Skip to content ↓ | Skip to navigation ↓

The FBI’s 10 most-wanted black-hat hackers countdown continues this week with No. 7 and No. 6: the co-conspirators Bjorn Daniel Sundin and Shaileshkumar “Sam” P. Jain.

On 26 May 2010, the U.S. District Court of Northern Illinois indicted Sundin, Jain and a third suspect for one count of conspiracy to commit computer fraud, one count of computer fraud and 24 separate counts of wire fraud. Federal warrants for their arrest went out that same day.

Both Sundin and Jain face a maximum prison sentence of 480 years in prison and a whopping $10 million in fines when apprehended.

Though law enforcement has arrested their accomplice, Sundin and Jain have managed to evade the FBI for the past eight years.

From December 2006 to October 2008, Sundin and Jain were both involved in an elaborate spyware scam that tricked customers into purchasing $100 million worth of rogue anti-virus software.

According to an indictment filed by the U.S. District Court of Northern California in 2008, Jain and Sundin at one time owned and operated a number of websites, including and, that purported to offer Symantec anti-virus software. They conducted their shady business dealings via a fake company called Innovative Marketing, Inc.

Jain and Sundin used email scamming and pop-up security alert ads to direct potential customers to these and other sites. There, unsuspecting users purchased the bogus AV software packages for between $30 and $70.

The criminal duo then ferried the funds from each credit card purchase through several financial institutions until Jain ultimately deposited them into accounts under his control at banks based in the United States and Switzerland.

In all, the scareware campaign targeted customers from more than 60 different countries including the United States, Sweden and Ukraine.

Upon receipt of their goods, customers discovered that their software was fake. Many complained as a result. For those particularly vocal about their dissatisfaction, the scammers redirected them to call centers and told them lies or provided refunds to deter them from filing fraud reports and alerting the authorities.

Jain is a United States citizen who has ties to Brazil, Canada, India and Ukraine. He has been a fugitive since 2008 when he failed to show up to court in California and pay a $250,000 bond. Since his second indictment in 2010, officials have seized $15 million from his Swiss bank account, but he still remains at large.

As of 2012, law enforcement believed Sundin was hiding out in Sweden. Sweden has no extradition treaty with the United States for computer-related offenses, so as of this writing, the Scandinavian country has not yet extradited Sundin if he is indeed residing there.

You can read about some other black-hat hackers wanted by the FBI below:

Related Articles:


picThe Executive’s Guide to the Top 20 Critical Security Controls

Tripwire has compiled an e-book, titled The Executive’s Guide to the Top 20 Critical Security Controls: Key Takeaways and Improvement Opportunities, which is available for download [registration form required].