Estonian court approves extradition of six persons to US for cybercrime

21.02.2012, 12:15

Harju County Court ruled last week that Estonia can extradite four persons to US for cybercrimes committed against computers in US. Earlier, the court had made a similar decision for two other persons.

The final decision on the extradition will be made by the Estonian government after the court ruling has entered into force.

Vladimir Tshastshin, the leader of the group, was arrested in Estonia in November as part of the Ghost Click operations involving FBI and Estonian law enforcement agencies.

Tshastshin is suspected to have created computer virus DNS-Change and affected up to a million of computers worldwide.

He is believed to have earned millions of US dollars after infected computers directed users to the websites from which Tshastshin was earning advertising income.

The FBI has set March 8 as the deadline for private and government internet servers to have the maleware called the DNSChanger Trojan out of their systems. Following the arrest of six men from Estonia back in November the FBI began installing its own servers to replace infected ones. But the rogue servers had, by the time of the arrests, already infected nearly half the Fortune 500 companies and at least 26 U.S. government agencies.

Among the major sites affected Netflix, Amazon, and even the IRS. Since November, the FBI has encouraged companies and agencies infected to remove the maleware before the deadline set as March 8, 2012.
FBI started warning people last November when it shut down a long-standing Estonian web traffic hijacking operation that controlled people's computers using a family of DNSChanger viruses. The malware works by replacing the DNS (Domain Name System) servers defined on a victim's computer with fraudulent servers operated by the criminals. As a result, visitors are unknowingly redirected to websites that distributed fraudulent software or displayed ads that put money into the bad guys' pockets.
But clearly the process of removing this malware is expensive and time consuming, and the risk of losing customer information is a challenge. The rogue DNS addresses have found their way into an estimated 40million computers and "many people will be cut off from internet access on March 8," reports the security news site, KrebsonSecurity. The reason people will be shut out of the internet is because the replacement servers put in place by the FBI will be turned off and those computers expecting to access the internet through them will be the only users affected. While entire companies may lose access and think the whole internet is off line, the internet itself will not be shut down, only the servers loaned out by the FBI.
For those who think they can tackle the task of checking their own computers or their local networks, there is a web site of the industry and law enforcement group DNSChanger Working Group (DCWG) where people can follow the instructions to check whether their systems are infected.