An Eastern European gang is alleged to have hijacked at least four million computers in over 100 countries, according to US authorities.
One Russian and six Estonians have been charged with wire fraud and conspiracy in a 27-count indictment unsealed this week by Manhattan US attorney Preet Bharara. The US is expected to seek the extradition of the suspects from Estonia.
The cyber-hijacking victims included at least a half million individuals, businesses in the US and government agencies, including the National Aeronautics and Space Administration (Nasa), Mr Bharara said.
Over at least four years, an information technology company based in Estonia made millions of dollars by manipulating the Internet searches of infected computers, redirecting users to sites they never intended to visit or swapping out advertisements on web pages, according to the indictment.
"We believe this criminal case is the first of its kind and arises from a cyber infrastructure of the first order," Mr Bharara said. "The defendants were cyber-bandits who hijacked those computers at will, controlling and masquerading as legitimate Internet websites."
The criminal investigation started about two years ago after Nasa discovered a virus on more than 100 of its computers, said Paul Martin, Nasa's inspector general. Mr Bharara said the government "pulled the plug" on Tuesday this week at 3am on rogue data servers the hackers used in New York, Chicago and other US cities.
The government is seeking forfeiture of at least $14 million allegedly generated by the scheme.
Malicious software, also known as malware, was typically placed on computers after Internet users visited certain websites or downloaded software to view videos online.
Users of infected computers were surreptitiously directed from legitimate websites to rogue computer servers, called "click hijacking," thereby generating revenue for the defendants' multibillion dollar Internet advertising business, it is alleged.
For example, a user with an infected computer might perform a Google search for "iTunes" and click on the resulting link to Apple Inc.'s iTunes, only to be sent to another site.
The malware also "hijacked" people looking for the Netflix Inc. and Internal Revenue Service sites, according to the indictment.
In another scheme that used what prosecutors called rogue domain name server malware, the hackers allegedly replaced legitimate Internet ads with substitutes that triggered millions of dollars of advertising payments for themselves.
They made money after a user was diverted to another ad and clicked on it, authorities said. The indictment cited as an example an American Express ad for the Plum Card on the Wall Street Journal's home page that was instantly replaced, when users clicked on it, by an ad for "Fashion Girl LA."
The malware was designed to thwart detection and prevent the installation of anti-virus software updates, prosecutors said.
This left the victims' infected computers vulnerable to further intrusions and to theft of personal and financial information stored there.
The defendants include a Russian national residing in his home country, while the others charged today are residents of Estonia, Mr Bharara said. He said the US will seek extradition of the six people arrested in Estonia.
The Russian national remains at large, he said.
FBI officials said that they participated in the arrests and execution of search warrants in Estonia at that government's request. Estonia has agreed to extradite cyber criminals to the US on two previous occasions, the FBI said.
The most serious charges in the indictment, wire fraud and money laundering, carry a maximum penalty of 30 years in prison.
Bloomberg