The news last month was of the bust up of the biggest cyber crime ring in history, with 4 million victims and $14 million in losses. Now the FBI is hoping a few of those victims step forward to help with the prosecution.
In a post on the FBI Web site, the agency said it is “seeking information from individuals, corporate entities and Internet Services Providers who believe that they have been victimized by malicious software …related to the defendants” in the case. Despite initial claims from law enforcement that half a million U.S. computers were infected with the DNSChanger malware used in the scam, an FBI spokeswoman said the agency was looking for victims to help with the prosecution of the Estonian-Russian hacking crew, and that she wasn’t sure that prosecutors had the names of any actual victims yet.
The agency announced in early November that they had cracked the cyber crime ring, arresting six Estonian nationals whom they allege are behind the DNSchanger malware campaigns. At the time, the agency estimated that the scheme affected some 4 million individuals worldwide, and 500,000 in the U.S. Profits from the cyber crime operation – dubbed “Ghost Click” – were estimated to be $14 million, largely from commissions for online advertisements paid to front companies owned by the conspirators. The group worked behind the scene, using the DNSChanger malicious software to redirect Internet searches to the Web sites of their customers, thereby fattening their commissions.
DNSChanger can be difficult to detect on an infected system, as it works behind the scenes to reconfigure an infected system’s Domain Name System settings to use malicious DNS servers to resolve Internet queries. DNSChanger is also a component downloaded in concert with other malware packages like the TDSS rootkit, according to research by Dell’s Secureworks division.
The FBI is working with the U.S. Attorney’s Office for the Southern District of New York, which is prosecuting the men behind the schemes. The FBI is taking on the responsibility of rounding up victims, using its Web site and other means to make Internet users aware of the scheme, including instructions for determining whether the DNSChanger malware is running on a computer and a registration form to identify yourself as a victim of the scam, said Jenny Shearer, an FBI spokeswoman. The U.S. Attorney’s Office wasn’t immediately able to comment on whether it had identified any victims of the scam and, if so, how many.
She said she wasn’t sure if any victims had yet come forward. The agency is also working “collaboratively” with ISPs to identify victims, Shearer said, though she declined to describe the nature of that cooperation.
Shearer said it wasn’t unusual for the FBI to notify potential victims of cyber crime. The Web site allowing individuals to register as Ghost Click victims can be found here.