As cyber crimes go international, so must enforcement agencies

FBI, Estonian and Dutch police, NASA, and more bust major click fraud plot -- and offer blueprint for future investigations

A massive investigation by the FBI, international law enforcement agencies, private industry, and nongovernment organizations has led to the charging of seven Estonian and Russian citizens for a widespread click fraud scheme that had infected more than 4 million computers and netted the group more than $14 million, the FBI said on Wednesday.

Using malware known as DNSChanger, the group allegedly altered the domain name servers on infected machines, essentially redirecting requests for website addresses through a network of criminal-controlled servers for four years. The group used the malware and servers to create false advertising clicks to businesses that paid affiliate fees, defrauding the firms. The Estonian police arrested the six Estonian nationals on Tuesday, while the sole Russian suspect remained at large.

A list of the organizations involved in the investigation, dubbed Operation Ghost Click, underscores the level of cooperation needed to prosecute cyber criminals: the FBI, the Estonian Police and Border Guard, the Dutch National Police, the NASA Office of the Inspector General, and private companies and universities such as Georgia Tech University, the Internet Systems Consortium, Mandiant, and Team Cymru.

"In this context, international law enforcement cooperation and strong public-private partnerships are absolute necessities," Janice K. Fedarcyk, assistant director-in-charge for the FBI, said in a statement.

The cross-sector cooperation even went as far as the remediation effort. The takedown of the control servers for the fraudulent DNS network would have likely resulted in the infected computers being cut off from the Internet until a knowledgeable person reset the compromised computer's lists of DNS hosts, the FBI has stated. In this case, the rogue DNS servers were replaced by legitimate units run by the Internet Systems Consortium, the nonprofit company that develops the widely used BIND domain name system software.

Such cooperation will be an absolute necessity in the future to deal with cyber crime, which almost always includes an international component. The criminal complaint alleges that the group laundered its proceeds from the advertising fraud through numerous companies. The group operated under the guise of a legitimate firm known as Rove Digital, based in Estonia.

Operation Ghost Click has only scratched the surface of cyber crime, says Matt Huang, chief operations officer of Web security firm Armorize.

"These are still tip of the iceberg," Huang says, stressing the need for more cooperation. "It takes a lot of effort to investigate and end up with a company name."

This article, "As cyber crimes go international, so must enforcement agencies," was originally published at Get the first word on what the important tech news really means with the InfoWorld Tech Watch blog. For the latest business technology news, follow on Twitter.

Copyright © 2011 IDG Communications, Inc.

How to choose a low-code development platform