NEW YORK – They took a byte of crime.
A crew of Internet bandits devised an international scheme to hijack more than 4 million computers worldwide so websurfers visiting Netflix, IRS.gov and other popular websites would be rerouted to sites that generated at least $14 million in fraudulent profits, an indictment unsealed in New York alleged Wednesday.
The indictment says 500,000 computers in the United States were infected, including some used by educational institutions, nonprofits and government agencies like NASA. Six Estonians were in custody in that country, and extradition was being sought, authorities said. One Russian remained at large.
“The defendants hijacked four million computers in a hundred countries, including half a million computers in the United States, rerouting Internet traffic and generating $14 million in illegitimate income," assistant director in charge Janice K. Fedarcyk said.
The defendants "engaged in a massive and sophisticated scheme that infected at least 4 million computers located in over 100 countries with malicious software or malware," the indictment said. "Without the computer users' knowledge or permission, the malware digitally hijacked the infected computers to facilitate the fraud."
Searches done on infected computers would be redirected to websites set up by the defendants to generate payments any time a user clicked on an advertisement, the indictment said. The doctored websites mimicked legitimate sites for Netflix, the IRS, ESPN, Amazon and others, it added.
The indictment estimated the defendants "reaped least $14 million in ill-gotten gains."
"The Internet is pervasive because it is such a useful tool, but it is a tool that can be exploited by those with bad intentions and a little know-how,” Fedarcyk said.
The Associated Press contributed to this report.