TALLINN/NEW YORK (Reuters) - An Estonian charged in a massive worldwide cyber fraud scam will be extradited to the United States, the prosecutor’s office in Tallinn said on Friday, to face court over the case which saw millions of computers infected with malicious software.
The Estonian government made its final decision on Thursday to extradite Anton Ivanov, 26. Five other Estonian suspects are currently appealing a court ruling backing their extradition.
“The government decision to extradite Ivanov yesterday was final and cannot be appealed and does not need parliamentary approval,” Kadri Tammai, spokeswoman for the Estonian Prosecutor General’s office, told Reuters.
“For Ivanov, it is now up to an agreement with the Estonian Justice Ministry and the FBI as to when the FBI will come and collect him,” she added.
The six men were arrested in the Baltic state in November 2011. They were subsequently charged by U.S. authorities with using malicious software and rogue DNS servers to hijack millions of computers worldwide to redirect Internet searches toward their own online advertisements.
Another man living in Russia was charged in connection with the case and is still at large. Four of the Estonians also face local money laundering investigations.
U.S. authorities say the scope of the cyber fraud was remarkable and used malicious software or malware to infect about 4 million computers in 100 countries including the United States. The scam is thought to have netted the suspects over $14 million.
The Manhattan U.S. Attorney’s office, which is prosecuting the U.S. case declined comment on Estonia’s extradition decision, as did the FBI.
Months after the men were arrested, experts are still scrubbing the malware from computers.
The Manhattan federal court judge overseeing the case, Lewis Kaplan, last month agreed to a request by prosecutors for additional time to help Internet providers remove the malware from machines on their networks.
The letter to the judge said tens of thousands of computers were still infected.
Prosecutors also said temporary servers, installed to replace the rogue Estonian ones, needed to remain online for a few more months, or else the remaining infected computers would not be able to access the web.
Installing the temporary servers at the time of the November take-down had insured the millions of infected computers would still be able to go online.
Reporting by David Mardiste and Basil Katz in New York; Editing by Sophie Hares