The FBI’s Ten Most Wanted Hackers countdown continues this week with No. 7 and No. 6: the co-conspirators Bjorn Daniel Sundin and Shaileshkumar “Sam” P. Jain.
On May 26, 2010, Sundin and Jain, along with a third suspect, were indicted by the U.S. District Court of Northern Illinois for one count of conspiracy to commit computer fraud, one count of computer fraud and 24 separate counts of wire fraud. Federal warrants for their arrest were issued that same day.
Both men face a maximum prison sentence of 480 years in prison and a whopping $10 million in fines.
Though their accomplice has since been arrested, Sundin and Jain have managed to evade the FBI for the past four years.
From December 2006 to October 2008, Sundin and Jain were both involved in an elaborate spyware scam that tricked customers into purchasing $100 million worth of rogue anti-virus software.
According to a separate indictment against Jain by the U.S. District Court of Northern California back in 2008, he and Sundin had owned and operated a number of websites, including discountbob.com and winantivirus.com, that purported to offer anti-virus software produced by Symantec, including Norton AntiVirus and SystemWorks.
All of this was conducted through a fake company called Innovative Marketing, Inc.
Jain and Sundin used email scamming and pop-up security alert ads to direct potential customers to these and other sites, where many of them purchased the bogus AV software packages for between $30 and $70.
The funds from each credit card purchase were moved between several different bank accounts until ultimately being split between separate banks located in the U.S. and Switzerland, where Jain exercised full control over those accounts.
In all, the scareware campaign targeted customers from more than 60 different countries, including the United States, Sweden and the Ukraine.
Upon receipt of their goods, customers discovered that their software was not produced by Symantec and did little to protect their computers’ security. Of course, many customers complained.
Those who were particularly vocal about their dissatisfaction were redirected to call centers, where they were allegedly told to lie or were provided refunds in an attempt to prevent them from filing fraud reports and alerting authorities.
Jain is a United States citizen who has ties to Brazil, Canada, India and the Ukraine. He has been a fugitive since 2008 when he failed to show up to court in California and pay a $250,000 bond. Since his second indictment in 2010, $15 million has been seized from his Swiss bank account but he still remains at large.
As of 2012, it was believed that Sundin is currently in Sweden. Sweden has no extradition treaty with the United States for Swedish citizens accused of crimes committed in the U.S., so Sundin has not been extradited. Sweden will put Sundin on trial if given control of the case.
In case you missed it, you can read about the No. 10, No. 9 and No. 8 Most Wanted Hackers here:
- Hacker Myths Debunked
- Top Five Hacker Tools Every CISO Should Know
- Infosec’s Rising Stars and Hidden Gems: The Hackers
- Average Cyber Crime Incident Costs Companies $12.7 Million
Check out Tripwire SecureScan™, a free, cloud-based vulnerability management service for up to 100 Internet Protocol (IP) addresses on internal networks. This new tool makes vulnerability management easily accessible to small and medium-sized businesses that may not have the resources for enterprise-grade security technology – and it detects the ShellShock and Heartbleed vulnerability.
The Executive’s Guide to the Top 20 Critical Security Controls
Tripwire has compiled an e-book, titled The Executive’s Guide to the Top 20 Critical Security Controls: Key Takeaways and Improvement Opportunities, which is available for download [registration form required].