Hacker in $14M click-fraud scam pleads guilty

Share this article:

An Estonian man charged with participating in a click-fraud campaign that infected at least four million computers in 100 countries with malware pleaded guilty to fraud and computer charges.

Last Friday, Valeri Aleksejev, 32, pleaded guilty in a Manhattan U.S. District Court to conspiracy to commit computer intrusion and conspiracy to commit wire fraud for his part in a scam, dubbed Operation Ghost Click, which impacted around 500,000 computers in the United States, including computers belonging to NASA and other government agencies, educational institutions, nonprofits, commercial businesses and individuals.

Aleksejev was one of six Estonians and one Russian to be arrested in 2011 for the scheme that included infecting computers with DNSChanger malware, which reroutes traffic on compromised machines to websites and online advertisements of the attackers' choosing – a hacker method known as clickjacking. The scam redirect users from highly visited sites, like the Wall Street Journal, iTunes and Netflix, earning the charged men at least $14 million in fraudulent commissions unknowingly paid for by legitimate advertisers.

According to Reuters, Aleksejev told the U.S. District Court judge last Friday that he assisted in “blocking anti-virus software updates on infected computers.” He could face up to 25 years in prison for his crimes and be forced to pay $7 million for his part in the operation. He is tentatively set to be sentenced on May 31.

Share this article:

Sign up to our newsletters

More in News

New backdoor 'Baccamun' spreads through ActiveX exploit

Symantec researchers revealed that the backdoor is dropped after attackers exploit a Windows ActiveX vulnerability.

Outdated browsers put U.K. users at risk of malware

A blog post on Check and Secure website said 70 percent of U.K. users haven't fully updated their internet browsers

Survey: 53 percent change privileged logins quarterly

A Lieberman Software survey highlights the issue or poor password management, even among security pros.