SlideShare a Scribd company logo

Digital Advertising Fraud Involving Tens of Millions of Dollars in Losses 3ve

Jeff Martinez
Jeff Martinez

Between December 2015 and October 2018, Ovsyannikov and Timchenko were involved in operating a purported advertising network and carried out a digital advertising fraud scheme, referred to in the advertising industry as “3ve.2 Template A.” In this scheme, the defendants used a global “botnet” a network of malware-infected computers operated without the true owner’s knowledge or consent to perpetrate their fraud. The defendants developed an intricate infrastructure of command-and-control servers to direct and monitor the infected computers, and to detect whether a particular infected computer had been flagged by cybersecurity companies as being associated with fraud. By using this infrastructure, the defendants accessed more than 1.7 million infected computers belonging to individuals and businesses in the United States and elsewhere, and used hidden browsers on those infected computers to download fabricated webpages and load advertisements onto those fabricated webpages. Meanwhile, the owners of the infected computers were unaware that this process was running in the background on their computers. As a result of this scheme, the defendants falsified billions of advertisement views and caused businesses to pay more than $29 million for advertisements that were never actually viewed by human internet users.

Government & Nonprofit
1 of 4
Download to read offline
U.S. Department of Justice Richard P. Donoghue United States Attorney Eastern District of New York 271 Cadman Plaza East Brooklyn, New York 11201 FOR IMMEDIATE RELEASE September 25, 2019 Contact: John Marzulli United States Attorney’s Office (718) 254-6323 PRESS RELEASE TWO KAZAKH CYBERCRIMINALS PLEAD GUILTY IN GLOBAL DIGITAL ADVERTISING FRAUD INVOLVING TENS OF MILLIONS OF DOLLARS IN LOSSES Leader of Scheme Will Forfeit Online Domains and More Than Eight Million Dollars Seized From Swiss Bank Accounts Sergey Ovsyannikov and Yevgeniy Timchenko, citizens of the Republic of Kazakhstan, pleaded guilty yesterday and today, respectively, in federal court in Brooklyn to conspiring to commit wire fraud and related charges, for their involvement in a widespread digital advertising fraud. Ovsyannikov was arrested in October 2018 in Malaysia and extradited to the United States in March 2019. Timchenko was arrested in November 2018 in Estonia and extradited to the United States in February 2019. Both plea proceedings took place before United States Magistrate Judge Steven M. Gold. When sentenced, Ovsyannikov faces up to 42 years in prison, and Timchenko faces up to 40 years in prison. Richard P. Donoghue, United States Attorney for the Eastern District of New York, and William F. Sweeney, Jr., Assistant Director-in-Charge, Federal Bureau of Investigation, New York Field Office (FBI), announced the guilty pleas. Background on Digital Advertising The internet is, in large part, freely available to users worldwide because it runs on digital advertising, where website owners display advertisements on their sites and are compensated by intermediaries representing businesses that advertise goods and services to human customers. In general, digital advertising revenue is based on how many users click, or view, the advertisements on those websites. As alleged in court filings, the defendants in this case represented that they ran legitimate companies that delivered advertisements to human internet users, who accessed real internet webpages. In fact, the defendants faked both the users and the webpages they programmed computers they controlled to load advertisements on fabricated webpages, via an automated program, and fraudulently obtained digital advertising revenue.
2 The Botnet-Based Criminal Scheme (“3ve.2 Template A”) Between December 2015 and October 2018, Ovsyannikov and Timchenko were involved in operating a purported advertising network and carried out a digital advertising fraud scheme, referred to in the advertising industry as “3ve.2 Template A.” In this scheme, the defendants used a global “botnet” a network of malware-infected computers operated without the true owner’s knowledge or consent to perpetrate their fraud. The defendants developed an intricate infrastructure of command-and-control servers to direct and monitor the infected computers, and to detect whether a particular infected computer had been flagged by cybersecurity companies as being associated with fraud. By using this infrastructure, the defendants accessed more than 1.7 million infected computers belonging to individuals and businesses in the United States and elsewhere, and used hidden browsers on those infected computers to download fabricated webpages and load advertisements onto those fabricated webpages. Meanwhile, the owners of the infected computers were unaware that this process was running in the background on their computers. As a result of this scheme, the defendants falsified billions of advertisement views and caused businesses to pay more than $29 million for advertisements that were never actually viewed by human internet users. The Defendants’ Roles Ovsyannikov led the development of the 3ve.2 scheme, and was a principal and owner of the advertisement network used to carry out the scheme. Ovsyannikov set out the infrastructure of the scheme in a spreadsheet titled “[Ad Network] Structure. Hosting and Domains.” The spreadsheet listed many of the command-and-control servers and other servers involved in the scheme, including several designated as repositories of “spoof” webpages. Ovsyannikov maintained lists of webpages to fabricate (or “spoof”) in his cloud storage account and on servers that he controlled, including more than 86,000 webpages associated with online publishers, including the webpages of thousands of businesses in the United States. In communications with co-conspirators, Ovsyannikov explained how different aspects of the infrastructure worked together to perpetrate the fraud, such that a “bot” in the botnet would “set itself” to visit a “spoofed domain” and cause a falsified advertisement view. Ovsyannikov directed proceeds of the fraud to bank accounts in Switzerland, among other locations. As part of his guilty plea, Ovsyannikov will forfeit those Swiss bank accounts, which contain more than eight million dollars. Timchenko worked for Ovsyannikov and handled logistical and administrative aspects of the 3ve.2 scheme. Timchenko assisted in creating the infrastructure of command-and- control servers and other servers that were instrumentalities of the scheme. Timchenko deliberately chose certain U.S. service providers because they had the “coolest processors” and a “larger” cache (for temporary data storage) than competing providers. Timchenko also researched webpages to fabricate, deliberately targeted webpages for businesses in the United States, and placed those webpages on a running list that both defendants kept that was titled “New companies for spoofing.” Separately, Ovsyannikov provided technical assistance to the operators of another digital advertising fraud scheme, referred to in the advertising industry as “Methbot.” In the
3 Methbot scheme, the perpetrators used computers housed in commercial datacenters, instead of in a botnet, to carry out the digital advertising fraud. Ovsyannikov helped the Methbot operators program the datacenter computers to mimic human behavior, disguise the computers’ automated browsers, and evade fraud detection software. The Methbot operators falsified billions of advertisement views and caused businesses to pay more than $7 million for advertisements that were never actually viewed by human internet users. The Botnet Takedown Following the arrest of Ovsyannikov by Malaysian authorities in October 2018, U.S. law enforcement authorities, in conjunction with various private sector companies, began the process of dismantling the criminal cyber infrastructure utilized in the botnet-based scheme, which involved computers infected with malicious software known “Kovter.” The FBI executed seizure warrants to redirect the internet traffic going to 23 internet domains used to further the charged botnet-based scheme or otherwise used to further the Kovter botnet (an action known as “sinkholing”), in order to disrupt and dismantle the botnet. The FBI also executed search warrants at 11 different U.S. server providers for 89 servers related to the charged botnet-based scheme or Kovter. In addition, as part of its investigation, the FBI discovered an additional cybercrime infrastructure committing digital advertising fraud through the use of datacenter servers located in Germany, and a botnet of computers in the United States infected with malicious software known in the cybersecurity community as “Boaxxe.” The FBI executed seizure warrants to sinkhole eight domains used to further this scheme and thereby disrupt yet another botnet engaged in digital advertising fraud. Finally, the United States, with the assistance of its foreign partners, executed seizure warrants for multiple international bank accounts in Switzerland and elsewhere that were associated with the schemes. For technical details on the malware and botnets referenced in this case, please see US-CERT Alert TA18-331A: https://www.us-cert.gov/ncas/alerts/TA18-331A The government’s case is being prosecuted by the Office’s National Security and Cybercrime Section. Assistant United States Attorneys Saritha Komatireddy, Michael T. Keilty, Alexander F. Mindlin and Karin K. Orenstein are in charge of the prosecution. The Defendants: SERGEY OVSYANNIKOV Age: 30 Republic of Kazakhstan YEVGENIY TIMCHENKO Age: 31 Republic of Kazakhstan
4 E.D.N.Y. Docket No. 18-CR-633 (ERK)

Recommended

Gurminder Singh vs. Google LLC
Gurminder Singh vs. Google LLCGurminder Singh vs. Google LLC
Gurminder Singh vs. Google LLC
Jeff Martinez
 
The LA Riots & Economics of Urban Unrest
The LA Riots & Economics of Urban UnrestThe LA Riots & Economics of Urban Unrest
The LA Riots & Economics of Urban Unrest
Jeff Martinez
 
Coronavirus Aid, Relief, and Economic Security Act: What Is in It for US Edu...
Coronavirus Aid, Relief, and Economic Security Act: What Is in It for US Edu...Coronavirus Aid, Relief, and Economic Security Act: What Is in It for US Edu...
Coronavirus Aid, Relief, and Economic Security Act: What Is in It for US Edu...
Jeff Martinez
 
FCC Declaratory Ruling COVID-19 & TCPA
FCC Declaratory Ruling COVID-19 & TCPAFCC Declaratory Ruling COVID-19 & TCPA
FCC Declaratory Ruling COVID-19 & TCPA
Jeff Martinez
 
Automate Lawsuit Filing? The Brave New World of "Anti Robocall Apps
Automate Lawsuit Filing? The Brave New World of "Anti Robocall AppsAutomate Lawsuit Filing? The Brave New World of "Anti Robocall Apps
Automate Lawsuit Filing? The Brave New World of "Anti Robocall Apps
Jeff Martinez
 
Union Station Parking Map
Union Station Parking MapUnion Station Parking Map
Union Station Parking Map
Jeff Martinez
 
Fraud & Abuse Report 2020 by Arkose LabsFraud report q1 2020
Fraud & Abuse Report 2020 by Arkose LabsFraud report q1 2020Fraud & Abuse Report 2020 by Arkose LabsFraud report q1 2020
Fraud & Abuse Report 2020 by Arkose LabsFraud report q1 2020
Jeff Martinez
 
CB Insights Global Fintech Report Q3 2019
CB Insights Global Fintech Report Q3 2019CB Insights Global Fintech Report Q3 2019
CB Insights Global Fintech Report Q3 2019
Jeff Martinez
 

Recommended

Gurminder Singh vs. Google LLC
Gurminder Singh vs. Google LLCGurminder Singh vs. Google LLC
Gurminder Singh vs. Google LLC
Jeff Martinez
 
The LA Riots & Economics of Urban Unrest
The LA Riots & Economics of Urban UnrestThe LA Riots & Economics of Urban Unrest
The LA Riots & Economics of Urban Unrest
Jeff Martinez
 
Coronavirus Aid, Relief, and Economic Security Act: What Is in It for US Edu...
Coronavirus Aid, Relief, and Economic Security Act: What Is in It for US Edu...Coronavirus Aid, Relief, and Economic Security Act: What Is in It for US Edu...
Coronavirus Aid, Relief, and Economic Security Act: What Is in It for US Edu...
Jeff Martinez
 
FCC Declaratory Ruling COVID-19 & TCPA
FCC Declaratory Ruling COVID-19 & TCPAFCC Declaratory Ruling COVID-19 & TCPA
FCC Declaratory Ruling COVID-19 & TCPA
Jeff Martinez
 
Automate Lawsuit Filing? The Brave New World of "Anti Robocall Apps
Automate Lawsuit Filing? The Brave New World of "Anti Robocall AppsAutomate Lawsuit Filing? The Brave New World of "Anti Robocall Apps
Automate Lawsuit Filing? The Brave New World of "Anti Robocall Apps
Jeff Martinez
 
Union Station Parking Map
Union Station Parking MapUnion Station Parking Map
Union Station Parking Map
Jeff Martinez
 
Fraud & Abuse Report 2020 by Arkose LabsFraud report q1 2020
Fraud & Abuse Report 2020 by Arkose LabsFraud report q1 2020Fraud & Abuse Report 2020 by Arkose LabsFraud report q1 2020
Fraud & Abuse Report 2020 by Arkose LabsFraud report q1 2020
Jeff Martinez
 
CB Insights Global Fintech Report Q3 2019
CB Insights Global Fintech Report Q3 2019CB Insights Global Fintech Report Q3 2019
CB Insights Global Fintech Report Q3 2019
Jeff Martinez
 
FinCEN Guidance on Convertible Virtual Currencies
FinCEN Guidance on Convertible Virtual CurrenciesFinCEN Guidance on Convertible Virtual Currencies
FinCEN Guidance on Convertible Virtual Currencies
Jeff Martinez
 
LegalShield ID Shield Personal Growth
LegalShield ID Shield Personal GrowthLegalShield ID Shield Personal Growth
LegalShield ID Shield Personal Growth
Jeff Martinez
 
The Hunt for 3ve
The Hunt for 3veThe Hunt for 3ve
The Hunt for 3ve
Jeff Martinez
 
Members, Subcommittee on Digital Commerce and Consumer Protection Re: Underst...
Members, Subcommittee on Digital Commerce and Consumer Protection Re: Underst...Members, Subcommittee on Digital Commerce and Consumer Protection Re: Underst...
Members, Subcommittee on Digital Commerce and Consumer Protection Re: Underst...
Jeff Martinez
 
US House of Representatives Relies on Oxford BioChronometrics Study for Hearing
US House of Representatives Relies on Oxford BioChronometrics Study for HearingUS House of Representatives Relies on Oxford BioChronometrics Study for Hearing
US House of Representatives Relies on Oxford BioChronometrics Study for Hearing
Jeff Martinez
 
Coffey vs.Ripple Labs Class Action Lawsuit
Coffey vs.Ripple Labs Class Action LawsuitCoffey vs.Ripple Labs Class Action Lawsuit
Coffey vs.Ripple Labs Class Action Lawsuit
Jeff Martinez
 
Cboe BZX Exchange Cryptocurrency Fund Letter to SEC
Cboe BZX Exchange Cryptocurrency Fund Letter to SECCboe BZX Exchange Cryptocurrency Fund Letter to SEC
Cboe BZX Exchange Cryptocurrency Fund Letter to SEC
Jeff Martinez
 
Written Testimony of Chairman J Christopher Giancarlo before the Senate Banki...
Written Testimony of Chairman J Christopher Giancarlo before the Senate Banki...Written Testimony of Chairman J Christopher Giancarlo before the Senate Banki...
Written Testimony of Chairman J Christopher Giancarlo before the Senate Banki...
Jeff Martinez
 
Sunshine Capital Halts Trading
Sunshine Capital Halts TradingSunshine Capital Halts Trading
Sunshine Capital Halts Trading
Jeff Martinez
 
How to Save a Place: Get the Word Out Far And Wide
How to Save a Place: Get the Word Out Far And WideHow to Save a Place: Get the Word Out Far And Wide
How to Save a Place: Get the Word Out Far And Wide
National Trust for Historic Preservation
 
Who are the Sherden Yale Historical Review
Who are the Sherden Yale Historical ReviewWho are the Sherden Yale Historical Review
Who are the Sherden Yale Historical Review
yalehistoricalreview
 
researching client.pptxffffffffffffffffffffffffff
researching client.pptxffffffffffffffffffffffffffresearching client.pptxffffffffffffffffffffffffff
researching client.pptxffffffffffffffffffffffffff
lolsDocherty
 
Proposed Facility Types: Chesapeake Trails and Connectivity Plan
Proposed Facility Types: Chesapeake Trails and Connectivity PlanProposed Facility Types: Chesapeake Trails and Connectivity Plan
Proposed Facility Types: Chesapeake Trails and Connectivity Plan
City of Chesapeake
 
2024: The FAR - Federal Acquisition Regulations, Part 34
2024: The FAR - Federal Acquisition Regulations, Part 342024: The FAR - Federal Acquisition Regulations, Part 34
2024: The FAR - Federal Acquisition Regulations, Part 34
JSchaus & Associates
 
The MEL Toolkit Launch Webinar Presentation
The MEL Toolkit Launch Webinar PresentationThe MEL Toolkit Launch Webinar Presentation
The MEL Toolkit Launch Webinar Presentation
NAP Global Network
 
RPO America Peer Exchange: Rural Transportation Planning Programs
RPO America Peer Exchange: Rural Transportation Planning ProgramsRPO America Peer Exchange: Rural Transportation Planning Programs
RPO America Peer Exchange: Rural Transportation Planning Programs
RPO America
 
“Be part of the Plan” International Day For Biological Diversity 2024.
“Be part of the Plan” International Day For Biological Diversity 2024.“Be part of the Plan” International Day For Biological Diversity 2024.
“Be part of the Plan” International Day For Biological Diversity 2024.
Christina Parmionova
 
Help set up SERUDS Orphanage virtual classroom
Help set up SERUDS Orphanage virtual classroomHelp set up SERUDS Orphanage virtual classroom
Help set up SERUDS Orphanage virtual classroom
SERUDS INDIA
 
Finland's mental health policy and its implementation: a CSO perspective
Finland's mental health policy and its implementation: a CSO perspectiveFinland's mental health policy and its implementation: a CSO perspective
Finland's mental health policy and its implementation: a CSO perspective
Kristian Wahlbeck
 
Effective governance in the modern charity
Effective governance in the modern charityEffective governance in the modern charity
Effective governance in the modern charity
FelixPerez547899
 
Rocky Mount Greenville Willson Regional Transit Plan
Rocky Mount Greenville Willson Regional Transit PlanRocky Mount Greenville Willson Regional Transit Plan
Rocky Mount Greenville Willson Regional Transit Plan
Robert Hiett
 
Pitch Presentation for b2.pptxsssssssssssssssssssssss
Pitch Presentation for b2.pptxsssssssssssssssssssssssPitch Presentation for b2.pptxsssssssssssssssssssssss
Pitch Presentation for b2.pptxsssssssssssssssssssssss
DanielOliver74
 

More Related Content

More from Jeff Martinez

More from Jeff Martinez (9)

FinCEN Guidance on Convertible Virtual Currencies
FinCEN Guidance on Convertible Virtual CurrenciesFinCEN Guidance on Convertible Virtual Currencies
FinCEN Guidance on Convertible Virtual Currencies
 
LegalShield ID Shield Personal Growth
LegalShield ID Shield Personal GrowthLegalShield ID Shield Personal Growth
LegalShield ID Shield Personal Growth
 
The Hunt for 3ve
The Hunt for 3veThe Hunt for 3ve
The Hunt for 3ve
 
Members, Subcommittee on Digital Commerce and Consumer Protection Re: Underst...
Members, Subcommittee on Digital Commerce and Consumer Protection Re: Underst...Members, Subcommittee on Digital Commerce and Consumer Protection Re: Underst...
Members, Subcommittee on Digital Commerce and Consumer Protection Re: Underst...
 
US House of Representatives Relies on Oxford BioChronometrics Study for Hearing
US House of Representatives Relies on Oxford BioChronometrics Study for HearingUS House of Representatives Relies on Oxford BioChronometrics Study for Hearing
US House of Representatives Relies on Oxford BioChronometrics Study for Hearing
 
Coffey vs.Ripple Labs Class Action Lawsuit
Coffey vs.Ripple Labs Class Action LawsuitCoffey vs.Ripple Labs Class Action Lawsuit
Coffey vs.Ripple Labs Class Action Lawsuit
 
Cboe BZX Exchange Cryptocurrency Fund Letter to SEC
Cboe BZX Exchange Cryptocurrency Fund Letter to SECCboe BZX Exchange Cryptocurrency Fund Letter to SEC
Cboe BZX Exchange Cryptocurrency Fund Letter to SEC
 
Written Testimony of Chairman J Christopher Giancarlo before the Senate Banki...
Written Testimony of Chairman J Christopher Giancarlo before the Senate Banki...Written Testimony of Chairman J Christopher Giancarlo before the Senate Banki...
Written Testimony of Chairman J Christopher Giancarlo before the Senate Banki...
 
Sunshine Capital Halts Trading
Sunshine Capital Halts TradingSunshine Capital Halts Trading
Sunshine Capital Halts Trading
 

Recently uploaded

researching client.pptxffffffffffffffffffffffffff
researching client.pptxffffffffffffffffffffffffffresearching client.pptxffffffffffffffffffffffffff
researching client.pptxffffffffffffffffffffffffff
lolsDocherty
 
RPO America Peer Exchange: Rural Transportation Planning Programs
RPO America Peer Exchange: Rural Transportation Planning ProgramsRPO America Peer Exchange: Rural Transportation Planning Programs
RPO America Peer Exchange: Rural Transportation Planning Programs
RPO America
 
Finland's mental health policy and its implementation: a CSO perspective
Finland's mental health policy and its implementation: a CSO perspectiveFinland's mental health policy and its implementation: a CSO perspective
Finland's mental health policy and its implementation: a CSO perspective
Kristian Wahlbeck
 
Dawson City Rolling Ads for May 15 2024 Yukon
Dawson City Rolling Ads for May 15 2024 YukonDawson City Rolling Ads for May 15 2024 Yukon
Dawson City Rolling Ads for May 15 2024 Yukon
pmenzies
 
Nauru Government Gazette G.N.No. 620/2018.pdf
Nauru Government Gazette G.N.No. 620/2018.pdfNauru Government Gazette G.N.No. 620/2018.pdf
Nauru Government Gazette G.N.No. 620/2018.pdf
chairmansanhill
 

Recently uploaded (20)

How to Save a Place: Get the Word Out Far And Wide
How to Save a Place: Get the Word Out Far And WideHow to Save a Place: Get the Word Out Far And Wide
How to Save a Place: Get the Word Out Far And Wide
 
Who are the Sherden Yale Historical Review
Who are the Sherden Yale Historical ReviewWho are the Sherden Yale Historical Review
Who are the Sherden Yale Historical Review
 
researching client.pptxffffffffffffffffffffffffff
researching client.pptxffffffffffffffffffffffffffresearching client.pptxffffffffffffffffffffffffff
researching client.pptxffffffffffffffffffffffffff
 
Proposed Facility Types: Chesapeake Trails and Connectivity Plan
Proposed Facility Types: Chesapeake Trails and Connectivity PlanProposed Facility Types: Chesapeake Trails and Connectivity Plan
Proposed Facility Types: Chesapeake Trails and Connectivity Plan
 
2024: The FAR - Federal Acquisition Regulations, Part 34
2024: The FAR - Federal Acquisition Regulations, Part 342024: The FAR - Federal Acquisition Regulations, Part 34
2024: The FAR - Federal Acquisition Regulations, Part 34
 
The MEL Toolkit Launch Webinar Presentation
The MEL Toolkit Launch Webinar PresentationThe MEL Toolkit Launch Webinar Presentation
The MEL Toolkit Launch Webinar Presentation
 
RPO America Peer Exchange: Rural Transportation Planning Programs
RPO America Peer Exchange: Rural Transportation Planning ProgramsRPO America Peer Exchange: Rural Transportation Planning Programs
RPO America Peer Exchange: Rural Transportation Planning Programs
 
“Be part of the Plan” International Day For Biological Diversity 2024.
“Be part of the Plan” International Day For Biological Diversity 2024.“Be part of the Plan” International Day For Biological Diversity 2024.
“Be part of the Plan” International Day For Biological Diversity 2024.
 
Help set up SERUDS Orphanage virtual classroom
Help set up SERUDS Orphanage virtual classroomHelp set up SERUDS Orphanage virtual classroom
Help set up SERUDS Orphanage virtual classroom
 
Finland's mental health policy and its implementation: a CSO perspective
Finland's mental health policy and its implementation: a CSO perspectiveFinland's mental health policy and its implementation: a CSO perspective
Finland's mental health policy and its implementation: a CSO perspective
 
Effective governance in the modern charity
Effective governance in the modern charityEffective governance in the modern charity
Effective governance in the modern charity
 
Rocky Mount Greenville Willson Regional Transit Plan
Rocky Mount Greenville Willson Regional Transit PlanRocky Mount Greenville Willson Regional Transit Plan
Rocky Mount Greenville Willson Regional Transit Plan
 
Pitch Presentation for b2.pptxsssssssssssssssssssssss
Pitch Presentation for b2.pptxsssssssssssssssssssssssPitch Presentation for b2.pptxsssssssssssssssssssssss
Pitch Presentation for b2.pptxsssssssssssssssssssssss
 
Dawson City Rolling Ads for May 15 2024 Yukon
Dawson City Rolling Ads for May 15 2024 YukonDawson City Rolling Ads for May 15 2024 Yukon
Dawson City Rolling Ads for May 15 2024 Yukon
 
Families and Climate Change - iyf30 - IDF.2024 AGENDA PROGRAMME.
Families and Climate Change - iyf30 - IDF.2024 AGENDA PROGRAMME.Families and Climate Change - iyf30 - IDF.2024 AGENDA PROGRAMME.
Families and Climate Change - iyf30 - IDF.2024 AGENDA PROGRAMME.
 
Lahore Resolution of 1940, Emergence of Bangladesh.pptx
Lahore Resolution of 1940, Emergence of Bangladesh.pptxLahore Resolution of 1940, Emergence of Bangladesh.pptx
Lahore Resolution of 1940, Emergence of Bangladesh.pptx
 
Nauru Government Gazette G.N.No. 620/2018.pdf
Nauru Government Gazette G.N.No. 620/2018.pdfNauru Government Gazette G.N.No. 620/2018.pdf
Nauru Government Gazette G.N.No. 620/2018.pdf
 
Geate Advertising Agency by Slidesgo.pptx
Geate Advertising Agency by Slidesgo.pptxGeate Advertising Agency by Slidesgo.pptx
Geate Advertising Agency by Slidesgo.pptx
 
30th anniversary of the International Year of Families.
30th anniversary of the International Year of Families.30th anniversary of the International Year of Families.
30th anniversary of the International Year of Families.
 
Minority economic forum Executive Summary
Minority economic forum Executive SummaryMinority economic forum Executive Summary
Minority economic forum Executive Summary
 

Digital Advertising Fraud Involving Tens of Millions of Dollars in Losses 3ve

  • 1. U.S. Department of Justice Richard P. Donoghue United States Attorney Eastern District of New York 271 Cadman Plaza East Brooklyn, New York 11201 FOR IMMEDIATE RELEASE September 25, 2019 Contact: John Marzulli United States Attorney’s Office (718) 254-6323 PRESS RELEASE TWO KAZAKH CYBERCRIMINALS PLEAD GUILTY IN GLOBAL DIGITAL ADVERTISING FRAUD INVOLVING TENS OF MILLIONS OF DOLLARS IN LOSSES Leader of Scheme Will Forfeit Online Domains and More Than Eight Million Dollars Seized From Swiss Bank Accounts Sergey Ovsyannikov and Yevgeniy Timchenko, citizens of the Republic of Kazakhstan, pleaded guilty yesterday and today, respectively, in federal court in Brooklyn to conspiring to commit wire fraud and related charges, for their involvement in a widespread digital advertising fraud. Ovsyannikov was arrested in October 2018 in Malaysia and extradited to the United States in March 2019. Timchenko was arrested in November 2018 in Estonia and extradited to the United States in February 2019. Both plea proceedings took place before United States Magistrate Judge Steven M. Gold. When sentenced, Ovsyannikov faces up to 42 years in prison, and Timchenko faces up to 40 years in prison. Richard P. Donoghue, United States Attorney for the Eastern District of New York, and William F. Sweeney, Jr., Assistant Director-in-Charge, Federal Bureau of Investigation, New York Field Office (FBI), announced the guilty pleas. Background on Digital Advertising The internet is, in large part, freely available to users worldwide because it runs on digital advertising, where website owners display advertisements on their sites and are compensated by intermediaries representing businesses that advertise goods and services to human customers. In general, digital advertising revenue is based on how many users click, or view, the advertisements on those websites. As alleged in court filings, the defendants in this case represented that they ran legitimate companies that delivered advertisements to human internet users, who accessed real internet webpages. In fact, the defendants faked both the users and the webpages they programmed computers they controlled to load advertisements on fabricated webpages, via an automated program, and fraudulently obtained digital advertising revenue.
  • 2. 2 The Botnet-Based Criminal Scheme (“3ve.2 Template A”) Between December 2015 and October 2018, Ovsyannikov and Timchenko were involved in operating a purported advertising network and carried out a digital advertising fraud scheme, referred to in the advertising industry as “3ve.2 Template A.” In this scheme, the defendants used a global “botnet” a network of malware-infected computers operated without the true owner’s knowledge or consent to perpetrate their fraud. The defendants developed an intricate infrastructure of command-and-control servers to direct and monitor the infected computers, and to detect whether a particular infected computer had been flagged by cybersecurity companies as being associated with fraud. By using this infrastructure, the defendants accessed more than 1.7 million infected computers belonging to individuals and businesses in the United States and elsewhere, and used hidden browsers on those infected computers to download fabricated webpages and load advertisements onto those fabricated webpages. Meanwhile, the owners of the infected computers were unaware that this process was running in the background on their computers. As a result of this scheme, the defendants falsified billions of advertisement views and caused businesses to pay more than $29 million for advertisements that were never actually viewed by human internet users. The Defendants’ Roles Ovsyannikov led the development of the 3ve.2 scheme, and was a principal and owner of the advertisement network used to carry out the scheme. Ovsyannikov set out the infrastructure of the scheme in a spreadsheet titled “[Ad Network] Structure. Hosting and Domains.” The spreadsheet listed many of the command-and-control servers and other servers involved in the scheme, including several designated as repositories of “spoof” webpages. Ovsyannikov maintained lists of webpages to fabricate (or “spoof”) in his cloud storage account and on servers that he controlled, including more than 86,000 webpages associated with online publishers, including the webpages of thousands of businesses in the United States. In communications with co-conspirators, Ovsyannikov explained how different aspects of the infrastructure worked together to perpetrate the fraud, such that a “bot” in the botnet would “set itself” to visit a “spoofed domain” and cause a falsified advertisement view. Ovsyannikov directed proceeds of the fraud to bank accounts in Switzerland, among other locations. As part of his guilty plea, Ovsyannikov will forfeit those Swiss bank accounts, which contain more than eight million dollars. Timchenko worked for Ovsyannikov and handled logistical and administrative aspects of the 3ve.2 scheme. Timchenko assisted in creating the infrastructure of command-and- control servers and other servers that were instrumentalities of the scheme. Timchenko deliberately chose certain U.S. service providers because they had the “coolest processors” and a “larger” cache (for temporary data storage) than competing providers. Timchenko also researched webpages to fabricate, deliberately targeted webpages for businesses in the United States, and placed those webpages on a running list that both defendants kept that was titled “New companies for spoofing.” Separately, Ovsyannikov provided technical assistance to the operators of another digital advertising fraud scheme, referred to in the advertising industry as “Methbot.” In the
  • 3. 3 Methbot scheme, the perpetrators used computers housed in commercial datacenters, instead of in a botnet, to carry out the digital advertising fraud. Ovsyannikov helped the Methbot operators program the datacenter computers to mimic human behavior, disguise the computers’ automated browsers, and evade fraud detection software. The Methbot operators falsified billions of advertisement views and caused businesses to pay more than $7 million for advertisements that were never actually viewed by human internet users. The Botnet Takedown Following the arrest of Ovsyannikov by Malaysian authorities in October 2018, U.S. law enforcement authorities, in conjunction with various private sector companies, began the process of dismantling the criminal cyber infrastructure utilized in the botnet-based scheme, which involved computers infected with malicious software known “Kovter.” The FBI executed seizure warrants to redirect the internet traffic going to 23 internet domains used to further the charged botnet-based scheme or otherwise used to further the Kovter botnet (an action known as “sinkholing”), in order to disrupt and dismantle the botnet. The FBI also executed search warrants at 11 different U.S. server providers for 89 servers related to the charged botnet-based scheme or Kovter. In addition, as part of its investigation, the FBI discovered an additional cybercrime infrastructure committing digital advertising fraud through the use of datacenter servers located in Germany, and a botnet of computers in the United States infected with malicious software known in the cybersecurity community as “Boaxxe.” The FBI executed seizure warrants to sinkhole eight domains used to further this scheme and thereby disrupt yet another botnet engaged in digital advertising fraud. Finally, the United States, with the assistance of its foreign partners, executed seizure warrants for multiple international bank accounts in Switzerland and elsewhere that were associated with the schemes. For technical details on the malware and botnets referenced in this case, please see US-CERT Alert TA18-331A: https://www.us-cert.gov/ncas/alerts/TA18-331A The government’s case is being prosecuted by the Office’s National Security and Cybercrime Section. Assistant United States Attorneys Saritha Komatireddy, Michael T. Keilty, Alexander F. Mindlin and Karin K. Orenstein are in charge of the prosecution. The Defendants: SERGEY OVSYANNIKOV Age: 30 Republic of Kazakhstan YEVGENIY TIMCHENKO Age: 31 Republic of Kazakhstan
  • 4. 4 E.D.N.Y. Docket No. 18-CR-633 (ERK)