Estonian hacker jailed seven years for targeting computers in 100 nations

MANHATTAN (BLOOMBERG) - An Estonian man who admitted directing what the US called a massive "cybercriminal enterprise" that infected more than 4 million computers in 100 countries was sentenced to more than seven years in prison.

Vladimir Tsastsin, who was brought to the US in 2014 for trial after fighting extradition for almost three years, pleaded guilty in July to conspiring to commit computer intrusion and wire fraud conspiracy.

In addition to imposing an 87-month prison term on Tuesday (April 26), US District Judge Lewis Kaplan in Manhattan ordered Tsastsin to forfeit US$2.5 million (S$3.4 million), according to a statement by prosecutors.

Prosecutors argued that Tsastsin deserved more than eight years in prison, saying his crimes were "serious, extremely sophisticated and caused harm at numerous levels."

Probation officials recommended as long as five years, according to Tsastsin's lawyer Arkady Bukh.

Tsastsin argued for a lesser term, saying he'd cooperated with US authorities since his plea, giving investigators "specific information" about his contacts and the production and distribution of malware in Russia and Europe, including how payment transactions are processeed.

The US said Tsastsin's criminal history in Estonia includes credit card fraud, money laundering and forgery. At least 500,000 users in the US were affected by malicious software used in the scheme, including the National Aeronautics and Space Administration and other government agencies, prosecutors said.

Under the scheme, a user with an infected computer who clicked on a link for the official website of Apple-iTunes was redirected to a non-Apple website that triggered advertising payments to the hackers, according to the government. The advertisers who paid for traffic to their sites didn't know it consisted of hijacked clicks.

Another component of the scam replaced advertising on websites with the group's own ads, prosecutors said. The hackers make money from the switch while legitimate website operators and advertisers were deprived of revenue, the government said.

Tsastsin and his group made at least US$14 million, according to the US Six Estonians and a Russian were charged in the scheme. All have pleaded guilty except for one who remains a fugitive, according to prosecutors.