Payment processor for scareware cybercrime ring jailed

A Swedish credit card payment processor was sentenced today to 48 months in prison for his role in an international cybercrime ring that netted $71 million by infecting victims’ computers with scareware and selling rogue antivirus software.

Mikael Patrick Sallnert, 37, a citizen of Sweden, was sentenced by Chief U.S. District Judge Marsha J. Pechman in the Western District of Washington. In addition to his prison term, Sallnert was ordered to pay $650,000 in forfeiture.

Sallnert was arrested in Denmark on Jan. 19, 2012, and extradited to the United States in March 2012. He pleaded guilty on Aug. 17, 2012, to one count of conspiracy to commit wire fraud and one count of accessing a protected computer in furtherance of fraud.

The prosecution of Sallnert is part of Operation Trident Tribunal, an ongoing, coordinated enforcement action targeting international cybercrime. The operation targeted international cybercrime rings that caused more than $71 million in total losses to more than one million computer users through the sale of fraudulent computer security software.

The scareware scheme used a variety of ruses to trick consumers into unknowingly infecting their computers with the malicious scareware products, including web pages featuring fake computer scans. Once the scareware was downloaded, victims were notified that their computers were infected with a range of malicious software, such as viruses and Trojans and badgered into purchasing the fake antivirus software to resolve the non-existent problem at a cost of up to $129.

An estimated 960,000 users were victimized by this scareware scheme, leading to $71 million in actual losses.

According to Sallnert’s plea agreement, he agreed to establish and operate credit card payment processing services for the scareware ring, knowing that his co-conspirators were intentionally causing fake and fraudulent messages to display on victims’ computers that would fraudulently induce the victims into purchasing the rogue security software. According to court documents, between approximately August 2008 and October 2009, the payment processing mechanisms established by Sallnert processed approximately $5 million in credit card payments on behalf of the scheme.

“Mikael Patrick Sallnert played an instrumental role in carrying out a massive cybercrime ring that victimized approximately 960,000 innocent victims,” said Assistant Attorney General Breuer. “By facilitating payment processing, Sallnert allowed the cybercrime ring to collect millions of dollars from victims who were duped into believing their computers were compromised and could be fixed by the bogus software created by Sallnert’s co-conspirators.”

“Payment processors like this defendant are the backbone of the cybercrime underworld,” said U.S. Attorney Durkan. “As an established businessman, this defendant put a stamp of legitimacy on cyber criminals. He was involved in defrauding thousands of victims, and his actions contributed to insecurities in e-commerce that stifle the development of legitimate enterprises and increase the costs of e-commerce for everyone.”