Bulgarian authorities last week arrested an accused Russian cybercriminal based on an Interpol warrant that originated with prosecutors from the Eastern District of New York, a lawyer familiar with the case told CyberScoop.
Alexander Zhukov, a Russian national, was apprehended by police after he was indicted in absentia by U.S. prosecutors, according to Arkady Bukh, a New York-based attorney with a history of representing suspected hackers from Eastern Europe. Bukh now is in negotiations to represent Zhukov, he said Wednesday.
Prosecutors accused Zhukov of affiliate fraud, Bukh said. Affiliate fraud typically involves artificially inflating internet traffic to defraud marketers, charging advertisers for access to website visitors who don’t exist.
“There is widespread fraud from huge amounts of traffic getting directed through botnets,” said Bukh, describing the rise of ad fraud in general.
“Before, it was boys and girls in Russia sitting in boiler rooms clicking manual clicks in order to get apparent traffic to defraud affiliates,” he said. “Now it’s done by bots.”
A BuzzFeed News investigation published last month revealed that more than 125 apps and websites were used as part of an ad fraud scheme connected to shell companies based in Bulgaria, Croatia, Malta and elsewhere. Scammers used those apps and websites to produce fake traffic while avoiding detection by anti-fraud tools, BuzzFeed reported.
The indictment from the Eastern District of New York is sealed and could remain so until Zhukov is extradited to the U.S., Bukh said. The U.S. Department of Justice and a spokesman from the Eastern District both declined to comment on the case. Interpol also declined to comment on the matter.
Zhukov, a St. Petersburg native, is accused of committing computer fraud from September 2014 to December 2016, causing more than $7 million in damages, the Russian media outlet Kommersant reported. The accused cybercriminal went by the name “Nastra,” the site said.
Zhukov was arrested Nov. 6th in Varna, a Bulgarian city situated on the Black Sea, where he had been living since roughly 2010, according to Kommersant.
Bulgaria’s Ministry of the Interior, which oversees the National Police Service, did not respond to a request for comment. The municipal court office in Varna also did not respond to a request for comment.
Bukh, the lawyer, long has represented suspected cybercriminals facing charges in the U.S. He worked earlier this year for Fedir Hladyr, a Ukrainian national allegedly involved with “FIN7,” the hacking group blamed for stealing tens of millions of dollars from American companies since 2014. Yevgeniy Nikulin, a Russian accused of stealing passwords from LinkedIn and Dropbox, also enlisted Bukh as his legal counsel. Nikulin pleaded not guilty to the charges against him and was extradited from the Czech Republic to the U.S. in March, CyberScoop reported in July.
The U.S. and Bulgaria have a bilateral extradition agreement.