Killing 3ve: US Dismantles Global Ad Fraud Scheme

Written by

The US authorities are claiming victory after dismantling two global cybercrime rings and indicting eight men on charges connected with running a major ad fraud operation.

Aleksandr Zhukov, Boris Timokhin, Mikhail Andreev, Denis Avdeev, Dmitry Novikov, Sergey Ovsyannikov, Aleksandr Isaev and Yevgeniy Timchenko were charged with wire fraud, computer intrusion, aggravated identity theft, money laundering and more, according to the Department of Justice.

Ovsyannikov was arrested in Malaysia, Zhukov in Bulgaria and Timchenko in Estonia and all three now await extradition to the US, although the others remain at large.

They are believed to be responsible for a notorious ad fraud scheme which could have been in operation since 2014.

Dubbed “3ve,” what started out as a low-level botnet grew into a major operation in 2017, generating between 3-12 billion+ daily ad bid requests at its peak and compromising one million IP addresses, according to a detailed Google report.

There were three components to the scheme.

The first, reported previously as “MethBot,” “Miuref” and “Boaxxe” has been dubbed 3ve.1 by Google. It was comprised of a network of datacenter-based bots which ran fake ad networks. The bots are said to have loaded ads on 5000 fake websites, with the herders leasing 650,000 IP addresses, assigning them to the servers andfraudulently registering them to residential addresses.

The second scheme, 3ve.2, saw the herders use the global Kovter botnet to load the websites they operated from 700,000 infected computers to generate ad revenue.

Finally, 3ve.3 was similar to 3ve.1 except that it used a smaller number of datacenter bots, plus the cyber-criminals rented datacenter servers directly to use as proxies rather than using the residential IPs of bot-infected computers.

To dismantle the botnet, the FBI sinkholed over 30 domains, executed search warrants on 11 US server providers and seizure warrants for bank accounts in Switzerland and elsewhere linked to the scheme.

It's believed the scheme caused firms to pay out over $36m for fraudulent ads.

What’s hot on Infosecurity Magazine?