ETV: US Case Against International Clickjacking Defendant May Be Compromised
Vladimir Tšaštšin - a former IT business wunderkind who US prosecutors allege is an international criminal mastermind - has long been a Jekyll and Hyde figure for the digital world. Although the court of public opinion has been against this former businessman of the year and he has been behind bars since 2011 in Estonia pending extradition, ETV's Pealtnägija investigative program reports that the defendant could yet stave off a conviction in the US.
News of the scheme spread like wildfire in 2012: a piece of malware called DNSChanger, made it into computers worldwide, directing browsers - unbeknownst to computer users - to sites that were monetized by the alleged crooks. The scheme netted 20 million euros and was allegedly run by Tšaštšin and his associates and family members from Tartu.
With 4 million computers worldwide affected by the spyware, including strategic US agencies such as NASA, a major operation called Ghost Click was mounted - the biggest international police investigation in Estonian history - and Tšaštšin and his fellow defendants were apprehended.
But in December, Tšaštšin was acquitted of the only charge related to the case to come to trial in Estonia - money laundering. Tšaštšin's defense team still maintains that their scheme was only a clever, innovative business idea, however unethical and sleazy it might seem, and that they did not even develop DNS Changer themselves. This month, Tšaštšin has gone on a media blitz, giving interviews in Pealinn and other publications.
A kid from Narva who made good, then broke bad
Tšaštšin, now 34, grew up in a blue-collar family in Narva. He participated in international academic tournaments but was later expelled from university.
People widely attest to his business acumen and ability to move in mainstream circles. His company, Rove Digital, was Äripäev business daily's Estonian IT company of the year in 2007, but just a few months later the firm was internationally blacklisted because it appeared to be generating large amounts of spam. Another Tšaštšin interest, EstDomains, was one of the largest domain name registrars in the world, but hosted dodgy sites ranging from gambling to porn, and came under the scrutiny of ICANN, the private sector, non-profit American corporation that oversees the Internet's global domain name system. As a result, Tšaštšin also figures on a "worst executives in the world" list that is still floating around online.
In 2008, Tšaštšin was prosecuted for a credit card scheme where fictitious refunds were made to credit cards and the money withdrawn by ATM, though he got off with time already served in the pre-trial investigation phase, and confiscations of property - a slap on the wrist.
As far as the media was concerned, Tšaštšin and his people were a bunch of crooks, but the company was a good corporate citizen, and at one point was the biggest taxpayer in the city of Tartu, contributing 15-20 million euros a year, all audited by the taxman and the Estonian Financial Intelligence Unit.
As Estonian prosecutor Piret Paukštys, who led the Ghost Click investigation, pointed out to ETV, a clean ship isn't proof of everything being all right belowdecks: "Absolutely, that doesn't rule out money laundering. It's more that they were able to integrate that criminal money into the Estonian economy."
The Pealtnägija program reported that Tšaštšin's parents were never far from their son's exploits. Vladimir's company was the innovator and sought out the opportunities, bringing in money. His mother Valentina served as "her son's accountant," by her own admission, and ran a company that issued SMS loans, while father Viktor was in real estate. (Valentina is a co-defendant in the money laundering charge that went to Harju County Court; she, like the others, was acquitted in December. The case was appealed by prosecutors.)
Wealth was flaunted: Vladimir and his wife acquired a luxury apartment in Tallinn, his parents a big mansion in Tartu.
But the Tšaštšins' undoing, according to one Estonian IT expert, Anto Veldre of the Information System Authority, was the fact that strategic US interests such as NASA were affected by the Ghost Click scheme.
NASA deals with secret projects and suddenly a large number of their computers were hijacked by a small business from a country called Estonia. "That was what made the Americans mad," Veldre told ETV.
That is the same conclusion reached by Tšaštšin in his prison cell - "the initiative came from NASA," he told Pealinn. He also adds: "Our ad revenue became a serious sum and someone didn't like that their piece of the pie got smaller."
The defense claims that DNS Changer was not a trojan or other malware, but a service and that all four million users affected consented voluntarily to it. In the defense team's arsenal of exhibits is a YouTube video made by the Finnish cyber security company F-Secure that teaches users how to uninstall DNSChanger. The program itself displays "are you sure?" type alerts and asks for consent.
"There is absolutely no fine print; on the contrary everything is explained in the licensing agreement - additional components may be installed along with the program you are installing, and various commercial solutions and ads may be displayed to you and your network settings may be changed," said Raul Otsa, Tšaštšin's lawyer, on ETV.
Jarmo Niemelä of F-Secure, one of the first to spot suspicious activity connected to Rove Digital back in 2007, argues, though, that intent counts - that Tšaštšin's camp wanted the code to stay in computers that didn't belong to them and make them vulnerable.
Veldre, regarded as a cyber libertarian, concurs, told ETV it was too brazen a hijack and went against too many basic conventions of the worldwide Internet system: "I think that many, many crimes were committed."
Despite the massive police operation and media attention, Harju County Court in Estonia found the case was slight.
Tšaštšin, in Pealinn: "The acquittal was to be expected. You could see how weak the accusation from the prosecutor actually was. It became evident to all parties during the proceedings that we weren't the ones who had developed DNSchanger [...] We had a licensing agreement, people had to agree before downloading, and so on. Interestingly, there is a civil case going on in circuit court in New York in parallel to our case - concerning the same DNSchanger. I stress - civil dispute. As I understand, it will be hard for the Estonian district court or supreme court to overturn the Harju County Court acquittal."
ETV said that Harju County Court expressed "astonishment" that first the consequence - money laundering - was brought to justice first and only then the main complaint - computer fraud in the US. Whether it was a botched job by Estonian prosecutors or not, it gives the defenders a chance to invoke double jeopardy and say Tšaštšin and his associates should not be prosecuted for an alleged crime they were acquitted of in Estonia, ETV reported.
Paukštys disagrees, telling ETV that America has a different burden of proof and the "crime will be processed and investigated in greater detail."
Paukštys has appealed the Harju County Court verdict to the appeals court, so the case continues in Estonia.