OCR of the Document

View the Document >>

United States of America, Plaintiff v. Peter Sahurovs, a/k/a "Piotrek," a/k/a "Sagade," and Marina Maslobjeva, a/k/a "Marina Sahurova," a/k/a "Aminasah," Defendants, United States District Court, District of Minnesota, May 17, 2011. Unclassified.

CASE 0 11-cr- 7-ADM-HB Document 8 Filed 017 11 Page 1 of 14 c H-l 7 Ao -1 r 1 UNITED STATES DISTRICT COURT DISTRICT OF MINNESOTA UNITED STATES OF AMERICA INDICTMENT Plaintiff v 1 PETERIS SAHUROVS a k a Pietrek a k a Sagade 11 and 2 MARINA MASLOBOJEVA a k a Marina Sahurova a k a Aminasah Defendants 18 U S C 18 u s c 18 u s c 18 u s c 10 3 0 a 5 A 1343 1349 2 THE UNITED STATES GRAND JURY CHARGES 1 From in or about February 2010 through at least in or about September 2010 in the State and District of Minnesota and elsewhere the defendants PETERIS SAHUROVS a k a Pietrek a k a Sagade and MARINA MASLOBOJEVA a k a Marina Sahurova a k a Aminasah each aiding and abetting one another and being aided and abetted by one another together with others known and unknown to the grand jury devised intended to devise and participated in a scheme to defraud and to obtain money and property by means of materially false and fraudulent pretenses representations promises and material omissions as more fully described below -SCANNED JUN 2 2 2011 ll S O STRICT COURT ST Po' IJL rlLED MAY 1 7 2011 CASE 0 11-cr- 7-ADM-HB Document 8 Filed 017 11 Page 2 of 14 U S v Peteris Sahurovs et al _ PURPOSE OF THE SCHEME 2 Defendants PETERIS SAHUROVS and MARINA MASLOBOJEVA and others acting in concert with them or at their direction defrauded victim Internet users malicious software by i malware infecting their computers with which caused the victim Internet users' computers to slow down or freeze up and then ii deceiving victim Internet users into purchasing purported antivirus software products to fix the problems created by the malware the defendants caused to be installed MANNER AND ME ANS OF THE SCHEME 3 Defendants PETERIS SAHUROVS and MARINA MASLOBOJEVA and others acting in concert with them or at their direction created fictitious advertising agencies which in turn contacted victim companies purporting to represent legitimate third-party entities that sought to place Internet-based advertisements on the victim companies' websites when in fact the advertisements were not authorized by the third-party entities 4 It was further part of fictitious advertising agencies the scheme that through the defendants PETERIS SAHUROVS and MARINA MASLOBOJEVA and others acting in concert with them or at their direction caused to be placed on the websites of the victim companies Internet-based advertisements that unbeknownst to the victim companies contained computer code which in turn caused 2 CASE 0 11-cr-0 7-ADM-HB Document 8 Filed 01 11 Page 3 of 14 U S v Peteris Sahurovs et al the Internet browsers of victim Internet users who visited the victim companies' websites to be hijacked or redirected without their consent to websites controlled by defendants PETERIS SAHUROVS and MARINA MASLOBOJEVA and others acting in concert with them or at their direction 5 It was further part of the scheme that after being redirected to a website controlled by defendants PETERIS SAHUROVS and MARINA MASLOBOJEVA and others acting in concert with them or at their direction the victim Internet user was prompted with a series of materially false security alert messages which claimed that the user's computer had been infected with malware and that the victim Internet user needed to purchase an antivirus product to fix the security issue 6 It was further part of the scheme that through the series of materially false security alert messages defendants PETERIS SAHUROVS and MARINA MASLOBOJEVA concert with them or at their direction users in countries throughout the world and others acting in caused victim Internet including the United States to purchase software products distributed by defendants PETERIS SAHUROVS and MARINA MASLOBOJEVA and others acting in concert with them or at their direction including Antivirus Soft to purportedly fix the problems caused by the malware 3 As a result CASE 0 11-cr-017-ADM-HB Document 8 Filed OW111 Page 4 of 14 U S v Peteris Sahurovs et al of the scheme victim Internet users were defrauded out of more than $2 000 000 00 7 It was further part of the scheme that defendants PETERIS SAHUROVS and MARINA MASLOBOJEVA and others acting in concert with them or at their direction intentionally failed to pay the victim companies the fees promised by the fictitious advertising agencies for the placement of Internet-based advertisements on the victim companies' websites sustained losses in As a result of the scheme victim companies the form of the non-payment of fees for advertising space on the victim companies' websites THE STAR TRIBUNE MALWARE ATTACK 8 One of the victim companies defrauded by defendants as part of the fraud scheme described above was the Minneapolis Star Tribune Star Tribune 9 At all times relevant to this indictment startribune com was an Internet web site owned and operated by the Star Tribune Minnesota's largest newspaper Star Tribune's startribune com daily web Much of the content found in the newspaper site can The also be computer found servers on the hosting startribune com are located in the United States 10 The Star Tribune obtains their online advertisements for startribune com from three categories one of which is referred to as third party ad tags For this type of advertisement 4 the CASE 0 11-cr-017-ADM-HB Document 8 Filed 017111 Page 5 of 14 U S v Peteris Sahurovs et al Star Tribune is typically contacted by an online advertising agency which represents a business or individual that wishes to advertise online Such advertising agencies coordinate the details of the advertisement with online publishers like the Star Tribune are thousands of online advertising agencies There throughout the country 11 On or about February 17 2010 defendants PETERIS SAHUROVS and MARINA MASLOBOJEVA or others acting in concert with them or at their direction Minneapolis Minnesota sent an email to the Star Tribune in purporting to be from Lisa Polowski hereinafter Polowski who claimed to be the Senior Media Buyer for Revol Tech Marketing Florida hereinafter Revol Tech of Miami The email indicated that RevolTech was an advertising agency representing Best Western International Best Western and that the agency wanted to place online ads for Best Western on startribune com In truth and in fact RevolTech is not a real advertising agency and Best Western had not retained RevolTech to place online advertisements on its behalf 12 On or about February 19 2010 defendants PETERIS SAHUROVS and MARINA MASLOBOJEVA or others acting in concert with them or at their direction for the online sent to startribune com the ad-tag advertisement advertising campaign for the purported Best Western An ad-tag is a short computer file that is 5 CASE 0 11-cr-017-ADM-HB Document 8 Filed 05 11 Page 6 of 14 U S v Peteris Sahurovs et al placed on a web page that redirects the users' another Internet site to download content web browser to This download happens without any user interaction 13 The Star Tribune began running the Best Western ad-tag on startribune com on or about February 19 2010 Visitors to startribune com were redirected by the ad-tag to a web server in the Netherlands controlled by defendants MARINA MASLOBOJEVA their direction PETERIS SAHUROVS and or others acting in concert with them or at Initially the web server in the Netherlands downloaded only an image containing the purported Best Western advertisement On or about February 21 2 O1 O unbeknownst to startribune com or visitors to the website the web server in the Netherlands redirected visitors' web browsers to a different web server in Latvia which began downloading malware onto the visitors' computers 14 22 On or about February 21 and continuing through February 2010 visitors to the startribune com website began experiencing slow system performance unwanted pop-ups and total system failure When the Star Tribune learned of the problems experienced by visitors to startribune com it pulled all the online advertising from the website and later determined that the source of RevolTech the infections was the advertisement provided by The Star Tribune immediately reported the incident to 6 CASE 0 11-cr-Ow7-ADM-HB Document 8 Filed Ow 11 Page 7 of 14 U S v Peteris Sahurovs et al law enforcement and also published articles in both its print and online newspapers to notify its readers of the virus-infected advertisement 15 Before the Best Western ad-tag was removed visitors to the startribune com website began receiving pop-ups containing a fraudulent Windows Security Alert originating from a web server controlled by defendants PETERIS SAHUROVS and MARINA MASLOBOJEVA or others acting in concert with them or at their direction The Windows Security Alert read Windows reports that computer is infected Antivirus software helps to protect your computer against viruses and other security threats Click here for the scan you computer sic Your system might be at risk now Thereafter additional computer screens pop-ups appeared indicating that on the victim users' they needed to purchase the Antivirus Soft computer program for $49 95 to fix the security issue To purchase Antivirus Soft the victim users clicked on an option on one of program the pop-ups to upgrade the 'anti-virus' Victim users who clicked on this option were presented with an online order form from a web server avgroupwebsite com where Antivirus Soft avgroupwebsite com defendants PETERIS could was be located SAHUROVS purchased in Latvia The and web controlled and MARINA MASLOBOJEVA acting in concert with them or at their direction server by or others Victim users were instructed to provide their credit card numbers in payment for 7 o o CASE 0 11-cr-00177-ADM-HB Document 8 Filed 05 17 11 Page 8 of 14 U S v Peteris Sahurovs et al Anti virus Soft Payments were processed by a bank in Latvia controlled by defendants PETERIS SAHUROVS and MARINA MASLOBOJEVA or others acting in concert with them or at their direction 16 Soft Victim computer users who did not purchase Anti virus immediately became inundated fraudulent security alerts defendants PETERIS acting concert in information data SAHUROVS with and from a with web pop-ups server containing controlled by and MARINA MASLOBOJEVA them files or at stored their on the or others direction All computer became inaccessible 17 -Victim computer users who paid the defendants $49 95 received a download of the Antivirus Soft program which ''unfroze their computer and stopped the pop-ups and security notifications Victim computer users PETERIS SAHUROVS had to either pay and MARINA MASLOBOJEVA $49 95 or to defendants others acting in concert with them or at their direction or over-write the computer hard-drive and lose all applications and data COUNT ONE i Wire Fraud ' 18 The Grand Jury hereby realleges and incorporates paragraphs 1 through 17 of this Indictment as if stated in full herein 8 CASE 0 11-cr-Oij7-ADM-HB Document 8 Filed 017111 Page 9 of 14 U S v Peteris Sahurovs et al 19 On or about February 19 2010 in the State and District of Minnesota and elsewhere the defendants PETERIS SAHUROVS a k a Pietrek a k a Sagade and MARINA MASLOBOJEVA a k a '1 Marina Sahurova a k a Aminasah each aiding and abetting one another and being aided and abetted by one another together with others known and unknown to the grand jury for the purpose attempting to do so of executing the aforesaid scheme and did knowingly cause to be transmitted in interstate and foreign commerce from the Netherlands to Minnesota by means of wire and radio communications certain writings signs signals and sounds to wit an electronic mail communication to startribune com in order to place an Internet-based advertisement containing malicious startribune com computer code on in violation of Title 18 the website of United States Code Sections 1343 and 2 COUNT TWO Wire Fraud 20 The Grand Jury hereby realleges and incorporates paragraphs 1 through 17 of this Indictment as if stated in full herein 9 - o CASE 0 11-cr-00177-ADM-HB Document 8 Filed 05 17 11 Page 10 of 14 U S v Peteris Sahurovs et al 21 On or about February 21 2010 in the State and District of Minnesota and elsewhere the defendants PETERIS SAHUROVS a k a Piotrek a k a Sagade and MARINA MASLOBOJEVA a k a Marina Sahurova a k a Aminasah each aiding and abetting one another and being aided and abetted by one another together with others known and unknown to the grand jury for the purpose attempting to do so of executing the aforesaid did knowingly cause to be scheme and transmitted in interstate and foreign commerce from Latvia to Minnesota by means of wire and radio communications certain writings signs signals and sounds to wit an electronic communication that included an Internet advertisement defendants containing malicious intentionally caused impairment code to through which the computer of Victim A a visitor to the startribune com website in violation of Title 18 United States Code Sections 1343 and 2 COUNT THREE Conspiracy to Commit Wire Fraud 22 The Grand Jury hereby realleges and incorporates paragraphs 1 through 21 of this Indictment as if stated in full herein 10 CASE 0 11-cr-017-ADM-HB Document 8 Filed Ow 11 Page 11 of 14 U S v Peteris Sahurovs et al 23 From September in or about 2010 in the February 2010 State and through District of in or about Minnesota and elsewhere the defendants PETERIS SAHUROVS a k a Piotrek a k a Sagade and MARINA MASLOBOJEVA a k a Marina Sahurova a k a Arninasah along with others known and unknown knowingly and willfully combine to conspire the grand jury did and agree with each other and other persons known and unknown to the Grand Jury to commit offenses against the United States including executing a scheme to defraud and to obtain money and property by means of materially false and fraudulent pretenses representations promises and material omissions as set forth above in paragraphs 2 through 17 in interstate commerce by means of wire communication certain signals and sounds in violation of Title 18 United States Code Section 1343 all in violation of Title 18 United States Code Section 1349 COUNT FOUR Unauthorized Access to a Protected Computer 24 The Grand Jury hereby realleges and incorporates paragraphs 1 through 23 of this Indictment as if stated in full herein 11 o o CASE 0 11-cr-00177-ADM-HB Document 8 Filed 05 11 Page 12 of 14 o U S v Peteris Sahurovs et al 25 In or about February 21 2010 in the State and District of Minnesota and elsewhere the defendants PETERIS SAHUROVS a k a Piotrek a k a Sagade and MARINA MASLOBOJEVA a k a Marina Sahurova a k a Aminasah each aiding and abetting one another and being aided and abetted by one another together with others known and unknown to the grand jury did knowingly cause the transmissions of programs information codes and commands from Latvia to Minnesota to wit an electronic communication to startribune com that included an Internet advertisement containing malicious code through which defendants intentionally caused impairment to the integrity and availability of data programs systems and information on the startribune com website without startribune com's authorization by hijacking or redirecting the visitors to startribune com's website away from the intended content of startribune com' s website to a web server controlled by defendants or others acting in concert with them or at their direction and as a result of such conduct intentionally caused damage without authorization to protected computers in violation of Title 18 United States Code Section 1030 a 5 A 12 CASE 0 11-cr-0 7-ADM-HB Document 8 Filed Ow 11 Page 13 of 14 U S v Peteris Sahurovs et al FORFEITURE ALLEGATIONS 26 The allegations in Counts 1 2 and 3 are hereby realleged as if fully stated herein for the purpose of alleging forfeitures pursuant to 18 U S C 27 98l a 1 C and 28 U S C 2461 As the result of the offense alleged in Counts 1 2 and 3 of this Indictment the defendants PETBRIS SAHUROVS 1 a k a Piotrek a k a Sagade and MARINA MASLOBOJEVA 1 a k a Marina Sahurova a k a Aminasah shall forfeit to the United States pursuant to Title 18 United States Code Section 98l a 1 C any property constituting and derived from proceeds they obtained directly or indirectly as the result of such violations 28 fully The allegations in Count 4 are hereby realleged as if stated herein pursuant to 18 U S C 29 for the purposes of alleging forfeitures 982 a 2 B 1030 i and 1030 j As the result of the offense alleged in Count 4 of this Indictment constituting the or defendants traceable shall to forfeit proceeds any and all obtained property directly or indirectly as a result of such violation as well as any personal property that was used or intended to be used to commit or to facilitate the commission of such violation 13 U S v Peteris Sahurovs et al 30 If any of the above-described forfeitable property is unavailable for forfeiture the United States intends to seek the forfeiture of substitute property as provided for in Title 21 United States Code Section 853 p as incorporated by Title 28 United States Code Section 2461 c A TRUE BILL UNITED STATES ATTORNEY 14                     National Security Archive    Suite 701  Gelman Library  The George Washington University    2130 H Street  NW  Washington  D C  20037    Phone  202 994‐7000  Fax  202 994‐7005  nsarchiv@gwu edu