A Russian hacker says he helped create a collection of thousands of infected computer servers – including some in Minnesota – as part of a scheme to make millions of dollars off ad clicks.
Maxim Senakh pleaded guilty Tuesday to federal computer fraud charges, the Department of Justice announced. He'd been indicted back in January of 2015 and was arrested by Finnish authorities (something Moscow was not happy about). He was extradited to the U.S. to face charges a year later.
So what was the 41-year-old Velikii Novgorod native accused of doing?
According to the indictment against him:
Senakh and his fellow hackers (who are not named) installed malware called Ebury on servers across the U.S. It started with a sever in Minneapolis in August of 2013, then one in Duluth, before spreading further.
This Ebury malware could then steal log-in credentials for the servers – allowing hackers like Senakh to take control without anyone knowing.
One controlled server is called a bot. A network of these controlled servers or computers is called a botnet – which is why authorities referred to this as a "global botnet conspiracy."
What did they do with this botnet?
Well when someone browsing the internet was supposed to go to a website that's hosted on one of these servers, the Ebury malware would instead redirect them to an advertiser's website. So for example, some people who tried to visit myphotohome.com got pushed to an ad site.
That visit would be seen as the internet user clicking the ad, and unwitting advertisers would then pay Senakh for each of those clicks (which is a common form of legitimate advertising, referred to as "pay-per-click" – it's usually not a Russian hacker faking clicks to get more money).
Senakh and co. also sent hundreds of thousands of spam emails out, and when someone clicked on a link within the message, the Ebury-infected servers again rerouted them to one of the advertiser sites.
In all, Senakh and his group collected millions of dollars from the scheme.
Senakh's guilty plea included admitting to profiting from the scheme, and also his role "creating accounts with domain registrars" to build out the botnet. He'll be sentenced in August.
Pay-per-click fraud is listed by Sophos as one of the methods hackers use to make money through malware.
CERT-Bund, the federal computer emergency response team for Germany, says Ebury targets Linux and Unix-style operating systems (so not Windows or OSX). The group says in 2013, computers in more than 60 countries were identified as having been infected with the malware.