IE 11 is not supported. For an optimal experience visit our site on another browser.

Feds say Russian hackers duped U.S. companies out of tens of millions in advertising dollars

The schemes made it appear to advertisers that human beings had clicked on internet ads, when in reality it was automated bots doing the clicking.
Image: Richard Donoghue
Richard Donoghue, from center, the United States Attorney for the Eastern District of New York enters Brooklyn federal court on Nov. 13, 2018.Mark Lennihan / AP

These alleged Russian cybercriminals trafficked in fake views.

The cyber swindlers duped U.S. companies out of tens of millions of dollars with sophisticated digital advertising scams, federal prosecutors said Tuesday.

The schemes made it appear to advertisers that human beings had clicked on their internet ads, when in reality it was automated bots doing the clicking.

“As alleged in court filings, the defendants in this case used sophisticated computer programming and infrastructure around the world to exploit the digital advertising industry through fraud,” said Richard Donaghue, U.S. Attorney for the Eastern District of New York.

The first scheme, dubbed "Methbot," was launched in 2014, when the scammers — all Russian nationals — "rented more than 1,900 computer servers located at commercial datacenters in Dallas, Texas, and elsewhere, and used those datacenter computer servers to simulate humans viewing ads on fabricated webpages," according to an indictment unsealed Tuesday.

The programs the ring used were sophisticated - using code to make it appear that a person was using a mouse on the computer and opening and viewing video ads. "This was because advertisers often would not pay for a video impression unless they knew that the user had watched the video for a substantial amount of time," the indictment reads.

"Over the course of the scheme, the Methbot defendants falsified billions of ad impressions. Hundreds of brands and ad agencies around the world, including many in the United States and at least one with offices in the Eastern District of New York,collectively paid more than $7 million in advertising fees for fraudulent ad traffic," the filing says.

That scheme came to a halt in 2016, after a private cybersecurity firm issued a warning about the fraud, the feds said.

Some of the same participants were already running another more lucrative scheme that had started in 2015, the indictment says. That scheme used over 1.7 million computers that had been hacked with malware to load ads on fabricated webpages — unbeknownst to the computers' owners, the filing says.

In all, the crew "falsified billions of ad impressions" while the ringleaders raked in over $29 million, the court papers say.

Aleksandr Zhukov, Boris Timokhin, Mikhail Andreev, Denis Avdeev, Dmitry Novikov, Sergey Ovsyannikov, Aleksandr Isaev of Russia and Yevgeniy Timchenko of Kazakhstan were named in a 13-count indictment on charges that include wire fraud, aggravated identity theft and money laundering.

Lawyers for them were not available.

Ovsyannikov was arrested in Malaysia, Zhukov in Bulgaria, and Timchenko in Estonia, prosecutors said. They're awaiting extradition. The others are at large.

“This investigation highlights public- and private-sector collaboration across the globe, and again confirms the absolute necessity for interagency information-sharing," said NYPD Commissioner James O'Neill. "Criminals — especially those operating via the internet — do not concern themselves with jurisdictional boundaries, so it is critical that the law-enforcement community works together to achieve our shared goal of protecting the people we serve.”