International ‘Malvertiser’ Extradited from Netherlands to Face Hacking Charges in New Jersey
Defendant Conspired to Expose Millions of Internet Users to Malicious Advertisements Designed to Hack and Infect Victims’ Computers with Malware
NEWARK, N.J. – A Ukrainian national charged with participating in a years-long, international scheme to infect computers with malware through online advertisements – so-called “malvertising” – will appear in Newark federal court today after being extradited from the Netherlands, U.S. Attorney Craig Carpenito for the District of New Jersey and Assistant Attorney General Brian A. Benczkowski of the Justice Department’s Criminal Division announced.
Oleksii Petrovich Ivanov, 31, is charged by indictment with one count of conspiracy to commit wire fraud, four counts of wire fraud, and one count of computer fraud. The indictment was returned on Dec. 3, 2018, and unsealed upon his arrival in the United States on May 2, 2019. Ivanov appeared today before U.S. Magistrate Judge U.S. Magistrate Judge James B. Clark III in Newark federal court and was detained without bail.
“This defendant engaged in an extraordinary and far-reaching scheme to infect and hack computers throughout the United States and the world,” U.S. Attorney Carpenito said. “This ‘malvertising’ scheme is especially dangerous because it uses online ads to target millions of unsuspecting Internet users engaged in activities as routine as booking their next vacation.”
“Cyber criminals who harm victims in the United States and around the world cannot rely on fake identities and international borders to evade justice,” said Assistant Attorney General Benczkowski. “This case and today's extradition demonstrates that, through international cooperation, we are able to bring cyber thieves to justice in the United States, wherever they may commit their crimes.”
Ivanov was arrested Oct. 19, 2018, following an international investigation led by the U.S. Secret Service in coordination with Dutch law enforcement. He had been detained by Dutch authorities pending the resolution of the extradition proceedings.
According to documents filed in this case and statements made in court:
From October 2013 through May 2018, Ivanov conspired to defraud millions of internet users around the world by launching malicious online advertising campaigns that appeared legitimate, but attempted to direct victims’ browsers to malicious computer programs (malware), unwanted advertisements, and other computers that could install malware. Ivanov and others caused unsuspecting users to view or access malicious advertisements on more than 100 million occasions.
Ivanov and his conspirators used fake online personas and fake companies to pose as legitimate advertisers seeking to purchase online advertisements. They told the advertising companies they were distributing ads for real products and services, and even created false banners and websites showing purported advertisements. The advertisements they purchased were used instead to push malware out victims.
For example, in June and July 2014, Ivanov posed as “Dmitrij Zaleskis,” CEO of a fake United Kingdom company called “Veldex Limited,” to submit a series of malicious advertisements to a United States-based internet advertising company for distribution, including two campaigns submitted on July 15, 2014, that were viewed or accessed 17,328,129 times in a matter of days. The internet advertising company repeatedly told Ivanov that his advertisements were being flagged as malware threats, but Ivanov denied any wrongdoing and persuaded the company to continue running his malicious advertisements for months.
After online advertisers and advertising server platforms flagged many of the conspirators’ advertisements as malicious, Ivanov and others lied and denied that their advertisements were malicious. When their advertisements were banned as malicious, they switched to new online advertising companies and used new fake identities to buy more advertisements.
Ivanov and his conspirators also used false identities to register internet domains that hosted malicious advertisements, and launch purported advertising campaigns. Ivanov and others also attempted to enrich themselves by offering to sell access to networks of infected devices or “botnets.” Ivanov successfully infected or aided and abetted the infection of computers with malware that he controlled, including botnet malware that infected more than 100 devices in New Jersey.
U.S. Attorney Carpenito and Assistant Attorney General Benczkowski credited special agents of the U.S. Secret Service, Criminal Investigations, under the direction of Director James M. Murray, and the Newark Field Office, under the direction of Special Agent in Charge Mark McKevitt, for the investigation leading to the indictment. Substantial support was also provide by the Secret Service’s Attaché Office in The Hague and the Justice Department’s Office of International Affairs in coordinating the extradition of Ivanov. The Department also thanks the public prosecutors of the Dutch Ministry of Security and Justice, the National High Tech Crime Unit of the Dutch National Police, and the National Crime Agency (UK) for their assistance with this case.
The wire fraud conspiracy and substantive wire fraud counts with which Ivanov is charged carry a maximum potential penalty of 20 years in prison and a $250,000 fine, or twice the gain or victim loss from the offense. Ivanov is also charged with a computer fraud count that carries a maximum potential penalty of five years in prison and a $250,000 fine, or twice the gain or loss from the offense.
The government is represented by Justin S. Herring, Chief of the U.S. Attorney’s Office Cybercrimes Unit, and Assistant U.S. Attorneys Melissa Wangenheim and Dara Govan, District of New Jersey, and Aarash Haghighat, Trial Attorney with the Criminal Division’s Computer Crime and Intellectual Property Section (CCIPS).
The charges and allegations contained in the indictment are merely accusations and the defendant is considered innocent unless and until proven guilty.