Latvian National Pleads Guilty To “Scareware” Hacking Scheme That Targeted Minneapolis Star Tribune Website
A Latvian man pleaded guilty yesterday for participating in a lucrative “scareware” hacking scheme that targeted visitors to the Minneapolis Star Tribune’s website. Acting Assistant Attorney General John P. Cronan of the Department of Justice’s Criminal Division; United States Attorney Gregory G. Brooker of the District of Minnesota; and Special Agent in Charge Richard T. Thornton of the Federal Bureau of Investigation-Minneapolis Field Office made the announcement.
“With this guilty plea, Mr. Sahurovs has taken responsibility for perpetrating a malicious cyber-fraud scheme on visitors of the Minneapolis Star Tribune website,” said U.S. Attorney Greg Brooker. “This Office along with our partners at the FBI are committed to pursuing and prosecuting cyber criminals who use sophisticated schemes such as this to victimize internet users.”
Richard Thornton, Special Agent in Charge at the FBI's Minneapolis Division, added that, “this particular scheme was dangerous on several levels, especially the use of a website belonging to a media institution. In this case, there were thousands of victims who lost millions of dollars, but the use of the media internet site is concerning because it has the potential to undermine the public's access to information, a pillar of American democracy. The FBI is committed to identifying these and other cyber criminals, and, with the help of our domestic and foreign partners, will work tirelessly to catch them no matter where they hide.”
PETERIS SAHUROVS aka “Piotrek” aka “Sagade,” pleaded guilty to one count of conspiracy to commit wire fraud before District Judge Ann D. Montgomery of the District of Minnesota. SAHUROVS was arrested on a District of Minnesota indictment in Latvia in June of 2011, but was released by a Latvian court and later fled. In November of 2016, SAHUROVS was located in Poland and apprehended by Polish law enforcement and extradited to the United States in June of 2017. SAHUROVS was at one time the FBI’s fifth most wanted cybercriminal and a reward of up to $50,000 had been offered for information leading to his arrest and conviction. He will be sentenced on June 6.
According to admissions made in connection with his plea, from at least May 2009 to June 2011, SAHUROVS operated a “bullet-proof” web hosting service in Latvia, through which he leased server space to customers seeking to carry out criminal schemes without being identified or taken offline. The defendant knew that his customers were using his servers to perpetrate criminal schemes, including the transmission of malware, fake anti-virus software, spam, and botnets to unwitting victims, and he received notices from internet governance entities (such as Spamhaus) that his servers were hosting malicious activity. Nonetheless, he was familiar with these criminal schemes, took steps to protect them from being discovered or disrupted, and hosted them on his servers for financial gain.
SAHUROVS admitted that from in or about February 2010 to in or about September 2010, he registered domain names, provided bullet-proof hosting services, and gave technical support to a “scareware” scheme targeting visitors to the Minneapolis Star Tribune’s website. On February 19, 2010, the Minneapolis Star Tribune began hosting an online advertisement, purporting to be for Best Western hotels, on its website, startribune.com. Two days later, however, the advertisement began causing the computers of visitors to the website to be infected with malware. This malware, also known as “scareware,” caused visitors to experience slow system performance, unwanted pop-ups and total system failure. Website visitors also received a fake “Windows Security Alert” pop-up informing them that their computer had been infected with a virus and another pop-up that falsely represented that they needed to purchase the “Antivirus Soft” computer program to fix their security issues, at a price of $49.95.
Website visitors who clicked the “Antivirus Soft” window were presented with an online order form to purchase a purported security program called “Antivirus Soft.” Users who purchased “Antivirus Soft” would receive a file download that “unfroze” their computers and stopped the pop-ups and security notifications. However, the defendant admitted, the file was not a real anti-virus product and did not perform legitimate computer security functions, and merely caused malware that members of the conspiracy had previously installed to cease operating. Meanwhile, the defendant admitted, victim users who did not choose to purchase “Antivirus Soft” became immediately inundated with so many pop-ups containing fraudulent “security alerts,” that all information, data, and files on their computers were rendered inaccessible. Members of the conspiracy defrauded victims out of substantial amounts of money as a result of the scheme. The defendant admitted that as a result of his participation, he made between 150,000 and 250,000 U.S. dollars.
This case was investigated by the FBI’s Minneapolis Field Office.
The Criminal Division’s Office of International Affairs, as well as the Polish National Police, the National Prosecutor’s Office, and the Ministry of Justice provided substantial assistance. Assistant U.S. Attorney Timothy C. Rank of the District of Minnesota and Trial Attorney Aaron R. Cooper of the Criminal Division’s Computer Crime and Intellectual Property Section are prosecuting the case. The Department’s Office of International Affairs also provided substantial assistance in this matter.
PETERIS SAHUROVS, 28
- Conspiracy to commit wire fraud, 1 count
Additional news available on our website.
United States Attorney’s Office, District of Minnesota: (612) 664-5600