ESTONIA IS one of Europe’s most wired countries. Among other things, it produced the programmers behind Skype. But the tiny Baltic state also has some major players in cybercrime.
Earlier this week, six Estonian nationals were arrested and charged with running a sophisticated internet fraud ring that infected more than four million computers in over 100 countries.
Unknown to their owners, those computers had been infected with a virus which enabled the gang to manipulate internet adverts, making “at least $14 million” in the process, the FBI said.
The gang was also able to direct those users’ computers away from legitimate websites to rogue servers under their control. Moreover, the malicious software prevented users’ antivirus and operating system from updating.
The arrests were the result of a complex effort, dubbed Operation Ghost Click, which involved the FBI working with Estonian law enforcement, the Dutch high-tech crime unit, various industry groups and cyber security experts.
The antivirus software provider Trend Micro called it “the biggest cybercriminal takedown in history”. It was one of the industry partners involved in providing intelligence to law enforcement agencies and some of its work was co-ordinated from the company’s European headquarters in Cork. Robert McArdle, of Trend Micro’s advanced threat research team, said some Irish computer users had been “definitely infected”.
He said the difference with this investigation was that previous efforts had focused on shutting down the technical infrastructure running these scams. However, this meant criminals could quickly start again on new servers.
Operation Ghost Click was two years in the making due to the high levels of co-ordination and secrecy needed to ensure both the servers – some located in data centres in New York – and the alleged perpetrators in Estonia would be taken down at the same time.
Mr McArdle, who researches cybercrime and lectures on malicious software analysis at Cork Institute of Technology, said the success of Operation Ghost Click would probably disrupt other cybercrime networks because many criminals rely on each other for different areas of expertise.
“Taking a big gang out like that makes a big difference and has a knock-on effect on the whole underground,” he said.
This isn’t the first time Estonia has made headlines in cyber security. In May 2007, much of its infrastructure was affected by a cyber attack – blamed on Russia – which disabled Estonian government, news, banking and communications websites for up to three weeks.