The ringleader of a massive click-fraud scheme, known as “Operation Ghost Click,” has pleaded guilty to wire fraud and computer intrusion charges.
Estonian national Vladimir Tsastsin, who admitted to his crimes on Wednesday in the US in a Manhattan federal court, helped further an international campaign that infected at least four million computers in 100 countries with DNSChanger malware, a threat that rerouted traffic on compromised machines to websites and online advertisements of the attackers' choosing to carry out clickjacking. An FBI press release, said that, between 2007 and October 2011, Tsastsin and six other defendants – Timur Gerassimenko, Dmitri Jegorov, Valeri Aleksejev, Konstantin Poltev, Andrey Taame, and Anton Ivanov – “controlled and operated various companies that masqueraded as legitimate publisher networks in the internet advertising industry.”
After a two-year investigation, the FBI, along with Estonian police, helped take down the racket in November 2011, when six members of the group were arrested and charged, and command-and-control servers for the operation were pulled offline.
“The defendants fraudulently increased the traffic to the websites and advertisements that would earn them money and made it appear to advertisers that the internet traffic came from legitimate clicks and ad displays on the defendants' Publisher Networks when, in actuality, it had not,” the FBI release said. The men used DNSChanger malware and rogue DNS servers to carry out their schemes, the agency explained.
In December 2013, Tsastsin, 35, was one of four defendants acquitted of their charges by an Estonian court, but in 2014, he was extradited to the US and indicted. Federal prosecutors estimate that Operation Ghost Click members and co-conspirators raked in at least £9 million through their click-fraud schemes.
Tsastsin faces up to 25 years in prison for both charges – one count of conspiracy to commit wire fraud and one count of conspiracy to commit computer intrusion. He is scheduled to be sentenced on 14 October 2015.