Star Tribune, Minnesota’s Largest Newspaper, Targeted In International ‘Scareware’ Cyberattack; 2 Suspects Arrested In Latvia; Bogus Ad Agency Purportedly Based In Miami Allegedly Used To Dupe Famous American Publishing Company

EDITOR’S NOTE: This is one of those stories that can cause people to scream. The U.S. publishing industry has been deeply affected by the Internet. Print advertisers — the people who pay the bills — now can communicate directly and immediately with readers, a development that is sucking the life out of traditional print publishers. Publishers large and small are seeking ways to monetize electronic versions of print publications because that’s what much of the audience prefers.

But switching in whole or in part to electronic publications has exposed the industry to a whole new set of problems, including wanton theft of entire editorial wells, theft of other intellectual property and trademark infringement. The story below details another new threat: the targeting of a famous journalism brand to drive traffic to an electronic fraud scheme.

In 2009, the PP Blog suspended publication of a companion Blog on Ponzi schemes and securities fraud because of the theft of its entire editorial well. Earlier this year, the Blog suspended the publication of ads provided by Google because of chronic harassment directed at the Blog and some of its readers by a cyberstalker on YouTube. The PP Blog also has experienced sustained DDoS attacks, threats of “war” and threats believed to have originated with people sympathetic to online criminals.

On April 6, the PP Blog reported such an incident to a federal law-enforcement agency.

One of the most prominent publishing companies in America’s heartland was duped in a scheme  in which international criminals fabricated an “advertising agency” purportedly based in Miami and placed an ad by posing as media buyers for a major hotel chain, federal prosecutors said.

When the Star Tribune newspaper tested the ad, the criminals initially covered their tracks by causing the ad to appear to be a normal ad for the Best Western hotel chain, the purported client of the purported advertising agency.

Within two days of the Feb. 19, 2010, placement of the “ad,” however, Star Tribune readers interested in what they believed was a Best Western offering were subjected to a browser hijack in the Netherlands and Latvia that caused their computers to freeze and display pop-up messages for a purported “antivirus” software product.

Such “scareware” attacks have been responsible for tens of millions of dollars in losses globally by duping computer-users into believing their machines have been infected with a virus or malware and making purchases of software to eliminate the problem.

After the Star Tribune realized it had been duped, the newspaper pulled all of its online ads, isolated the problem, contacted law enforcement “immediately” and let its readers know about the infected ad.

Federal prosecutors now say “RevolTech Marketing,” the purported  “advertising agency” in Miami, was bogus. The ad allegedly was placed by a media buyer who identified herself as “Lisa Polowski.”

Moreover, Best Western “had not retained RevolTech to place online advertisments on its behalf,” according to prosecutors. They added that losses from the scam targeted at the Star Tribune and its readers totaled “at least” $2 million.

Two people — Peteris Sahurovs, 22, and Marina Maslobojeva, 23 — were arrested yesterday in Rezekne, Latvia, federal prosecutors said. They are charged with wire fraud, conspiracy and computer fraud for creating the phony agency, falsely claiming they represented Best Western, duping the Star Tribune and causing scareware to load on the personal computers of its readers.

The Star Tribune is Minnesota’s largest newspaper. It covers news in multiple categories across the Minneapolis/St. Paul region, state, nation and world, and in recent years has been covering spectacular local Ponzi scheme cases with wide readership interest, including the Tom Petters’ and Trevor Cook cases.

Prosecutors did not say why the Star Tribune had been targeted in the cyberattack. Scammers, spammers and online criminals, however, are known to monitor publications for cultural references and specific “keywords” — and then seek ways to use the publications to drive traffic to fraud schemes.

The PP Blog, for instance, has received 2,859 unwanted communications in June 2011 alone, mostly from keyword spammers trying to publish ads on the Blog and leech off its traffic. In the Internet Age, criminal networks monitor coverage of any number of topics and seek ways to piggyback off the topics to create illegal profits.

“The global reach of the Internet makes every computer user in the world a potential victim of cybercrime,” said U.S. Attorney B. Todd Jones of the District of Minnesota. “Addressing cybercrime requires international cooperation; and in this case, the FBI, collaborating with our international law enforcement and prosecution partners, has worked tirelessly to disrupt two significant cybercriminal networks. Their efforts demonstrate that no matter the country, Internet criminals will be pursued, caught and prosecuted.”

Jones’ reference to a second disruption of international cybercrime was in the context of a case brought in Washington state in which the United States seized 22 domestic computers and servers and arranged to have 25 international computers and servers disabled in a scareware probe known as “Operation Trident Tribunal.”

Federal prosecutors said a scareware network had racked up $72 million in sales over three years by duping people into buying fake antivirus software.

At least 960,000 computer users were duped in the scareware fraud, prosecutors said. Latvian authorities seized at least five bank accounts linked to the scheme.

“This case shows that strong national and global partners can ensure there is no sanctuary
for cyber-crooks,” said U.S. Attorney Jenny A. Durkan of the Western District of Washington.

Read the Minnesota indictment.

About the Author

4 Responses to “Star Tribune, Minnesota’s Largest Newspaper, Targeted In International ‘Scareware’ Cyberattack; 2 Suspects Arrested In Latvia; Bogus Ad Agency Purportedly Based In Miami Allegedly Used To Dupe Famous American Publishing Company”

  1. Google was mentioned:
    Google to receive US antitrust subpoenas ‘in days’

    The US Federal Trade Commission is on the verge of serving Google with civil subpoenas as part of a “wide-ranging” antitrust investigation into the company’s search and ad practices, according to a report citing people familiar with the matter.

  2. By way of example, since 3:08 p.m. ET today, the PP Blog has blocked two unwanted communications from senders targeting this story thread on Club Asteria, Exotic FX and Imperia Invest IBC:

    The spammers came seven minutes apart and appear to be from Eastern Europe.


  3. Quick note: New unwanted communication at 7:18 p.m. targeting the same story I referenced in the 5:28 p.m. post above. Appears to be from Eastern Europe.


  4. Patrick, I’m also getting spammers from Europe and Russia on the phpBB3 site. Some people have too much free time, I suppose.