Defendant Spread Malicious Software onto Computer Servers in the United States and Around the World for Personal Financial Gain

Earlier today, an indictment was unsealed in Brooklyn federal court charging Fabio Gasperini, an Italian citizen, with crimes related to his hacking of computers, creation of a global botnet, and perpetration of a fraud in which he used bots to mimic “clicks” on website advertisements and obtain advertising revenue.  The charges include computer intrusion, wire fraud conspiracy, wire fraud, and money laundering conspiracy.  The defendant was arrested in Amsterdam, the Netherlands, on June 18, 2016, and was extradited to the United States yesterday.  He is scheduled to be arraigned at 2:00 p.m. today, April 21, 2017, before United States Magistrate Judge Peggy Kuo at the U.S. Courthouse, 225 Cadman Plaza East, Brooklyn, New York.

The indictment and extradition were announced by Bridget M. Rohde, Acting United States Attorney for the Eastern District of New York, and William F. Sweeney, Jr., Assistant Director-in-Charge, Federal Bureau of Investigation, New York Field Office (FBI).

As alleged in court papers, Gasperini covertly hacked into computer servers owned by companies and individuals in the United States and elsewhere and created an exclusive backdoor that enabled him to access the data and computing power of those servers.  Gasperini’s scheme specifically targeted a type of server that companies and individuals typically use for large-scale data storage and transfer.  Gasperini compromised servers that contained sensitive data and files.

Through his backdoor, Gasperini allegedly implanted malicious software onto the compromised servers.  The malicious software served to further propagate Gasperini’s scheme by scanning the internet and identifying additional vulnerable servers for infection, enabling Gasperini to create a botnet, a network of computers (such as servers) infected with malicious software without users’ knowledge that a malicious actor can remotely control and use for malicious purposes.

Gasperini’s botnet was spread over multiple computer servers around the world.  Gasperini used computer servers in the United States to manage the botnet and to provide instructions and resources to the compromised servers in the botnet.  Gasperini used the botnet to perpetrate a click fraud.  A click fraud is a type of cybercrime in which a malicious actor fraudulently obtains money from advertising companies and businesses.

Businesses commonly hire online advertising companies to send traffic to their websites.  These advertising companies in turn contract with individuals, typically someone who operates a website, to place on the website certain links advertising the businesses’ products or services, and are then compensated based upon the number of visitors to the website that click on the link.  The advertising companies typically pay the individuals on a per-click basis.  To conduct a click fraud scheme, a malicious actor can, for example, remotely command a botnet to flood a particular website advertisement with electronic communications that register with the advertising company as clicks by a human user on the advertisement.  This type of command falsely and fraudulent inflates the number of clicks reported to the advertising companies, causing them to pay for clicks perpetrated by automated bots rather than clicks completed by potential customers who, in fact, viewed and clicked on the advertisements.

Some of the malicious software that Gasperini installed onto the servers he had compromised was designed to disguise a compromised server as a web browser and cause it to simulate human clicks on website advertisements through automated electronic commands.  Gasperini’s software was configured to send automated clicks to advertisements hosted on websites that he owned, enabling Gasperini to generate revenue from advertising companies and businesses through fake internet traffic.

“Cybersecurity is a priority and we will pursue those who hack into computers, spread malicious software, and victimize U.S. companies and computers until they are brought to justice,” stated Acting United States Attorney Bridget M. Rohde.  Ms. Rohde expressed her grateful appreciation to the Netherlands Ministry of Security and Justice, for their assistance in effecting the defendant’s arrest and extradition; the Italian National Police, Postal and Telecommunications Service, for their assistance in the investigation; the United States Marshals Service, for their assistance in transporting the defendant to the United States; and the U.S. Department of State Regional Security Officer in the Netherlands, for their assistance in facilitating the defendant’s extradition.

“As alleged, Gasperini hacked into servers to create a global botnet that was used to generate profits from click fraud,” stated, Assistant Director-in-Charge Sweeney.  “This is yet another case that demonstrates the commitment of the FBI’s Cyber Task Force to investigate and bring to justice those who commit cybercrime, regardless of where they may reside.”

The charges in the indictment are allegations, and the defendant is presumed innocent unless and until proven guilty.

The government’s case is being prosecuted by the Office’s National Security & Cybercrime Section.  Assistant United States Attorney Saritha Komatireddy is in charge of the prosecution.