US recovers a record $15m from the 3ve ad-fraud crew
Swiss banks cough up around half of the proceeds of crime
The US government has recovered over $15 million in proceeds from the 3ve digital advertising fraud operation that cost businesses more than $29 million for ads that were never viewed.
"This forfeiture is the largest international cybercrime recovery in the history of the Eastern District of New York," US Attorney Breon Peace said in a statement.
The action, Peace added, "sends a powerful message to those involved in cyber fraud that there are no boundaries to prosecuting these bad actors and locating their ill-gotten assets wherever they are in the world."
Between December 2015 and October 2018, two Kazakhstan citizens, Sergey Ovsyannikov and Yevgeniy Timchenko, and one Russian, Aleksandr Isaev, carried out the massive fraud botnet scam and accessed more than 1.7 million infected computers in the US and globally, according to the Justice Department.
Both Ovsyannikov and Timchenko were arrested in 2018, pleaded guilty and have been sentenced to terms in US prisons. Isaev, along with five others, are charged [PDF] with money laundering, wire fraud, computer intrusion and identity theft for their involvement in 3ve (pronounced "Eve"), but remain free.
Here's how the scheme worked:
The operators purported to run legitimate companies that delivered ads to real human netizens accessing real websites. In fact, they faked both the humans and the websites using spoofed domains and a massive network of infected devices.
They were able to pull this off (for a while, at least) by developing a global infrastructure of command-and-control servers that monitored the infected computers to see if they had been flagged for possible fraud.
The operators used a pair of malware packages – Windows-targeting Boaxxe and Kovter – to infect victims' PCs. Once they had access to millions of devices they used hidden browsers on those computers to download fake websites and load ads onto the spoofed sites.
- 3ve Offline: Countless Windows PCs using 1.7m IP addresses hacked to 'view' up to 12 billion adverts a day
- Ad-tech firms grab email addresses from forms before they're even submitted
- Ukrainian crook jailed in US for selling thousands of stolen login credentials
- State of internet crime in Q1 2022: Bot traffic on the rise, and more
The Feds, working with Google and a collection of security companies, took down the ad-fraud operation in 2018. The FBI executed seizure warrants to sinkhole 23 internet domains and also executed search warrants at 11 different US server providers for 89 servers related to 3ve or Kovter.
During the course of the scam, the miscreants falsified billions of ad views and spoofed more than 86,000 domains, resulting in businesses paying more than $29 million, according to the Justice Department. A little more than half of the illicit proceeds, $15,111,453.84, has since been transferred from Swiss bank accounts to the US government. ®
- Advanced persistent threat
- Black Hat
- Bug Bounty
- Common Vulnerability Scoring System
- Cybersecurity and Infrastructure Security Agency
- Cybersecurity Information Sharing Act
- Data Breach
- Data Protection
- Data Theft
- Digital certificate
- Identity Theft
- Kenna Security
- Palo Alto Networks
- Remote Access Trojan
- Trusted Platform Module
- Zero trust