Recently unsealed court documents along with reporting coming from BuzzFeed News provide an inside look at how the FBI investigated two ad fraud operations.
When he was arrested in Malaysia last month, Sergey Ovsyannikov was told by US law enforcement in which he had the right to remain silent. Instead, the 30-year-old native of Kazakhstan quickly admitted to helping run a massive ad fraud operation in which allegedly stole tens of millions of dollars.
Ovsyannikov’s confession can be contained in a trove of unsealed court documents in which provide fresh insight into the FBI’s biggest-ever ad fraud investigation. Last week, the Department of Justice announced a 13-count indictment against Ovsyannikov along with seven some other men for allegedly operating two lucrative ad fraud schemes in which utilized bots, thousands of counterfeit websites, along with roughly 1.7 million infected PCs to pillage the global advertising industry.
Billions are stolen each year by people like Ovsyannikov who exploit the systems used to buy along with sell digital advertising. In This particular case, they allegedly programmed bots to generate fake web visits to websites they had created, thereby earning revenue coming from the real ads in which appeared on these sites. The accused are also alleged to have sold their fake traffic to some other customers.
Ovsyannikov along with two others are accused of running a scheme called 3ve (pronounced “eve”). BuzzFeed News previously revealed how an unprecedented industry coalition of more than 15 technology companies, including Google along with White Ops, investigated along with helped take 3ve down. The 5 some other men facing charges allegedly operated Methbot, a different scheme in which was revealed publicly in 2016 by White Ops.
“As alleged in court filings, the defendants in This particular case used sophisticated computer programming along with infrastructure around the planet to exploit the digital advertising industry through fraud,” Richard P. Donoghue, United States attorney for the Eastern District of fresh York, said in a press Discharge announcing the indictment.
A law enforcement source told BuzzFeed News in which the investigation can be ongoing. Future charges could relate to 3ve, as in which involved three unique traffic-fabrication operations, though only one was cited inside the indictment.
Along with Ovsyannikov, two some other men are in custody along with awaiting extradition to the US: Aleksandr Zhukov, who was arrested in Bulgaria in early November, along with Yevgeniy Timchenko, who was recently arrested in Estonia. Timchenko along with Ovsyannikov allegedly worked together to operate 3ve. Zhukov was named as the CEO of the Methbot operation inside the indictment. 5 some other men, all Russian, remain at large.
Yermek Rakhmetov can be a friend of Ovsyannikov’s along with the CEO of Ping Media, a digital advertising company in Kazakhstan. When reached by BuzzFeed News, he was surprised to learn Ovsyannikov had been arrested along with found in which hard to believe he’d done something illegal.
“I know him like a friend, we worked together,” he said in English, his second language. “I know in which he can be a very clever guy who knows about internet advertising. I work in This particular field also, yet I didn’t assume in which he could do some fraud ads.”
Rakhmetov said he last spoke to Ovsyannikov on Oct. 4, when he sent his friend a birthday message. “He replied to me along with said everything can be OK,” Rakhmetov said. Less than three weeks later, Ovsyannikov was taken into custody.
Others named inside the indictment are unlikely to see a US courtroom. One of them can be Mikhail Andreev, 34, who allegedly worked as a programmer on Methbot. He’s a Russian citizen currently living in Crimea, which was annexed by Russia in 2014. The US along with Russia do not have an extradition treaty.
“I’m not guilty, I don’t have much more to say actually,” Andreev said in a message sent in Russian to BuzzFeed News on the Telegram messaging app.
Andreev initially agreed to an interview, yet quickly canceled, telling a reporter in which he’s “very busy.” yet he’s clearly been thinking about his legal situation. After news of the indictment broke last week, Andreev shared an image of the court filing on his Instagram with the comment, “I wonder what will happen next…”
In another Instagram post, he commented on the fact in which the indictment included communications between him along with his alleged conspirators. “Big Brother can be in action: private search along with texts,” he said.
Andreev, who goes by the online nickname adw0rd, includes a presence on many social media platforms. Typically, he shares photos along with videos of him skateboarding. In one Instagram post, he brags in which the Kremlin propaganda channel Russia 1 had profiled him for a TV story.
There’s also evidence in which Andreev along with fellow accused Boris Timokhin have known each some other for years. Andreev mentions his alleged conspirator in a 2012 blog post about building a piece of software. (Messages sent to social media accounts along with email addresses belonging to others named inside the indictment went unanswered.)
The private messages, search history, along with some other information in which drew Andreev’s ire on Instagram were obtained by the FBI thanks to warrants issued by fresh York federal judges. The warrant applications relied on detailed affidavits submitted by FBI agents along with NYPD officers, along with these affidavits are contained in recently unsealed court documents.
They describe how the alleged fraudsters ran their operations along with the ease with which they allegedly stole tens of millions of dollars. The court filings also underscore how these schemes were in many ways run like tiny technology startups.
The alleged operators set up front ad tech companies with websites along with also appear to have used common tools such as Trello project management software along with Google apps to manage their operations along with communicate. They created spreadsheets to keep track of the servers they rented, along with Ovsyannikov allegedly used Trello to collaborate with others involved in 3ve.
One court filing describes him creating a Trello card in which listed hundreds of domains of real websites they were planning to impersonate as part of the scheme. The use of collaboration software also helped the FBI identify who Ovsyannikov was working with, according to the documents.
After obtaining a warrant to search his email, FBI agents saw in which Ovsyannikov had added two some other people, Yevgeniy Timchenko along with Aleksandr Isaev, to a shared spreadsheet in which mapped out the technical infrastructure of 3ve. “Specifically, Timchenko had editing privileges along with Isaev had reading privileges,” wrote FBI Special Agent Evelina Aslanyan in an affidavit in support of arrest warrants for the three men.
After being arrested, Ovsyannikov told US law enforcement in which he along with his two partners operated companies called Adzos along with Clicklandia, according to court documents. These front companies helped them secure agreements with legitimate players inside the ad ecosystem.
Ovsyannikov admitted in which “approximately 97% to 98% of Adzos’ business revenues were not legitimate,” according to an affidavit coming from NYPD Detective Mark Rubins, a member of the FBI Financial Cyber Crimes Task Force.
The Adzos website currently carries a notice in which in which’s been seized by the FBI, yet earlier versions of the site are available coming from the Internet Archive. The company promised advertisers in which its “array of modern monetization approaches guarantees the success of your advertising campaign.” In reality, the traffic was generated thanks to PCs infected with malware in which secretly loaded webpages with ads. (See This particular previous story for a detailed description of how the malware generated fake traffic.)
The Department of Justice alleges in which 3ve made use of roughly 1.7 million infected PCs. In order to document the presence of malware on computers in fresh York, along with to identify how in which worked, FBI agents visited the homes of more than a dozen US citizens along with businesses inside the fresh York area. They informed people in which their PC was infected along with requested permission to access the machine. Agents then monitored the computers to identify the servers they communicated with, which revealed the command along with control operation at the heart of the malware.
This particular malware helped Ovsyannikov along with his alleged collaborators generate millions of dollars in revenue, according to court documents.
One affidavit coming from Rubins said a bank account inside the Czech Republic connected to the 3ve operation received $11.6 million in payments coming from legitimate advertising companies over a 12-month period. During its existence, in which account received a total of $17.6 million in transfers. in which was one of several accounts operated by the fraudsters, according to court filings.
Money was on Ovsyannikov’s mind when he was arrested in Malaysia on Oct. 23. After admitting to his involvement in 3ve, Ovsyannikov said he along with Isaev had created a company called Octmedia LP to be the main recipient of their advertising revenue. The FBI later obtained a contract between Ovsyannikov along with Isaev in which stated the former might be paid a salary of $10,000 a month by Octmedia “for technical support services.”
Once in custody, Ovsyannikov said he wanted to make sure the money continued to flow. “He further stated in which after his arrest he had asked his wife to speak to an accountant to ensure in which his salary payments continue to be received,” wrote Rubins.
Roughly two weeks later, US law enforcement used in which information to seize bank accounts belonging to Octmedia along with another company controlled by Ovsyannikov.