International “Malvertiser” Extradited from the Netherlands to Face Hacking Charges in New Jersey
Defendant Conspired to Expose Millions of Victim Internet Users to Malicious Advertisements Designed to Hack And Infect Victims’ Computers with Malware
A Ukrainian national charged with participating in a years-long, international scheme to infect computers with malware through online advertisements – so-called “malvertising” – will appear in Newark, New Jersey federal court today after being extradited from the Netherlands, Assistant Attorney General Brian A. Benczkowski of the Justice Department’s Criminal Division and U.S. Attorney Craig Carpenito for the District of New Jersey announced.
Oleksii Petrovich Ivanov, 31, is charged by indictment with one count of conspiracy to commit wire fraud, four counts of wire fraud, and one count of computer fraud. The indictment was returned on Dec. 3, 2018, and unsealed upon his arrival in the United States on May 2, 2019. Ivanov is scheduled to appear today before U.S. Magistrate Judge James B. Clark III in Newark federal court and was detained without bail.
“Cyber criminals who harm victims in the United States and around the world cannot rely on fake identities and international borders to evade justice,” said Assistant Attorney General Benczkowski. “This case and today’s extradition demonstrate that the United States and its international partners will find cyber fugitives and bring them to face justice in the United States, no matter where they commit their crimes.”
“This defendant engaged in an extraordinary and far-reaching scheme to infect and hack computers throughout the United States and the world,” said U.S. Attorney Carpenito. “This ‘malvertising’ scheme is especially dangerous because it uses online ads to target millions of unsuspecting Internet users engaged in activities as routine as booking their next vacation.”
Ivanov was arrested on Oct. 19, 2018, following an international investigation led by the U.S. Secret Service and in coordination with Dutch law enforcement. He had been detained by the Dutch authorities pending the resolution of the extradition proceedings.
According to the indictment, unsealed in Newark federal court on May 2, 2019, and other court filings, between around October 2013 through May 2018, Ivanov conspired to defraud millions of internet users around the world by launching malicious online advertising campaigns that appeared legitimate, but attempted to direct the internet browsers of victim computers towards malicious computer programs (“malware”), unwanted advertisements, and other computers that could install malware. As a result of the scheme, Ivanov and others caused unsuspecting internet users to view or access malicious advertisements on more than one hundred million occasions.
Online advertising companies work with companies and individuals to publish their online advertisements on the internet. These companies place advertisements on third-party websites, such as shopping, news, entertainment, or sports websites. These advertisements include web banners, frame ads, and other graphical advertisements and are delivered through websites that are accessed by computer users.
To carry out the scheme, Ivanov and co-conspirators are alleged to have used fake online personas and fake companies to pose as legitimate advertisers seeking to purchase online advertisements. According to the indictment, Ivanov and his co-conspirators told the advertising companies they were distributing ads for real products and services, and even created false banners and websites showing purported advertisements. But, in reality, the advertisements they purchased were used to push malware out to the computers of victims who viewed or clicked on the advertisements.
For instance, in June and July 2014, the defendant allegedly posed as “Dmitrij Zaleskis,” CEO of a fake United Kingdom company called “Veldex Limited” to submit a series of malicious advertisements to a U.S.-based internet advertising company for distribution, including two campaigns submitted on July 15, 2014 that were viewed or accessed approximately 17,328,129 times in a matter of days. The internet advertising company repeatedly told Ivanov that his advertisements were being flagged as malware threats, but Ivanov denied any wrongdoing and persuaded the company to continue running his malicious advertisements for months.
After online advertisers and advertising server platforms flagged many of the co-conspirators’ advertisements as malicious, Ivanov and others are alleged to have lied and denied that their advertisements were malicious. When their advertisements were banned as malicious, they switched to new online advertising companies and used new fake identities to buy more advertisements.
Ivanov and co-conspirators also allegedly used false identities to register internet domains that hosted malicious advertisements, and launch purported advertising campaigns. Ivanov and others also allegedly attempted to enrich themselves by offering to sell access to networks of infected devices or “botnets. Ivanov is alleged to have successfully infected or aided and abetted the infection of computers with malware that he controlled, including botnet malware that infected more than one hundred devices in the District of New Jersey.
The investigation was conducted by the U.S. Secret Service Criminal Investigations, under the direction of Director Director James M. Murray, and the Newark Field Office under the direction of Special Agent in Charge Mark McKevitt. Substantial support was also provided by the Secret Service’s Attaché Office in The Hague and the Justice Department’s Office of International Affairs in coordinating the extradition of Ivanov. The Department thanks the public prosecutors of the Dutch National Public Prosecution Service, the National High Tech Crime Unit of the Dutch National Police, and the National Crime Agency (UK) for their tremendous assistance with this case.
Trial Attorney Aarash Haghighat of the Criminal Division’s Computer Crime and Intellectual Property Section (CCIPS), Chief Justin S. Herring of the U.S. Attorney’s Office Cybercrimes Unit and Assistant U.S. Attorneys Melissa Wangenheim and Dara Govan of the District of New Jersey are prosecuting the case.
An indictment merely contains allegations, and the defendant is presumed innocent until proven guilty beyond a reasonable doubt in a court of law.