Score one for the good guys

Indictments in fraud scheme shows cyber crime can be stopped

There's been much discussion on this blog about cyber crime and how it can be thwarted. Cyber crooks bounce around different servers around the world, surreptitiously hijack computers, steal money or identities and disappear without a trace. But every once in a while, the good guys catch a break.

It happened this past week in Chicago where federal indictments were handed down against a Cinncinatti area man and two foreign nationals working abroad. The trio allegedly bilked customers in 60 countries out of about $100 million by tricking them into thinking their computers -- many likely Windows-based -- were infected with malware and getting them to buy software to protect those computers. This so called "scareware" scheme "is widely regarded as one of the fastest-growing and most prevalent types of Internet fraud," read a statement from the U.S. Attorney's Office in Chicago, which announced the indictments.

Scareware was touted as the potentially most costly Internet scam of 2010 by McAfee.

Facing charges are Bjorn Daniel Sundin, 31, of Sweden, Shaileshkumar P. Jain, 41, an American living in the Ukraine, and James Reno, 26, of Amelia, Ohio. Sundin and Jain were owners and operators of a company called Innovative Marketing (an understatement if there ever was one) that committed the alleged fraud, and Reno owns and operates a company called Byte Hosting Internet Services, which collected the ill-gotten revenue for Innovative Marketing. Sundin and Jain face 24 counts of wire fraud while Reno faces 12 counts, according to the indictments. In addition, all three were charged with one count each of conspiracy to commit computer fraud and computer fraud. The government is also seeking $100 million in restitution to the victims.

The indictments detail how the defendants, through fake advertisements placed on various legitimate companies' Web sites, deceived Internet users into falsely believing that their computers were infected, then sold them antivirus software that was largely, if not totally, useless. The trio also set up fictitious advertising buying companies to trick legitimate Web sites into selling them ad space. Unknown to the Web sites, the government explained, the Internet ads that were placed on those sites contained hidden computer code that "hijacked" the Internet browsers of individual victims, redirecting their computers without their consent to Web sites controlled by the defendants. The individual victims were then prompted with a series of error messages claiming that the user's computer was experiencing a critical error and the victim needed to purchase an IM-distributed software product to remedy the problem.

The revelation of how these alleged con artists worked serves as another reminder of a good piece of Latin advice, "caveat emptor," or "buyer beware." The Internet is full of ads that warn you "Your computer may be infected!" and they should be taken with a heavy dose of skepticism. Computer viruses are so surreptitious and such an unknown to the typical consumer, and perhaps to some enterprise users, that it's important to be aware of the potential for fraud.

If you're an enterprise user, make sure that your IT manager informs you of what brand of security software is running on your network and heed warnings only from that vendor. If you are an individual, your computer may have come installed with a particular brand of anti-virus, anti-malware software, or your computer retailer may offer you a choice of security software at the time of purchase. Pick one and keep the software up to date.

And most important of all, if you're surfing the Internet and an ad pops up warning you your computer may be infected, don't click on the ad. Instead, run a scan with the brand you already purchased.

And while an informed consumer is the best defense against online fraud, it's encouraging to hear of cases like these where the authorities can track down cyber criminals who so often operate in obscurity.

• Microsoft
• indictments
• malware
• Microsoft
• scareware