Justice News

Department of Justice
Office of Public Affairs

Friday, December 14, 2012

Payment Processor for Scareware Cybercrime Ring Sentenced to 48 Months in Prison

WASHINGTON – A Swedish credit card payment processor was sentenced today to 48 months in prison for his role in an international cybercrime ring that netted $71 million by infecting victims’ computers with “scareware” and selling rogue antivirus software that was supposed to secure victims’ computers but was, in fact, useless, announced Assistant Attorney General Lanny A. Breuer of the Justice Department’s Criminal Division, U.S. Attorney for the Western District of Washington Jenny A. Durkan and Special Agent in Charge Laura M. Laughlin of the FBI Seattle Division.

Mikael Patrick Sallnert, 37, a citizen of Sweden, was sentenced by Chief U.S. District Judge Marsha J. Pechman in the Western District of Washington.  In addition to his prison term, Sallnert was ordered to pay $650,000 in forfeiture.

“Mikael Patrick Sallnert played an instrumental role in carrying out a massive cybercrime ring that victimized approximately 960,000 innocent victims,” said Assistant Attorney General Breuer.  “By facilitating payment processing, Sallnert allowed the cybercrime ring to collect millions of dollars from victims who were duped into believing their computers were compromised and could be fixed by the bogus software created by Sallnert’s co-conspirators.  Cybercrime poses a real threat to American consumers and businesses, and the Justice Department is committed to pursuing cybercriminals across the globe.”

 “Payment processors like this defendant are the backbone of the cybercrime underworld,” said U.S. Attorney Durkan.  “As an established businessman, this defendant put a stamp of legitimacy on cyber criminals.  He was involved in defrauding thousands of victims, and his actions contributed to insecurities in e-commerce that stifle the development of legitimate enterprises and increase the costs of e-commerce for everyone.”
“Partnerships are central to the FBI in accomplishing its mission,” said Special Agent in Charge Laughlin.  “This cyber crime ring spanned multiple countries—increasing the threat it posed and complicating the necessary law enforcement response.  Thanks to the commitment of many foreign partners and FBI entities across the nation, we were able to dismantle that threat and ensure Mr. Sallnert faced justice.  The FBI and its partners will continue to work tirelessly until we bring in the remaining perpetrators of this malicious scheme.”

Sallnert was arrested in Denmark on Jan. 19, 2012, and extradited to the United States in March 2012. He pleaded guilty on Aug. 17, 2012, to one count of conspiracy to commit wire fraud and one count of accessing a protected computer in furtherance of fraud.  

The prosecution of Sallnert is part of Operation Trident Tribunal, an ongoing, coordinated enforcement action targeting international cybercrime.  The operation targeted international cybercrime rings that caused more than $71 million in total losses to more than one million computer users through the sale of fraudulent computer security software known as “scareware.”  Scareware is malicious software that poses as legitimate computer security software and purports to detect a variety of threats on the affected computer that do not actually exist.   Users are then informed they must purchase what they are told is anti-virus software in order to repair their computers.  The users are then barraged with aggressive and disruptive notifications until they supply their credit card number and pay for the “anti-virus” product, which is, in fact, fake.

The scareware scheme used a variety of ruses to trick consumers into unknowingly infecting their computers with the malicious scareware products, including web pages featuring fake computer scans.  Once the scareware was downloaded, victims were notified that their computers were infected with a range of malicious software, such as viruses and Trojans and badgered into purchasing the fake antivirus software to resolve the non-existent problem at a cost of up to $129.  An estimated 960,000 users were victimized by this scareware scheme, leading to $71 million in actual losses. 

According to Sallnert’s plea agreement, he agreed to establish and operate credit card payment processing services for the scareware ring, knowing that his co-conspirators were intentionally causing fake and fraudulent messages to display on victims’ computers that would fraudulently induce the victims into purchasing the rogue security software.  According to court documents, between approximately August 2008 and October 2009, the payment processing mechanisms established by Sallnert processed approximately $5 million in credit card payments on behalf of the scheme.

This case is being investigated by the FBI Seattle Division Cyber Task Force and other FBI entities.  The case is being prosecuted by Trial Attorneys Carol Sipperly and Ethan Arenson of the Criminal Division’s Computer Crime and Intellectual Property Section and Assistant U.S. Attorneys Norman Barbosa and Kathryn Warma of the Western District of Washington.  Substantial assistance was provided by the Criminal Division’s Office of International Affairs. 

Critical assistance in the prosecution was provided by the Security Service of Ukraine, German Federal Criminal Police, Netherlands National High-Tech Crime Unit, London Metropolitan Police, Latvian State Police, Lithuanian Criminal Police Bureau,  Swedish National Police Cyber Unit, French Police Judiciare, Royal Canadian Mounted Police, Romania’s Directorate for Combating Organized Crime, Cyprus National Police in cooperation with the Unit for Combating Money Laundering and the Danish National Police.

To avoid falling victim to a scareware scheme, computer users should avoid purchasing computer security products that use unsolicited “free computer scans” to sell their products.  It is also important for users to protect their computers by maintaining an updated operating system and using legitimate, up-to-date antivirus software, which can detect and remove fraudulent scareware products.

Additional tips on how to spot a scareware scam include:

• Scareware advertising is difficult to dismiss.  Scareware purveyors employ aggressive techniques and badger users with pop-up messages into purchasing their products.  These fake alerts are often difficult to close and quickly reappear.

• Fake anti-virus products are designed to appear legitimate and can use names such as Virus Shield, Antivirus or VirusRemover.  Only install software from trusted sources that you seek out.  Internet service providers often make name-brand anti-virus products available to their customers for free.

• Become familiar with the brand, look and functionality of the legitimate anti-virus software that is installed on your computer. This will assist you in identifying scareware.

Computer users who think they have been victimized by scareware should file a complaint with the FBI’s Internet Crime Complaint Center, www.ic3.gov.

Press Release Number: 
Updated September 15, 2014