The Department of Justice (DOJ) on Tuesday unsealed charges against eight individuals in an alleged widespread digital advertising fraud that reportedly used botnets to give the appearance of billions of humans looking at online ads.
Aleksandr Zhukov, Boris Timokhin, Mikhail Andreev, Denis Avdeev, Dmitry Novikov, Sergey Ovsyannikov, Aleksandr Isaev and Yevgeniy Timchenko were charged with crimes including wire fraud, money laundering, computer intrusion and aggravated identity theft, according to a department release.
The department also announced that a federal court unsealed seizure warrants allowing the FBI to take over 31 domains as well as seize data from 89 servers involved in the botnets, or networks of infected internet-connected devices that can be utilized by hackers.
“As alleged in court filings, the defendants in this case used sophisticated computer programming and infrastructure around the world to exploit the digital advertising industry through fraud,” U.S. Attorney for the Eastern District of New York Richard Donoghue said in a statement. “This case sends a powerful message that this Office, together with our law enforcement partners, will use all our available resources to target and dismantle these costly schemes and bring their perpetrators to justice, wherever they are.”
Ovsyannikov, Zhukov and Timchenko have all been arrested in various countries and are awaiting extradition, while the remaining defendants are at large, according to the DOJ release.
The indictment claims that five of the defendants ran what they claimed was an ad network and committed the fraud with the assistance of another defendant in the case.
The allegedly fake ad network rented more than 1,900 computer servers and used them to create ads on fake websites, giving the appearance that humans were viewing ads on those spoofed domains and causing businesses to pay more than $7 million for the commercials.
In another scheme, three of the defendants allegedly began another fake advertising network that utilized a botnet to reach more than 1.7 million infected computers, download fake domains and then run ads on the spoofed webpages.
The scheme led to businesses paying the false ad network more than $29 million for the ad views, which were never actually seen by humans, according to the indictment.
U.S. law enforcement and private companies collaborated to take down the botnets after the arrest of one of the defendants, according to the DOJ release.
Cybersecurity firm Symantec was one of the groups involved in dismantling the botnets. It said in a blog post Tuesday that a majority of the fake traffic to the false sites was executed through botnets run by two kinds of malware known as Miuref and Kovter.