Alleged perpetrators of the Methbot and 3ve cybercrime rings have started to arrive in the U.S. to face accusations that they orchestrated a broad conspiracy to defraud advertisers for millions of dollars.
Yevgeniy Timchenko, a 30-year-old citizen of Kazakhstan, appeared Wednesday in federal district court in Brooklyn alongside Aleksandr Zhukov, a Russian national, in a short status hearing. Both men had bald heads with facial hair and stood before the judge in beige jumpsuits. Lawyers asked for more time to review discovery materials in a case where the evidence is “extremely voluminous” and comes in multiple languages, including Russian and Bulgarian.
The Department of Justice has linked Timchenko to 3ve and Zhukov to Methbot, two distinct ad-fraud operations outlined in the same indictment unsealed in November. Both groups used botnet-based schemes to boost web traffic numbers in plots to collect money from legitimate advertising companies lured into investing in seemingly trustworthy businesses.
Members of Methbot and 3ve (pronounced “eve”), while working in different areas of the world, also collaborated with each other, sharing fake traffic and offering technical advice on how to avoid detection, prosecutors said.
The alleged pivot person for the two groups, Sergey Ovsyannikov of Kazakhstan, is due to join Timchenko and Zhukov soon, Madi Arkhabayev, a representative from Kazhakstan’s consulate in New York, told CyberScoop Wednesday. Ovsyannikov was arrested in Malaysia in October and is scheduled to be extradited to New York “in the coming weeks,” said Arkhabayev.
Timchenko first appeared in U.S. court on Feb. 7 after being extradited from Estonia. He has pleaded not guilty to allegations that he handled logistical and administrative aspects of a scheme to use hacked companies to artificially inflate web traffic, and charge advertisers for access to users who did not exist. Zhukov was extradited to the U.S. last month, when he pleaded not guilty to similar charges.
“We know two of our citizens have been accused of these crimes, and there is a lot of interest in this case,” he said.
Five other indicted individuals are on the lam.
Timchenko was involved with the 3ve scheme that lasted from December 2015 through October 2018, prosecutors said. The 3ve crew allegedly used hidden browsers on 1.7 million hacked computers in the U.S. and elsewhere to load ads on fabricated websites. The group “falsified billions of ad views and caused businesses to pay more than $29 million for ads that were never actually viewed by real human internet users,” U.S. prosecutors said.
Many of the servers used to obfuscate the group’s activity were located throughout the U.S. in places like Missouri, California and New Jersey. This was no accident, prosecutors said.
“Timchenko deliberately chose certain U.S. service providers because they had the ‘coolest processors’ and a ‘larger’ cache (for temporary data storage) than competing providers,” according to the indictment unsealed in November.
His co-defendant had a separate role in another area of the operation.
Zhukov allegedly worked from September 2014 until December 2016 as the ringleader of the Methbot group. That group, made up of five suspects, used 1,900 computer servers to load ads on 5,000 website domains, prosecutors said.
“To create the illusion that real human internet users were viewing the advertisements loaded onto these fabricated websites, the defendants programmed the datacenter servers to simulate the internet activity of human internet users,” the Justice Department said in a statement detailing the charges in November. Simulated activity included “browsing the internet through a fake browser, using a fake mouse to move around and scroll down a webpage, starting and stopping video player midway, and falsely appearing to be signed into Facebook.”
The Methbot group used this technique to falsify billions of ad views and defraud advertisers out of $7 million, U.S. attorneys say.
Ovysannikov allegedly served as the link between the two groups, collaborating with the Methbot group to boost traffic for 3ve, according to the indictment. He also directed funds from 3ve into shell entities lacking any outward-facing business, prosecutors alleged.