Aleksandr Zhukov, an individual who ran a fraudulent digital advertising operation from Eastern Europe which was hosted on 2,000 servers in data centers in the US and the Netherlands from 2014 through 2016, was arrested in Bulgaria in 2018, extradited to the US in 2019 and convicted before a US jury in May 2021; was sentenced to ten years’ imprisonment and ordered to pay nearly $4 million in for wire fraud conspiracy, wire fraud, money laundering conspiracy and money laundering. Zhukov and co-conspirators stole more than $7 million from advertisers, publishers and others in the US digital advertising industry.
Zhukov recruited computer programmers and other employees to help him perpetrate the scheme and build the technical infrastructure required to create fraudulent ad traffic. He referred to these individuals as “my developers,” and referred to himself as the “king of fraud!”
The victim companies collectively paid more than $7 million for ads that were never actually viewed by human internet users and never actually displayed on real webpages.
The “King of Fraud!”
The crime was egregious and the details are instructive. According to a statement prepared by the US Attorney’s office, “(Zhukov’s operation) Media Methane had business arrangements with other advertising networks whereby it received payment in return for placing advertisements—primarily video advertisements—on websites. Rather than place advertisements on real publishers’ webpages where human internet users would see them, Zhukov rented (…) and programmed the datacenter computer servers (the “bots”) to simulate humans viewing ads on webpages. Zhukov and his co-conspirators programmed the bots to load real ads on blank webpages while falsely representing that the ads were loading on real webpages, “spoofing” the domains of more than 6,000 publishers, including The New York Times, the New York Post, the New York Daily News, Newsday, and the Staten Island Advance.
An automated deception operation
To create the illusion that human internet users were viewing the advertisements loaded onto these spoofed webpages, Zhukov and his co-conspirators programmed the bots to appear and behave like human internet users: falsely representing that they had screens and mouses, that they were running operating systems used for personal computers (…) running commercially available internet browsers (… and) programmed the bots to click around a screen a randomly determined number of times, simulate a mouse moving around and scrolling down a webpage, start and stop a video player midway, bypass captchas, accept cookies, and falsely appear to be signed into popular social media services such as Facebook, Twitter, and Google.
In addition, the defendant leased more than 765,000 Internet Protocol (“IP”) addresses, assigned multiple IP addresses to each datacenter server, and then fraudulently registered IP addresses in the names of major U.S. internet providers. Zhukov entered the false usage and location information into IP databases that are widely relied upon in the industry to make it appear that the computers in question belonged to human internet users located in homes and businesses around the United States.
The sentence was announced by officials of the Office of the United States Attorney for the Eastern District of New York (US DOJ), the Federal Bureau of Investigation, NY Office (FBI), and the Commissioner of the New York City Police Department (NYPD).
Read the news release by the US Attorney’s Office, Eastern District of New York, about this sentencing, Nov 2021
Read the news release by the US Attorney’s Office, Eastern District of New York, about Zhukov’s conviction, May 2021
Read the news release by TAG (The Trustworthy Accountability Group), Nov 2021
Why it matters
Quoting from a letter by TAG CEO Mike Zaneis to the US District Court for the Eastern District of New York, “Advertising fraud (ad fraud) is the scourge of the global digital economy. Bank robbers used to steal from banks “because that was where the money was”, but as the business world transitioned from brick and mortar to an electronic base of operations, cybercriminal rings formed to exploit new vulnerabilities…
“While advertisers expect their content will be viewed by legitimate consumers with the potential to buy their products and services, criminal organizations have attacked the digital ad ecosystem and defrauded legitimate participants in the supply chain. As a result, advertisers may end up paying a material portion of their campaign dollars to criminals who generate ad impressions that are never seen by legitimate consumers.
“It is not just the investments in cybersecurity that impact the industry. It is now commonplace for agencies, ad technology companies, and web publishers to invest in anti-fraud detection services. These services are usually provided by independent “Measurement Services” and can cost millions of dollars per company annually.
Marketers are losing billions of dollars in ad spend. Advertising is treated as an ordinary business expense under the U.S. Tax Code, thus increasing the cost of each good sold by marketers.”