Latvian Man Extradited For Allegedly Hacking Star Tribune

MINNEAPOLIS, MN — A Latvian man made his initial appearance Monday in Minneapolis following extradition from Poland for his alleged involvement in a "scareware" hacking scheme authorities say targeted the Minneapolis Star Tribune’s website and caused millions of dollars in losses to Internet users.

Peteris Sahurovs, aka "Piotrek" aka "Sagade," was indicted in 2011 in the District of Minnesota on charges of wire fraud, computer fraud and conspiracy. Sahurovs was arrested on the indictment in Latvia in June of 2011. He was released by a Latvian court and later fled, according to the United States Department of Justice.

In November of 2016, Sahurovs was located in Poland and apprehended by Polish law enforcement, after which the U.S. began extradition proceedings. Sahurovs was at one time the FBI’s fifth most wanted cybercriminal and a reward of up to $50,000 had been offered for information leading to his arrest and conviction, according to a news release.

Scareware is a type of malicious software, or malware, that poses as legitimate computer security software and purports to detect a variety of threats on the affected computer that do not actually exist. Computer users are informed they must purchase what they are told is anti-virus software in order to repair their computers.

The users are then barraged with aggressive and disruptive notifications – and sometimes prevented from using their computer – until they supply their credit card number and pay for a fraudulent “anti-virus” product.

According to the indictment, Sahurovs and members of the conspiracy relied on fraudulent online advertising to spread their malware. Authorities say the defendants created a phony advertising agency and claimed that they represented an American hotel chain that wanted to purchase online advertising space on the Minneapolis Star Tribune’s news website, startribune.com.

The FBI claims that after the advertisement began running on the website, the defendants changed the computer code in the ad so that the computers of visitors to the startribune.com were infected with malware.

The indictment alleges that the malware caused users’ computers to "freeze up" and then generate a series of pop-up warnings in an attempt to trick users into purchasing purported “antivirus” software to fix the problems created by the malware.

The "antivirus" software, if purchased, "unfroze" victim computers and stopped the pop-ups and security notifications, but the malware remained hidden on their computers, according to authorities. Users who failed to purchase the "antivirus" software reportedly found that all information, data and files stored on the computer became inaccessible.

The scheme generated more than $2 million in proceeds, according to the FBI. An indictment is merely an allegation and defendants are presumed innocent until proven guilty.

This case is being investigated by the FBI’s Minneapolis Field Office. Assistant U.S. Attorney Timothy C. Rank of the District of Minnesota and Trial Attorney Aaron R. Cooper of the Criminal Division’s Computer Crime and Intellectual Property Section are prosecuting the case.

The Department’s Office of International Affairs provided substantial assistance in this matter. The Latvian State Police; and the Polish National Police, the National Prosecutor’s Office, and the Ministry of Justice also provided significant assistance and cooperation.

Image via the Federal Bureau of Investigation