Operation Ghost Click, the Biggest Cyber-Bust Ever, Shuts Down Estonian Bot Ring

International raid shuts down a $14 million botnet
History's largest cyber takedown. john_a_ward via Flickr

In an international cyber sting that is being called the biggest cyber criminal takedown in history, the FBI has arrested six Estonians accused of running a botnet that controlled more than 4 million computers in 100 countries (keep in mind there are only about 200 countries in the world). But as nefarious and far-reaching as that sounds, the scheme itself brings the story to something of an anti-climax. The botnet was simply diverting browsers to sites that served up advertising and then collecting referral fees.

That’s a bit less invasive than, for instance, stealing money out of bank accounts or credit card numbers from retailers, and less threatening than infiltrating Iran’s nuclear facilities and shutting down work there. The “click-jacking” fraud did, however, net more than $14 million over four years, making it a lucrative enterprise for those involved.

The botnet worked by infecting Windows machines via malware known as DNSChanger, which allowed the perpetrators to modify browser settings and redirect Web traffic to advertising sites. They then collected buckets of cash in the form of fraudulent commissions. But when DNSChanger was detected in the NASA computer network, the Estonian IT company that served as a front for the operation found themselves at the wrong end of an FBI investigation dubbed “Operation Ghost Click.”

That was two years ago. As of today, six Estonians are in custody and facing decades in prison under U.S. indictments. One Russian suspect is still at large. U.S. security firm Trend Micro provided some intel to the FBI for Operation Ghost Click, and if you suspect DNSChanger might have infected your system the company has posted tips on diagnosing and eradicating it here.