The Department of Justice has unsealed indictments against eight persons allegedly behind two separate massive digital advertising scams, 3ve and the charmingly named Methbot, the Verge reported on Tuesday.
According to a DOJ press release, six of the defendants were identified as Russian nationals (one held dual Russian-Ukrainian status), while the remaining two were from Kazakhstan. The DOJ said they recently arrested Kazakh nationals Sergey Ovsyannikov and Yevgeniy Timchenko in Malaysia and Estonia respectively, as well as Russian national Aleksandr Zhukov in Bulgaria, all of whom are awaiting extradition. Five other suspects—Boris Timokhin, Mikhail Andreev, Denis Avdeev, Dmitry Novikov, and Aleksandr Isaev—are still at large. Charges levied against them include wire fraud, computer intrusion, aggravated identity theft and money laundering, the DOJ wrote. Ovsyannikov was allegedly involved in both schemes.
Authorities allege that the defendants scammed companies out of a collective $36 million by pretending to be legitimate internet advertising companies, when in reality they were using rented servers (Methbot) or botnets (3ve) to “load advertisements on fabricated webpages, via an automated program, in order to fraudulently obtain digital advertising revenue.” Both fake ad networks allegedly falsified billions of clicks via this method, with real internet users never encountering the ads. Prosecutors said the scam’s operators even went to the trouble of simulating user activity like mouse movements to open and play videos, “because advertisers often would not pay for a video impression unless they knew that the user had watched the video for a substantial amount of time.”
Per Agence France-Presse, prosecutors say Methbot took over 1,900 rented servers to operate, while the separate 3ve botnet ran on over 1.7 million malware-infected computers. Investigations into the purported cyberforgery ring involved the FBI, the Department of Homeland Security, and private companies including Google, though news of Methbot was first disclosed by computer security firm White Ops in 2016, according to the New York Times. The Times added that the list of defrauded companies included some of the biggest names on the web, including the paper itself:
The spoofed outlets include a who’s who of the web: video-laden sites like Fox News and CBS Sports, large news organizations like The New York Times and The Wall Street Journal, major content platforms like Facebook and Yahoo, and niche sites like Allrecipes.com and AccuWeather. Although the main targets were in the United States, news organizations in other countries were also affected.
As the Verge noted, White Ops claimed Methbot could be bringing in $3 to $5 million a day, which may have been a bit of a stretch considering the (admittedly not exactly negligible) $7 million number cited by the DOJ. 3ve was much more successful, raking in an alleged $29 million.
AdWeek pointed out that while prosecutors said Methbot shut down in December 2016, right around the time of White Ops’ disclosure, they said 3ve continued running until October 2018.
“While ad fraud traditionally has been seen as a faceless crime in which bad actors don’t face much risk of being identified or consequences for their actions, 3ve’s takedown demonstrates that there are risks and consequences to committing ad fraud,” Google’s product manager for ad traffic quality, Per Bjorke, wrote in a Google Security Blog post on Tuesday about their own investigation. “We’re confident that our collective efforts are building momentum and moving us closer to finding a resolution to this challenge.”