The FBI has indicted 13 persons that have been using sophisticated computer programming and infrastructure around the world to exploit the digital advertising industry through fraud.

The indictment was unsealed in federal court in Brooklyn charging Aleksandr Zhukov, Boris Timokhin, Mikhail Andreev, Denis Avdeev, Dmitry Novikov, Sergey Ovsyannikov, Aleksandr Isaev and Yevgeniy Timchenko with criminal violations for their involvement in perpetrating widespread digital advertising fraud.

The charges include wire fraud, computer intrusion, aggravated identity theft and money laundering.

Also unsealed today in federal court in Brooklyn were seizure warrants authorizing the FBI to take control of 31 internet domains, and search warrants authorizing the FBI to take information from 89 computer servers, that were all part of the infrastructure for botnets engaged in digital advertising fraud activity. The FBI, working with private sector partners, redirected the internet traffic going to the domains (an action known as “sinkholing”) in order to disrupt and dismantle these botnets.

In general, digital advertising revenue is based on how many users click or view the ads on those websites. As alleged in court filings, the defendants in this case represented to others that they ran legitimate companies that delivered advertisements to real human internet users accessing real internet webpages. In fact, the defendants faked both the users and the webpages: they programmed computers they controlled to load advertisements on fabricated webpages, via an automated program, in order to fraudulently obtain digital advertising revenue.

As alleged in the indictment, between September 2014 and December 2016, Zhukov, Timokhin, Andreev, Avdeev and Novikov operated a purported advertising network (“Ad Network #1”) and, with Ovsyannikov’s assistance, carried out a digital ad fraud scheme. Ad Network #1 had business arrangements with other advertising networks whereby it received payments in return for placing advertising placeholders (“ad tags”) on websites. Rather than place these ad tags on real publishers’ websites, however, Ad Network #1 rented more than 1,900 computer servers housed in commercial datacenters in Dallas, Texas and elsewhere, and used those datacenter servers to load ads on fabricated websites, “spoofing” more than 5,000 domains. To create the illusion that real human internet users were viewing the advertisements loaded onto these fabricated websites, the defendants programmed the datacenter servers to simulate the internet activity of human internet users: browsing the internet through a fake browser, using a fake mouse to move around and scroll down a webpage, starting and stopping a video player midway, and falsely appearing to be signed into Facebook. Furthermore, the defendants leased more than 650,000 Internet Protocol addresses, assigned multiple IP addresses to each datacenter server, and then fraudulently registered those IP addresses to make it appear that that the datacenter servers were residential computers belonging to individual human internet users who were subscribed to various residential internet service providers. As a result of this scheme, Ad Network #1 falsified billions of ad views and caused businesses to pay more than $7 million for ads that were never actually viewed by real human internet users.

As also alleged in the indictment, between December 2015 and October 2018, Ovsyannikov, Timchenko and Isaev operated a purported advertising network (“Ad Network #2”) and carried out another digital ad fraud scheme. In this scheme, the defendants used a global “botnet” - a network of malware-infected computers operated without the true owner’s knowledge or consent - to perpetrate their fraud. The defendants developed an intricate infrastructure of command-and-control servers to direct and monitor the infected computers and check whether a particular infected computer had been flagged by cybersecurity companies as associated with fraud. By using this infrastructure, the defendants accessed more than 1.7 million infected computers, belonging to ordinary individuals and businesses in the United States and elsewhere, and used hidden browsers on those infected computers to download fabricated webpages and load ads onto those fabricated webpages. Meanwhile, the owners of the infected computers were unaware that this process was running in the background on their computers. As a result of this scheme, Ad Network #2 falsified billions of ad views and caused businesses to pay more than $29 million for ads that were never actually viewed by real human internet users.