Investigators learned that, in 2010, associates of Peteris Sahurovs, including his wife, created a fake advertising company, known as RevolTech Marketing, and contacted a local news website to purchase advertising for their “client,” a well-known American hotel chain. (The hotel chain knew nothing about RevolTech’s activities.) RevolTech created an advertisement for the hotels that redirected to what appeared to be a legitimate site. The hackers then waited until Friday night U.S. time—after the website’s staff had already tested the ad—to swap out the ad to one that would direct computers to a malware-infected website instead. The malware installed whether or not the user clicked the ad. Once infected, the only way users could remove the malware was to purchase the fake anti-virus software—at a cost of $49.95.

The investigation also showed that in addition to the ad scam, Sahurovs and his associates ran a “bulletproof” hosting site that facilitated other criminal activity on the web. Bulletproof hosting sites are overseas servers that take active steps to avoid law enforcement detection of criminal activity.

The FBI and the Latvian State Police worked collaboratively to track down and arrest Sahurovs. However, he fled before his extradition hearing and was added to the FBI Cyber’s Most Wanted list.

Five years later, Sahurovs turned up in Poland, where he was arrested and extradited to the United States to face charges. In February, he pleaded guilty to conspiracy to commit wire fraud, and last month, he was sentenced to 33 months in prison.

Patience and international collaboration were keys to success in this case, Cameron said. FBI agents worked closely with their counterparts in Latvia, Cyprus, Turkey, and Ukraine during the investigation.

“It was a great chain of events to be able to find Sahurovs and bring him back to face justice,” Cameron said. “There are a lot of momentum swings in these cases, and we had to be patient. I’m happy we’re finally able to get closure in this case.”