When Hackers Attack

NASA and FBI Charge Seven Europeans for Clickjacking Users Who Were Trying to Get to iTunes and Netflix

clickjacking NASA and FBI Charge Seven Europeans for Clickjacking Users Who Were Trying to Get to iTunes and Netflix

Jackin' ur clickz.

When NASA’s computers get infected, government officials don’t mess around.

In a 62-page indictment unsealed in the Southern District of New York today, a number of parties, including Preet Bharara’s office, the New York office of the FBI, and NASA’s Inspector General brought charges against six Estonian nationals and one Russian national for a “massive and sophisticated” Internet fraud scheme.

The clickjackers infected 4 million computers in more than 100 countries with malware, including at least 500,00 computers in the U.S. that belonged to NASA, educational institutions, businesses and non-profits.

The scheme, which included a fake advertising agency, altered settings on infected computers by letting the accused “digitally hijack” Internet searches and re-route them to certain websites and ads.  The indictment also says the men used the DNS Changer Malware and rogue DNS servers to replace legitimate ads on websites and got paid for it.

The defendants allegedly made $14 million on the scam, which began in 2007.

The indictment is full of juicy details of the scam, which involved searches for iTunes, Netflix, and the IRS and fraudulent ads on the Wall Street Journal, Amazon.com and ESPN.com. For example:

When the user of an infected computer visited the ESPN website, a prominent
advertisement for “Dr. Pepper Ten” had been fraudulently replaced with an ad for
a timeshare business.

Or:

When the user of an infected computer clicked on the domain name link for the
official government website of the Internal Revenue Service, the user was instead
taken to the website for H&R Block, a major tax preparation business.

The six Estonians were taken into custody yesterday, but the Russian national is still at large. In addition to the arrest, the U.S. seized computers, froze financial accounts, and disabled dozens of  “rogue DNS servers” in New York and Chicago.

Mr. Bharara, the Manhattan U.S. Attorney who never fails to pepper his indictments with amusing admonitions,  said: “These defendants gave new meaning to the term, ‘false advertising.’” Badum-bump.

Follow Nitasha Tiku on Twitter or via RSS. ntiku@observer.com