More in News

Researchers observe more than a hundred connections to 'Backoff' sinkhole

Researchers with Kaspersky Lab were able to sinkhole two command-and-control servers used by certain Backoff point-of-sale malware samples.

Judge lifts stay but Microsoft won't hand over emails during appeal

A judge has lifted a suspension of a previous order compelling Microsoft to hand over customer emails stored on a server in Ireland.

Home Depot investigates possible payment card breach

Home Depot investigates possible payment card breach

Home Depot said on Tuesday that it is working with its banking partners and law enforcement to investigate a possible data breach.