Two Kazakhstani citizens have pleaded guilty to a massive malvertising fraud that netted them millions of dollars. The accused, Sergey Ovsyannikov and Yevgeniy Timchenko also forfeited a number of online domains and over $8 million that was held in banks accounts in Switzerland. This represents one of the biggest wins against ad fraud for the FBI. Both defendants are facing up to 40 years in jail.
In the original indictment, William F. Sweeney, Jr., Assistant Director-in-Charge, Federal Bureau of Investigation, New York Field Office (FBI) said: “These individuals built complex, fraudulent digital advertising infrastructure for the express purpose of misleading and defrauding companies who believed they were acting in good faith, and costing them millions of dollars. This kind of exploitation undermines confidence in the system, on the part of both companies and their customers.”
Malware, domains, botnets and cloud-based infrastructure
Cybercriminals are just as, if not in many cases, more sophisticated than corporate IT departments. In this case, the accused created an online advertising company called 3ve.2. This was used to sell advertising opportunities to unsuspecting enterprises. The accused built over 86,000 fake webpages associated with online publishers. They also controlled the Kovlar botnet which, the FBI claims, had infected over 1.7 million computers.
The scan was simple. Create a fake domain and host an ad for a company on it. Point infected computers at the fake domain where they would “see” the ad. The companies that bought Internet advertising from the defendants were then charged for that fake ad impression.
The infrastructure to run this scam was based mainly in the United States. The cybercriminals controlled over 89 servers at 11 US hosting and cloud providers. Those servers support 23 domains that controlled the botnets and were used to infect new computers.
The monies were stored in banks accounts located in Switzerland. This enabled the cybercriminals to evade controls on where money could be transferred to. When the FBI took control of those bank accounts it found over $8 million in funds.
Support for Methbot
The FBI has also charged Ovsyannikov with providing support for the Methbot malvertising campaign. This sophisticated campaign was alleged to have netted as much as $3 million per day. Methbot was run by a Russian cybercrime group and it is claimed that it was the most successful malvertising campaign ever.
Ovsyannikov’s role was to help the Methbot team use cloud computing to deploy its botnet and infrastructure. It is also claimed that he helped them disguise the ad fraud by making the botnet behaviour look more human like.
The damage to online advertising
Online advertising has always had to deal with claims of malpractice and fraud. As Methbot and ave.2 show, it is relatively easy to use botnets to look at fake ad impressions for which advertisers are charged.
The problem is how to stop ad fraud. Advertisers are keen to get in front of as many eyeballs as possible on the Internet. This means that there are plenty of opportunities for scammers and cybercriminals. Efforts to date to detect fraud are flawed. Too much emphasis is placed on behavioural analysis and, as the Methbot campaign showed, this can be defeated.
Louis-David Mangin, Cofounder & CEO, Confiant said: “Ad fraud, and the malvertising that enables it, is both systemic and endemic to the digital ad world and needs to be treated like the digital infection that it is.
“As long as malvertising keeps spreading bot nets, criminals will harness these digital infections for ad fraud. It is thrilling to see these two criminals brought to justice, pleading guilty based on the overwhelming evidence and amazing efforts of the FBI, WhiteOps, and all the groups party to the 3VE takedown gathered. It’s too early to tell whether this is a turning point in the fight against malicious actors, but it is a high point so far!”
Enterprise Times: What does this mean
Taking down a botnet of this size and, more importantly, capturing Ovsyannikov who has been at the heart of two major ad fraud campaigns, is good news for the FBI. What will be of interest now is how much intelligence the FBI gained from this operation to take down other ad frauds. As shown, none of these groups operate in isolation so it is to be hoped that links between 3ve.2 and other ad fraud groups yield more prosecutions.