A Ukrainian national charged with participating in a years-long, international scheme to infect computers with malware through online advertisements appeared in federal court in New Jersey after being extradited from the Netherlands, officials said.
Oleksii Petrovich Ivanov, 31, is charged with one count of conspiracy to commit wire fraud, four counts of wire fraud, and one count of computer fraud. An indictment was returned Dec. 3, 2018, and unsealed upon his arrival in the United States on May 2.
“Cyber criminals who harm victims in the United States and around the world cannot rely on fake identities and international borders to evade justice,” said Assistant Attorney General Brian A. Benczkowski. “This case and today’s extradition demonstrate that the United States and its international partners will find cyber fugitives and bring them to face justice in the United States, no matter where they commit their crimes.”
“This defendant engaged in an extraordinary and far-reaching scheme to infect and hack computers throughout the United States and the world,” said U.S. Attorney Craig Carpenito. “This ‘malvertising’ scheme is especially dangerous because it uses online ads to target millions of unsuspecting Internet users engaged in activities as routine as booking their next vacation.”
Ivanov was arrested on Oct. 19 following an international investigation led by the U.S. Secret Service and in coordination with Dutch law enforcement. He had been detained by the Dutch authorities pending the resolution of the extradition proceedings.
According to the indictment, unsealed in Newark federal court May 2, and other court filings, between October 2013 through May 2018, Ivanov conspired to defraud millions of Internet users around the world by launching malicious online advertising campaigns that appeared legitimate, but attempted to direct the Internet browsers of victim computers toward malicious computer programs (“malware”), unwanted advertisements, and other computers that could install malware. As a result of the scheme, Ivanov and others caused unsuspecting Internet users to view or access malicious advertisements on more than one hundred million occasions.
Online advertising companies work with companies and individuals to publish their online advertisements on the Internet. These companies place advertisements on third-party websites, such as shopping, news, entertainment, or sports websites. These advertisements include web banners, frame ads, and other graphical advertisements and are delivered through websites that are accessed by computer users.
To carry out the scheme, Ivanov and co-conspirators used fake online personas and fake companies to pose as legitimate advertisers seeking to purchase online advertisements, according to the indictment. In addition, Ivanov and his co-conspirators told the advertising companies they were distributing ads for real products and services, and even created false banners and websites showing purported advertisements, the indictment said. But, in reality, the advertisements they purchased were used to push malware out to the computers of victims who viewed or clicked on the advertisements.
For instance, in June and July 2014, the defendant allegedly posed as “Dmitrij Zaleskis,” chief executive of a fake United Kingdom company called “Veldex Limited” to submit a series of malicious advertisements to a U.S.-based Internet advertising company for distribution, including two campaigns submitted on July 15, 2014 that were viewed or accessed approximately 17,328,129 times in a matter of days. The Internet advertising company repeatedly told Ivanov his advertisements were being flagged as malware threats, but Ivanov denied any wrongdoing and persuaded the company to continue running his malicious advertisements for months.
After online advertisers and advertising server platforms flagged many of the co-conspirators’ advertisements as malicious, Ivanov and others lied and denied their advertisements were malicious, officials said. When their advertisements were banned as malicious, they switched to new online advertising companies and used new fake identities to buy more advertisements.
Ivanov and co-conspirators also allegedly used false identities to register Internet domains that hosted malicious advertisements, and launch purported advertising campaigns. Ivanov and others also attempted to enrich themselves by offering to sell access to networks of infected devices or botnets, officials said.