The United States says malicious software was used to manipulate online advertising, divert users to rogue servers and infect more than 4 million computers in more than 100 countries.

Share story

NEW YORK — The United States on Wednesday charged seven people with a “massive” computer intrusion scheme that used malicious software to manipulate online advertising, diverted users to rogue servers and infected more than 4 million computers in more than 100 countries.

One Russian and six Estonians were charged with wire fraud and conspiracy in a 27-count indictment unsealed by Manhattan U.S. Attorney Preet Bharara. The cyber-hijacking victims included at least a half-million individuals, U.S. businesses and government agencies, including the NASA, Bharara said.

Over at least four years, an information-technology company based in Estonia made millions of dollars by manipulating the Internet searches of infected computers, redirecting users to sites they never intended to visit or swapping out advertisements on Web pages, according to the indictment.

The criminal investigation started about two years ago after NASA discovered a virus on more than 100 of its computers, said Paul Martin, NASA’s inspector general. Bharara said the government “pulled the plug” Wednesday at 3 a.m. on rogue data servers the hackers used in New York, Chicago and other U.S. cities. The government is seeking forfeiture of at least $14 million.

Malicious software, also known as malware, was typically placed on computers after Internet users visited certain websites or downloaded software to view videos online, authorities said.

Users of infected computers were surreptitiously directed from legitimate websites to rogue computer servers, called “click hijacking,” thereby generating revenue for the defendants’ Internet advertising business, the United States said.

For example, a user with an infected computer might perform a Google search for “iTunes” and click on the resulting link to Apple’s iTunes, only to be sent to another site, the United States said. The malware also “hijacked” people looking for the Netflix and Internal Revenue Service sites, according to the indictment.

The indictment cited as an example an American Express ad for the Plum Card on The Wall Street Journal’s home page that was instantly replaced, when clicked, by a “Fashion Girl LA” ad.