Top 'Cyber Bandit' Snared in Operation Ghost Click

Photo: Postimees/Scanpix
11/10/2011 12:27 PM

The former head of an Estonian domain registrar shut down in 2008 by ICANN has resurfaced as the accused ringleader of an international click hijacking fraud scheme.

Authorities ranging from the Estonian police and border guard to NASA collaborated with the FBI in Operation Ghost Click, which resulted in the November 8 arrests of six individuals in Estonia on charges of "click hijacking fraud." One person remains at large in Russia.

The alleged mastermind was Vladimir Tshashtshin, who has a past conviction for online credit card fraud. In 2008, his checkered past resulted in ICANN reviewing his role as head of EstDomains, one of the world's largest domain name registrars. It later had EstDomains, which had a reputation of hosting shady sites, shut down. 

According to the Ghost Click indictment unsealed in New York on November 9, Tshashtshin wrote and distributed malware and concealed ill-gotten gains from 2007 to the present.

The particular program redirected browsers to the malware administrator's own sites. As a result, ads intended to be displayed on sites visited by the computer user were switched with other ads, said Public Prosecutor's Office spokesperson Kadri Tammai.

Links in search results were also changed to lead computer users to other sites, where the accused individuals allegedly monetized the hits.

A total of at least 4 million computers in 100 countries were infected, including the US air and space agency NASA's computers.

Public prosecutor Piret Paukshtys said transactions totaling 21.5 million US dollars were conducted to conceal the illegal origin of the money.

The US is seeking the extradition of the individuals. AFP reported that they face five counts each of computer intrusion and wire fraud, which can draw five to 30 years in prison, and Tshashtshin faces 22 additional counts of money laundering.


Kristopher Rikken

See also