Latvian Hacker Admits To Targeting Star Tribune

MINNEAPOLIS, MN — A Latvian man admitted to participating in a lucrative “scareware” hacking scheme that targeted visitors to the Minneapolis Star Tribune’s website, federal authorities announced Thursday. Peteris Sahurovs, aka “Piotrek,” pleaded guilty to one count of conspiracy to commit wire fraud. Sahurovs acknowledged he made between $150,000 and $250,000 in the scheme.

Sahurovs was arrested on a District of Minnesota indictment in Latvia in June of 2011, but was released by a Latvian court and later fled. In November of 2016, Sahurovs was located in Poland and apprehended by Polish law enforcement and extradited to the United States in June of 2017.

Sahurovs was at one time the FBI’s fifth most wanted cybercriminal and a reward of up to $50,000 had been offered for information leading to his arrest and conviction. He will be sentenced June 6.

According to admissions made in connection with his plea, from at least May 2009 to June 2011, Sahurovs operated a “bullet-proof” web hosting service in Latvia, through which he leased server space to customers seeking to carry out criminal schemes without being identified or taken offline.

Sahurovs admitted that from about February 2010 to about September 2010, he registered domain names, provided bullet-proof hosting services, and gave technical support to a “scareware” scheme targeting visitors to the Star Tribune’s website. On Feb. 19, 2010, the Star Tribune began hosting an online advertisement, purporting to be for Best Western hotels, on its website, startribune.com.

Two days later, however, the advertisement began causing the computers of visitors to the website to be infected with malware. This malware, also known as “scareware,” caused visitors to experience slow system performance, unwanted pop-ups and total system failure.

Website visitors also received a fake “Windows Security Alert” pop-up informing them that their computer had been infected with a virus and another pop-up that falsely represented that they needed to purchase the “Antivirus Soft” computer program to fix their security issues, at a price of $49.95.

Website visitors who clicked the “Antivirus Soft” window were presented with an online order form to purchase a purported security program called “Antivirus Soft.”

Users who purchased “Antivirus Soft” would receive a file download that “unfroze” their computers and stopped the pop-ups and security notifications. However, Sahurovs admitted, the file was not a real anti-virus product and did not perform legitimate computer security functions, and merely caused malware that members of the conspiracy had previously installed to cease operating.

Meanwhile, victim users who did not choose to purchase “Antivirus Soft” became immediately inundated with so many pop-ups containing fraudulent “security alerts,” that all information, data, and files on their computers were rendered inaccessible.

Members of the conspiracy defrauded victims out of substantial amounts of money as a result of the scheme, according to authorities.

Image via Shutterstock