Latvian computer hacker who targeted startribune.com pleads guilty

A Latvian computer hacker who targeted visitors to the Star Tribune website with a malware virus in 2010 and 2011 pleaded guilty Tuesday in federal court in Minneapolis.

Peteris Sahurovs, 28, also known as "Piotrek" and "Sagade," will be sentenced June 6 on one count of conspiracy to commit wire fraud.

He admitted to making $150,000 to $250,000 in the scam that led many computer users to buy fake anti-virus software. The U.S. Attorney's office said last year that authorities believe Sahurovs and others made more than $2 million.

Sahurovs was arrested in 2011 but fled. He was captured in Poland in November 2016 and extradited to Minnesota last June.

According to federal investigators, Sahurovs admitted to running a "bullet-proof" web-hosting service in Latvia from at least May 2009 to June 2011. His customers bought server space from him to carry out criminal schemes without being identified or taken offline.

In the scheme targeting startribune.com, Sahurovs and others created a phony advertising agency and claimed they represented an American hotel chain that wanted to buy advertising on the website.

When the ad began running online, the conspirators changed the computer code in the ad to infect users' computers with a virus.

The malware caused computers to freeze up and then generated pop-up warnings to try to trick users into buying purported "antivirus" software for $49.95 to fix the problems. The software "unfroze" the computers and stopped the pop-ups but the malware stayed on the computers.

Users who didn't buy the "antivirus" software found that all of the information, data and files stored on their computers became inaccessible.

Pat Pheifer • 612-673-7252