How an international cybercriminal hijacked computers through a MN website - Bring Me The News

How an international cybercriminal hijacked computers through a MN website

Charges against Peteris Sahurovs reveal how he allegedly stole millions of dollars via a Minnesota website.
Author:
Updated:
Original:

A Latvian man is accused of sneaking malware onto people's computers through one of Minnesota's most prominent websites – getting millions of dollars in the process.

Peteris Sahurovs was in a Minneapolis courtroom Monday, seven years after authorities say he hijacked fake ads on StarTribune.com to install malicious code on PCs. That code would take over someone's computer with virus warnings, and make them pay money for a fake anti-virus software that would solve the problem.

The 28-year-old Sahurovs, and others involved in the conspiracy, raked in more than $2 million through the scheme, relying on some digital trickery to make it happen, authorities said.

How they did it

According to the indictment (which you can access here via the FBI):

On Feb. 17, 2010, Sahurovs and another suspect sent an email to the Star Tribune claiming to be an online advertising company (which doesn't actually exist) based in Miami. They said they represented Best Western Hotels (which was false), and wanted to buy ad space on StarTribune.com.

The ads started running on Feb. 19, and for the first two days it directed people to a Netherlands-based server that showed a Best Western ad image.

But on Feb. 21, Sahurovs and a cohort secretly replaced the code in the ad. From then on, it instead sent users to a server in Latvia, which bombarded their computers with malware.

The malware made a "Windows Security Alert" pop up (which was of course not from Windows), saying: the computer is infected, do a scan by clicking here, and then buy this software for $49.95 to fix it.

Anyone who didn't buy the software would see their computer taken over by pop-ups, and their files would be inaccessible.

The Star Tribune, realizing users were having slow system performance and crazy pop-ups, pulled the ads within about a day, and notified authorities.

What's happening now

Sahurovs was at one point the fifth most wanted cybercriminal in the world by the FBI. He'd been arrested in Latvia in June 2011 over this StarTribune.com scheme, but was released by courts there and fled, the FBI says.

More than five years later, November of 2016, he was arrested again. He was recently extradited to the U.S. and appeared in a federal courtroom in Minneapolis Monday. The FBI says in a summary more than 1 million people were victimized.

A spokesperson for the Star Tribune told GoMN that, since it's an ongoing legal issue, they don't have a specific comment. But they are "grateful for the dogged efforts of local and international law enforcement" that have worked on the investigation.

Sahurovs is charged with a couple counts of wire fraud, a count of conspiracy to commit wire fraud, and unauthorized access of a computer. He's also suspected of doing the same to other businesses, the FBI says in his public file.

More on 'scareware'

The type of malware Sahurovs is accused of using is a type of "scareware."

That's because it claims your computer is infected by a virus/viruses that don't actually exist. Then the scareware says it can "fix" the computer if you buy their "anti-virus" product. It's all fear-based. (It's similar in some ways to a ransomware attack, in that it holds your computer hostage – but less overt about its motives.)

The FBI suggests always making sure your computer has the latest updates, and has a legit anti-virus program you're familiar with.

The FBI's 2015 internet crime report found there were 43 malware/scareware victims in Minnesota that year, out of 3,294 total such attacks in the U.S.

Next Up

Danielle Hunter, Everson Griffen

Vikings will face Everson Griffen twice after trade to Lions

The former Vikings star was traded to Detroit for a fifth-round pick.

Jordana Green

WCCO Radio's Jordana Green diagnosed with leukemia

"I got this," Green wrote on her Facebook page.

CrispAndGreenPhoto

Minnesota-based Crisp & Green adds 20 locations in four states

The four-year-old local business says it's going national

victoria burrow pizza

Fair-inspired entertainment venue opening at Mall of America

Fair on 4 will feature axe throwing, go carts and more.

cheers-2636510_1280

Canceled: The Halloween bar crawl that no bars knew about

The dubiously organized event was planned for this weekend in Minneapolis.

covid saliva test

St. Cloud gets Minnesota's 6th COVID-19 saliva testing site

Four more sites are expected to open in the Twin Cities in the coming weeks.

burnsville center

Part of Burnsville Center is being auctioned off

More than 500,000 square feet of the mall is being auctioned off.

State Capitol

Elections 2020: Control of Minnesota's divided Legislature is up for grabs

Redistricting and responding to COVID-19 are among the issues the new legislature will have to deal with.

ambulance

Rochester woman found dead in the snow after leaving senior residence

The woman left the senior living center around 2:30 a.m. Monday.

Screen Shot 2020-10-27 at 10.43.19 AM

Investigation: Sprinklers could have saved 5 killed in Minneapolis high-rise fire

The deadly fire broke out at the Cedar-Riverside apartment block last November.

coronavirus, covid-19

Here is Minnesota's COVID-19 update for Tuesday, October 27

Hospitalizations continue to rise quickly in Minnesota.

Related

A cyber attack is holding computers around the world for ransom

One malware site says this WannaCry attack has been detected in 99 countries.

How safe from a ransomware attack are Minnesota's government computers?

WannaCry ransomware has been detected across more than 200,000 computers in 100-plus countries. So how protected is Minnesota?

Russian hacker admits to helping infect thousands of servers – including in MN

Get ready to learn about Ebury malware, and how it was used to get millions of dollars.

2 major security flaws are affecting millions of phones, computers – here's what you should do

And you probably have a device that's at risk. Here's what you should do about it.

WikiLeaks leak claims CIA can get past phone encryption, hack into Smart TVs

This leak of more than 8,000 files has not been authenticated – though it appears legitimate.

Anyone can see your personal info on this website and it's creeping people out

Anyone can search your name to find your age, address, family members, etc.

Update: Amazon says everything's fixed, the internet should be normal

It's not just you. Lots of websites and apps were having trouble today.