US Recovers $15M from Kovter Ad Fraud Scheme

Colin Thierry
Colin Thierry Writer
Colin Thierry Colin Thierry Writer

The US government has recovered over $15 million from Swiss bank accounts belonging to threat actors behind the ‘3ve’ online advertising fraud scheme.

Switzerland transferred $15,111,453.84 to the US government as part of a Final Order of Forfeiture related to United States v. Sergey Ovsyannikov. Ovsyannikov was one of the masterminds of the global ad fraud campaign.

In 2018, the Department of Justice (DoJ) announced indictments against Aleksandr Zhukov, Boris Timokhin, Mikhail Andreev, Denis Avdeev, Dmitry Novikov, Sergey Ovsyannikov, Aleksandr Isaev, and Yevgeniy Timchenko due to their involvement in the 3ve ad fraud botnet.

While Ovsyannikov, Zhukov, and Timchenko were arrested and sentenced, the rest remained free.

At its highest point, the 3ve ad fraud campaign, also called Eve, infected over 1.7 million devices with the Kovter botnet. This is a click-fraud malware that would quietly run in the background while connecting to sites to consume phony advertisements.

As part of the scheme, the threat actors worked with legitimate advertisers and agencies to display advertisements on websites. However, these advertisements were placed on 86,000 fraudulent domains created by cybercriminals.

The campaign would then direct the devices infected with Kovter to connect to these sites to view their ads. The advertisers were then billed for these phony ads.

From December 2015 through October 2018, the operation fraudulently billed advertisers over $29 million for ads that real visitors never saw. The criminal operation peaked while generating between 3 and 12 billion daily ad bid requests each day.

“This forfeiture is the largest international cybercrime recovery in the history of the Eastern District of New York and sends a powerful message to those involved in cyber fraud that there are no boundaries to prosecuting these bad actors and locating their ill-gotten assets wherever they are in the world,” said United States Attorney Peace in a press release on Wednesday.

About the Author

About the Author

Colin Thierry is a former cybersecurity researcher and journalist for SafetyDetectives who has written a wide variety of content for the web over the past 2 years. In his free time, he enjoys spending time outdoors, traveling, watching sports, and playing video games.