FBI busts 'scareware' ring that stole $74M

The FBI has arrested two members of a criminal organization suspected of running an international “scareware” operation that stole a total of more than $74 million from about 1 million computer users over the last three years. The scam consisted of infecting users’ computers and then selling them a phony fix, the FBI said.

The arrests resulted from Operation Trident Tribunal, an ongoing cybercrime investigation involving the FBI and international law enforcement, the FBI announced in a release.

Two Latvians — Peteris Sahurovs, 22, and Marina Maslobojeva, 23 — were arrested in Latvia on charges filed in the federal District of Minnesota, which is one of the locations where the group allegedly operated during its three years in business.

More than 40 computers, servers and bank accounts were seized in the United States and Latvia, the FBI said.

In Minnesota, the defendants posed as representatives of an advertising agency and placed an ad for a hotel chain on the Minneapolis Star Tribune’s website, the FBI said.

The Star Tribune’s tech staff tested the ad and found nothing wrong with it, but after it began running, the group allegedly changed the code in the ad to infect the computer of anyone who clicked on it. The scareware froze users’ computers and then sent a series of pop-up ads offering antivirus software to fix the problem, for $129.

The antivirus software was fake, the FBI said, but if people paid up, the group would unfreeze their computers, although malicious software remained. Users who didn’t buy the “fix” found their data and filed to be inaccessible, according to the FBI.

The defendants, charged with wire fraud, conspiracy and computer fraud, face up to 20 years in prison and fines of up to $250,000 on the wire fraud and conspiracy charges, and up to 10 years and $250,000 on the computer fraud charge.

The FBI said the arrests were the first by the Operation Trident Tribunal, an ongoing international effort that includes law enforcement teams from the bureau, Justice Department, U.S. Attorney’s office and investigators from Cyprus, Germany,  Latvia,  Ukraine, Lithuania, the Netherlands, Sweden, Romania, Canada and Great Britain.


About the Author

Kevin McCaney is a former editor of Defense Systems and GCN.

inside gcn

  • Google Map of free sandbags in Los Angeles

    When simple is best: Google Maps for disaster prep

Reader Comments

Thu, Jun 30, 2011 ron

let's see 74 million minus half a million equals 73.5 million. 20 years behind bars with 20 years interest. They make out after prision with so much money i can't even calculate it but let's be clear it's so much more than the 74 million they start with. An honest wage of $60,000 per year times 20 years is 1.2 million dollars. Wow, go to prision, free food, housing, gym, cable tv, clothing and whatever else. These guys come out richer than they went in big time. So what's 20 years. I say reverse all charges ever made then fine and put them in prison and make the software fix a free download that works, a lifetime ban on any computer and computer-like devices. I believe in the biblical idea about repaying 7 times what you stole. Now there's a deterent to stealing.

Fri, Jun 24, 2011 Dr. Gene Nelson Arlington, Virginia USA

I believe that this story is just the "tip of the iceberg." I was hit by this "scareware" just by visiting the websites of a prominent New York, NY and London, UK websites. Keep your antivirus and antimalware software current and be sure to apply the current updates to your operating system software. I posted some remediation steps at the McAfee Community website. The problem is that this "scareware" is not stopped by most antivirus products - and it apparently opens ports to bring additional malware and viruses to an infected computer. See: https://community.mcafee.com/message/193889

Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

Please type the letters/numbers you see above

More from 1105 Public Sector Media Group