FBI Takes Down a Massive Advertising Fraud Ring

The FBI announced that it dismantled a large Internet advertising fraud network, and arrested eight people:

A 13-count indictment was unsealed today in federal court in Brooklyn charging Aleksandr Zhukov, Boris Timokhin, Mikhail Andreev, Denis Avdeev, Dmitry Novikov, Sergey Ovsyannikov, Aleksandr Isaev and Yevgeniy Timchenko with criminal violations for their involvement in perpetrating widespread digital advertising fraud. The charges include wire fraud, computer intrusion, aggravated identity theft and money laundering. Ovsyannikov was arrested last month in Malaysia; Zhukov was arrested earlier this month in Bulgaria; and Timchenko was arrested earlier this month in Estonia, all pursuant to provisional arrest warrants issued at the request of the United States. They await extradition. The remaining defendants are at large.

It looks like an impressive piece of police work.

Details of the forensics that led to the arrests.

Posted on November 29, 2018 at 6:17 AM • 25 Comments

Comments

echoNovember 29, 2018 6:45 AM

I read about this last night. The technical issues and scale of operation wasn't itself anything new but it was still breathtaking.

Clive RobinsonNovember 29, 2018 8:27 AM

The bit I find interesting is 3eve manipulated the Boarder Gateway Protocol as part of it's method of disguising the IP addresses involved.

Normally if you saw BGP manipulation you would assume "State Level" operators be they actual SigInt agencies or International corporations acting as "Virtual States".

If you like it's further proof of the "Information army of one" whereby a single person with sufficient skills can manipulate the systems of others in a coordinated way so that they appear as a very large army.

It's something I've talked about in the past as one of the dangers in attribution of cyber-attacks.

meNovember 29, 2018 9:32 AM

@clive
>Normally if you saw BGP manipulation you would assume "State Level" operators

Same here, thats what i used to think too.

>dangers in attribution of cyber-attacks.
this makes me think, how can you arrest a person and say "you did it because we logged your ip".
Consider how many malware are there, default wifi passwords and bgp hijacking.
Consider also mistakes of people: i saw recently in tv a person who was angry because has been called in court because of a transcription error: there was a typo in the ip address so police got a completly differnt person that had nothing to do with it.
Police, after, found and admitted the mistake but the judge said something like "no, we can't just drop the case, we need to verify that you are innocent".

meNovember 29, 2018 9:40 AM

@clive
>dangers in attribution of cyber-attacks.
There is an even bigger/wider problem in this:
people usually trust computers like they never lie or make mistakes but this is not the case...
what if a computer makes a mistake?
you paid taxes but an employe say "no you didn't pay, computer say you did not pay" or bank: "you have 300$, not 300000$ in bank, that's what the computer tells me"
I find this quite problematic, because noone would belive you, they will tell you: "look we use this software from ages and it never made a mistake"

but it happenes, for example on (unpatched) excel 2007: =77.1*850 will be 100000 instead of 65535

TatütataNovember 29, 2018 10:24 AM

I don't feel very sorry for the GAFAs and their wannabees and also-rans. I wouldn't mind seeing the same kind of legal whacking applied to them w.r.t. their intensive data hoarding and leaking which the suspects were subjected to.

The report doesn't say whether the suspects were lured into Estonia, or if they happened to be ethnic Russians (?) living there.

The saying goes that half of advertising dollars are spent in vain, but you can't say which one if is. IMO, it's more like 95%. Klicking through ads and closing videos is something of a rote, mindless, making the user not that different than bots.

However, this passage in the report spooked me:

While many of these IP addresses were acquired via a malware called Miuref or Boaxxe, others were obtained using a procedure called Border Gateway Protocol (BGP) hijacking. The hackers essentially seized huge swaths of corporate and residential IP space by interfering directly with the main Internet routing protocol.

I thought that this kind of stuff was the exclusive province of Fort Meade, PLA Unit 61398, et al. Something is seriously in need of fixing.

TatütataNovember 29, 2018 10:28 AM

Refreshing the page which had been left opened for several hours, I see that Clive beat me to the observation I made regarding BGP. Sorry for the echo.

Etienne MathieuNovember 29, 2018 11:18 AM

I have a great idea - How about the Internet be marketed like the old telephone.

1. You pay a monthly charge for the connection.
2. You pay a monthly charge for the data
3. Exception for data charges would be state utilities, state and municipalities, and federal.
4. No advertising would be allowed.

Server and application companies would be forced to have their members pay for the service.

Theorem 1: Free is directly related to fraud. The more free a service is, the higher the fraud.

Theorem 2: The more money a customer pays for a service, the higher quality they require.

SpellucciNovember 29, 2018 12:08 PM

I found the low contrast in the PDF too difficult to read for my old eyes. Would that there was a browser setting to make PDFs legible. Yes, I know I could download a PDF reader on my Win 10 box that would let me translate the PDF file to text, but I don't trust Adobe or Foxit, or want to bother cluttering my PC for just one file. Sigh.

IsmarNovember 29, 2018 2:37 PM

What i find most remarkable about this investigation is the level of involvement and cooperation between numerous high profile companies. Didn’t know this type of cyber fraud was deemed so important 😉?

Clive RobinsonNovember 29, 2018 2:58 PM

@ Spellucci,

I found the low contrast in the PDF too difficult to read for my old eyes.

Yup and the switching from two column to full page and back again realy does not inprove my liking of it either...

When I was young I was very sternly told that "The art of the written word is succinctness and clarity of communications, which requires neat, clear, and to the point, presentation at all times"...

Now we have "corporate communications" that appear to be filled with failed marketing copy writers, who feel the need of extranious graphics, formatting and heaven alone knows what other "makework"...

I had the misfortune to work for a short while at a very large enterprise, their corporate communications department had gone "house style" mad even requiring colours for different departments. Their enforcable "style guide" was over seven hundred pages and was one of those reads in life, where you know that 1) That is hours of your life you will never get back and 2) Reduced your IQ to that slightly lower than a sea slug that does not at around 20,000 neurons even have a recognisable inteligence...

AndersNovember 29, 2018 3:58 PM

"and Timchenko was arrested earlier this month in Estonia"

No extradition problems to US whatsoever. So far there's no single
instance refusing the extradition.

If Snowden had choosen Estonia for the hideout, he would be back in
US in the blink of the eye :)

echoNovember 29, 2018 4:13 PM

Given the internet and its policies and implementations are a result of the people and organisations behind them why are we surprised?

@Clive

I was the only hold out at a management meeting where the CEO was trying to push through a new corporate manual. He tried to force it through on the nod and record a unanimous vote but I put my foot down and refused to budge until the record showd I voted against it. I won't go on about the design issues but I had been advised by a friend who was a professional layout designer for a major UK publishing house. I understand this was implemented then abandoned a few years later. Later another company in a similar line of business tried a very similar design which was later abandoned. Dumbed down multi block colours and ring binders seemed to be in fashion at the time. There are a lot of reaons why they won't work for the problem they are trying to solve.

When Microsoft effectively abandoned their old manual design and their HCI guidelines morphed into a fluffy guide for Soccor moms I knew something was up. An analysis of the organisational shuffling at the time points the finger at Balmer not thinking with the brain between his ears.

A now defunct UK NGO I used to work for went the same way for similar reasons. The new boss was a former board member of a UK sleepy retail later scandal hit company who fancied himself as a writer and was being flattered by a certain someone batting her eyelids to edge my friend out of his job as chief designer so she could get her friend who had limited art and design experience into his job.

As for the convoluted content free puffery that constitutes UK government documentation and guidelines even statutory guidelines? Anyone who has done even the lightest forensic analysis of state sector policy frameworks will know how useless the are. Follow the trail to the end and you eventually end up with a lot of job titles talking much about nothing and being a solution for nobody.

As we know a lot of documentation has now been replaced by electronic documentation sometimes on the internet. I have found this tends to decay or disappear mostly I suspect because staff end up believing it is "somebody else's problem" and nobody is left to fight the case for good quality documentation. Notably, a lack of documentation gives more wiggle room for office politics and arbitrary decisions.

Clive RobinsonNovember 29, 2018 5:17 PM

@ echo,

Anyone who has done even the lightest forensic analysis of state sector policy frameworks will know how useless the are. Follow the trail to the end and you eventually end up with a lot of job titles talking much about nothing and being a solution for nobody.

I will probably get flamed for this, but have you ever looked at PRINCE2?

It stands for PRojects IN a Controlled Environment version 2, and guess what there was not a version one... It was developed by UK Gov and is much favoured by certain bureaucratic types...

When you see a C.V. Where somebody claims to have taken a project from one set of PRINCE2 numbers to another set, you just know that "MoD Pencil Pusher" is a totally inadequate description... Just arrange for the C.V. to be safely consigned to the round filing cabinet with the "confidential waste" stickers on it...

As you probably know the UK Gov did not and still does not have a good reputation for "managing projects" and it's worst calamities with IT projects actually happened long after PRINCE was supposadly "broken in".

I once less than half jokingly asked an aficionado of PRINCE2 what steps would be required to get a pencil from one side of a desk to the other and how many forms it would require, the answer came back "It depends on if it was a whole project or part project, but not more than twenty" to this day I'm still not sure if he was joking either...

Anyway unsuprisingly Wikipedia has a page for it,

https://en.m.wikipedia.org/wiki/PRINCE2

But scarily a quick google reveals it actually has it's own wiki[1] upon which you will find the dread words,

    PRINCE2 is a project management methodology, applicable to all types of projects.

Which realy means "Abandon Hope all ye who enter here" and that you will need a chain saw for that "enchanted forest" just to make the paper required to document it...

Oh a little thing see if you can read the page without falling asleep, and just to help there are atleast five spelling mistakes to look for ;-)

[1] http://prince2.wiki/PRINCE2

echoNovember 29, 2018 6:52 PM

@Clive

I will probably get flamed for this, but have you ever looked at PRINCE2?

No thank you. When I was younger and still coding I glanced at waffle in the old industry print magazines about PRINCE and was like "huh" followed later by thinking maybe it was useful but hard work. What little I have heard recently is avoid avoid avoid.

Don't get me started on the UK state sector in any form. My case file reads like multiple national scandals rolled into one. I am not joking either...

I once less than half jokingly asked an aficionado of PRINCE2 what steps would be required to get a pencil from one side of a desk to the other and how many forms it would require, the answer came back "It depends on if it was a whole project or part project, but not more than twenty" to this day I'm still not sure if he was joking either...

I know what you mean given some of the equiavlent idiocy I am aware of and this is just scratching the surface. One such example is a committee to discuss, I kid you not, setting up a committee to discuss the remit of, guess what, a committee to look into a pressing issue as a, wait for it, precursor to setting up a committee to address the problem.

When the government caught wind of this after some of the usual policy tough talk and a pause while nothing was happening things did actually begin to move at a national level. There is a much bigger and more involved story here which has left and is leaving footprints in the media but not something I want to discuss in this topic.

Which realy means "Abandon Hope all ye who enter here" and that you will need a chain saw for that "enchanted forest" just to make the paper required to document it...

Oh a little thing see if you can read the page without falling asleep, and just to help there are atleast five spelling mistakes to look for ;-)

I have discovered some of the longer Youtube lectures by the more wooden professors discussing black holes and quantum physics are an extremely good way to nod off when stretched decadently on the sofa. They have a way of disengaging cognition and an almost metronome like drone which has the required physiological effects.

gordoNovember 29, 2018 9:34 PM

...Indicted for Causing Tens of Millions of Dollars in Losses in Digital Advertising Fraud

Ad fraud > Comparison with other Cybercrime

In a 2017 report Juniper Research estimates ad fraud to be worth US$19billion equivalent to $51 million per day. This figure, representing advertising on online and mobile devices, will continue to rise, reaching $44 billion by 2022. Ad fraud is the #1 cybercrime in terms of revenue, ahead of Tax-refund fraud. HP Enterprise in its Business of Hacking report highlighted ad fraud as the easiest and the most lucrative form of Cybercrime.

https://en.wikipedia.org/wiki/Ad_fraud#Comparison_with_other_Cybercrime

Clive RobinsonNovember 29, 2018 11:06 PM

@ echo,

I have discovered some of the longer Youtube lectures by the more wooden professors discussing black holes and quantum physics are an extremely good way to nod off

As the Douglas Adams[0] charecter Slartibartfast said to Arthur when Arthur explained that it was scientists experimenting on mice,

    No, no you've got it wrong, The mice were experimenting on you

Those lectures are deliberately wooden[1] ;-)

Either that or it's the Magic Circle members covert version of Open University.

The "Young's slits" trick being the good one[2], you know the one to make the object in one hand disapear through one slit, whilst the one the audiance imagines it is dosen't go through the other slit, the magician runs a little interferance and low and behold the real object appears at the other side in waves of applause, you realy can hold a candle up to that trick B-)

[0] The most important take away from Douglas's work is no matter where you go, no matter what the odds of impossibility the only rational thing to do is apply a childish sense of wonder disguised in an adult sense of humour... Or was it the other way around? What the heck it does not matter, just find joy in making fun of what appears irrational.

[1] The quote I give is from the film, for the book version which is a little more subtle in it's humour, https://www.goodreads.com/quotes/801363-the-mice-were-furious-oh-yes-said-the-old

[2] I think even to young quantum scientists to be, the 1801 Thomas Young "Double slit experiment" must seem like "real magic", https://en.m.wikipedia.org/wiki/Double-slit_experiment

Clive RobinsonNovember 29, 2018 11:22 PM

@ gordo, All,

Ad fraud > Comparison with other Cybercrime

A thought for you,

Does it seem odd that when individuals are having their life savings, their tax rebates, identities and much else stolen by cyber-crooks and their lives destroyed, the authorities do little or nothing... But when it's what many would regard as the most crooked of commercial behaviour "advertising" gets hit for what is small sums compared to the industry turn over, all of a sudden the authoities "jump through hoops"...

Kind of indicates who the rank and file authorities take their priorities from... Yup that folding green stuff that can be found in brown envelopes and sincure jobs for the bosses...

Coyne TibbetsNovember 30, 2018 12:55 AM

Sorry, I find it hard not to be negative: while the FBI was struggling to chop off this head, the internet fraud hydra seems to have grown 486 more heads.

echoNovember 30, 2018 4:52 AM

@Clive

The "Young's slits" trick being the good one[2], you know the one to make the object in one hand disapear through one slit, whilst the one the audiance imagines it is dosen't go through the other slit, the magician runs a little interferance and low and behold the real object appears at the other side in waves of applause, you realy can hold a candle up to that trick B-)

Unfortunately some "professionals" with a "duty of care" and various obligations and expectations seem to act like overgrown toddlers and do not explain themselves in a helpful way. Not only is this harmful to the work in hand but also sexist. I suspect a lot is due to power tripping to cover up their own insecurities and inability to communicate. I have no sense of humour with respect to this. None at all. And yes I am more than aware enough of the historical office drunk atttiude to this and glass ceilings and all that patronising jazz.

We have drifted of topic by quitea bit. I personally believe it is relevant in the sense of neuro-psycho-social structures through training to best practice in practice, and related directly to security as an industry to.

The FBI along with UK agencies can deal with technical subjects but you never witness the same level of efficacy with social investigations. The Special Prosecutor investigations in the US and on the UK side the Brexit investigations are making hard work of things. Perhaps this a necessary part of the process but is frustrating and is a huge energy cost. I suspect the problem of attribution and why people don't take security seriously has something to do with the mindset driving this blind spot.

On the criminology issue there has been some instititional progress in understanding crime with gender motivations. There are fairly well established academic papers discussing the assymetry of gender issues. With respect to one paper men tend to go straight for the big prize while women will tend to circle arounf things and nibble their way to the prize. This is why in a case of theft a man would steal a high value target such as a television while a woman would steal something unoticeable. The odd thing is women tend to be punished more harshly than a man because women are held to a higher standard and people tend to go oevrboard. Interestingly, UK police are experimenting with "predictive" policing with the theory that potential criminals can be offered therapy before a crime. I'm not completely convinced things are what they appear and there is always an agenda of some kind behind these things by someone somewhere.

The "pre-crime" issues and "sentencing" issues are a knotty problem as is the whole issue of what you might call reverse forensics.

I'm obviously scratching some itch with this topic and working my way towards something which struck me the first time I read this.

echoNovember 30, 2018 4:57 AM

@Clive

I forgot to add that when I mentioned paradoxes in physics and thatI believed therewas no paradox only a failure to understand or explain the nextbig essay by Ethan Seigal focused on this precise issue and essentially admitted it was true for a class of problems to do with hitting the current barrier of undertstanding and suspected new phsyics udnerlying the qauntum world being currently beyond out emperical grasp. I have no idea if I embarassed Ethan into this or if he considered it a natural follow on to his discussions. Either way I guess it's interesting how people move along on a psychological basis.

Clive RobinsonNovember 30, 2018 1:44 PM

@ gordo,

If even a fraction of those "alleged" activities are going on then "crooked" is a way way to polite way to describe the industry...

I would like to say I should be shocked, but to be honest I'm not in the slightest bit surprised.

The reason, there is no independent verification process available, which nearly all other advertising has... Thus "Whilst the cat is away, the mice will pay".

The artical does get one thing wrong though, it's not just the clients that are getting taken... It's also those who buy the clients products pay higher prices to cover the advertising costs...

But I guess the question is how much of the big Silicon Valley Companies like Alphabet are also getting fat on this behaviour?

Leave a comment

Allowed HTML: <a href="URL"> • <em> <cite> <i> • <strong> <b> • <sub> <sup> • <ul> <ol> <li> • <blockquote> <pre>

Photo of Bruce Schneier by Per Ervland.

Schneier on Security is a personal website. Opinions expressed are not necessarily those of IBM Resilient.