Threat Management, Malware

Estonian man sentenced to 87 months for perpetrating click-fraud scheme

A Manhattan federal court judge sentenced Estonian Vladimir Tsastsin to 87 months in prison for his role in perpetrating an internet fraud scheme that infected more than four million computers in more than 100 countries with malware that allow the conspirators to hijack and redirect victims' searches to websites and ads on their Publisher Networks, according to the Justice Department.

“By falsely collecting advertising fees for every ‘click' their victims made, Tsastsin and his co-conspirators collected over $14 million,” Preet Bharara, U.S. Attorney for the Southern District of New York, said in a release.

A Federal Bureau of Investigation (FBI) press release, said between 2007 and October 2011, Tsastsin and six other defendants – Timur Gerassimenko, Dmitri Jegorov, Valeri Aleksejev, Konstantin Poltev, Andrey Taame, and Anton Ivanov – “controlled and operated various companies that masqueraded as legitimate publisher networks in the Internet advertising industry.”

They “fraudulently increased the traffic to the websites and advertisements that would earn them money and made it appear to advertisers that the Internet traffic came from legitimate clicks and ad displays on the defendants' Publisher Networks when, in actuality, it had not,” FBI said.

The DNSChanger malware distributed by Tsastsin and his cohorts also prevented victims from installing antivirus software or updating their operating systems. After a two-year investigation, the FBI, along with Estonian police, helped take down the racket, known as “Operation Ghost Click,” in November 2011, when six members of the group were arrested and charged, and command-and-control servers for the operation were pulled offline.

In December 2013, Tsastsin, 35, was one of four defendants acquitted of their charges by an Estonian court, but in 2014, he was extradited to the U.S. and indicted. Tsastsin pleaded guilty in July to a single count of conspiracy to commit computer intrusion as well as one count of conspiracy to commit wire fraud. 

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.