Oleksii Petrovich Ivanov, Alleged
Malvertiser Extradited from the Netherlands to Face Hacking Charges
May 6, 2019
Defendant Conspired to Expose Millions of Victim Internet Users to
Malicious Advertisements Designed to Hack And Infect Victims’ Computers
A Ukrainian national charged with participating in a years-long,
international scheme to infect computers with malware through online
advertisements – so-called “malvertising” – will appear in Newark, New
Jersey federal court today after being extradited from the Netherlands,
Assistant Attorney General Brian A. Benczkowski of the Justice
Department’s Criminal Division and U.S. Attorney Craig Carpenito for the
District of New Jersey announced.
Oleksii Petrovich Ivanov, 31, is charged by indictment with one count of
conspiracy to commit wire fraud, four counts of wire fraud, and one
count of computer fraud. The indictment was returned on Dec. 3, 2018,
and unsealed upon his arrival in the United States on May 2, 2019.
Ivanov is scheduled to appear today before U.S. Magistrate Judge James
B. Clark III in Newark federal court and was detained without bail.
“Cyber criminals who harm victims in the United States and around the
world cannot rely on fake identities and international borders to evade
justice,” said Assistant Attorney General Benczkowski. “This case and
today’s extradition demonstrate that the United States and its
international partners will find cyber fugitives and bring them to face
justice in the United States, no matter where they commit their crimes.”
“This defendant engaged in an extraordinary and far-reaching scheme to
infect and hack computers throughout the United States and the world,”
said U.S. Attorney Carpenito. “This ‘malvertising’ scheme is especially
dangerous because it uses online ads to target millions of unsuspecting
Internet users engaged in activities as routine as booking their next
Ivanov was arrested on Oct. 19, 2018, following an international
investigation led by the U.S. Secret Service and in coordination with
Dutch law enforcement. He had been detained by the Dutch authorities
pending the resolution of the extradition proceedings.
According to the indictment, unsealed in Newark federal court on May 2,
2019, and other court filings, between around October 2013 through May
2018, Ivanov conspired to defraud millions of internet users around the
world by launching malicious online advertising campaigns that appeared
legitimate, but attempted to direct the internet browsers of victim
computers towards malicious computer programs (“malware”), unwanted
advertisements, and other computers that could install malware. As a
result of the scheme, Ivanov and others caused unsuspecting internet
users to view or access malicious advertisements on more than one
hundred million occasions.
Online advertising companies work with companies and individuals to
publish their online advertisements on the internet. These companies
place advertisements on third-party websites, such as shopping, news,
entertainment, or sports websites. These advertisements include web
banners, frame ads, and other graphical advertisements and are delivered
through websites that are accessed by computer users.
To carry out the scheme, Ivanov and co-conspirators are alleged to have
used fake online personas and fake companies to pose as legitimate
advertisers seeking to purchase online advertisements. According to the
indictment, Ivanov and his co-conspirators told the advertising
companies they were distributing ads for real products and services, and
even created false banners and websites showing purported
advertisements. But, in reality, the advertisements they purchased were
used to push malware out to the computers of victims who viewed or
clicked on the advertisements.
For instance, in June and July 2014, the defendant allegedly posed as
“Dmitrij Zaleskis,” CEO of a fake United Kingdom company called “Veldex
Limited” to submit a series of malicious advertisements to a U.S.-based
internet advertising company for distribution, including two campaigns
submitted on July 15, 2014 that were viewed or accessed approximately
17,328,129 times in a matter of days. The internet advertising company
repeatedly told Ivanov that his advertisements were being flagged as
malware threats, but Ivanov denied any wrongdoing and persuaded the
company to continue running his malicious advertisements for months.
After online advertisers and advertising server platforms flagged many
of the co-conspirators’ advertisements as malicious, Ivanov and others
are alleged to have lied and denied that their advertisements were
malicious. When their advertisments were banned as malicious, they
switched to new online advertising companies and used new fake
identities to buy more advertisements.
and co-conspirators also allegedly used false identities to register
internet domains that hosted malicious advertisements, and launch
purported advertising campaigns. Ivanov and others also allegedly
attempted to enrich themselves by offering to sell access to networks of
infected devices or “botnets. Ivanov is alleged to have successfully
infected or aided and abetted the infection of computers with malware
that he controlled, including botnet malware that infected more than one
hundred devices in the District of New Jersey.
The investigation was conducted by the U.S. Secret Service Criminal
Investigations, under the direction of Director Director James M.
Murray, and the Newark Field Office under the direction of Special Agent
in Charge Mark McKevitt. Substantial support was also provided by the
Secret Service’s Attaché Office in The Hague and the Justice
Department’s Office of International Affairs in coordinating the
extradition of Ivanov. The Department thanks the public prosecutors of
the Dutch National Public Prosecution Service, the National High Tech
Crime Unit of the Dutch National Police, and the National Crime Agency
(UK) for their tremendous assistance with this case.
Trial Attorney Aarash Haghighat of the Criminal Division’s Computer
Crime and Intellectual Property Section (CCIPS), Chief Justin S. Herring
of the U.S. Attorney’s Office Cybercrimes Unit and Assistant U.S.
Attorneys Melissa Wangenheim and Dara Govan of the District of New
Jersey are prosecuting the case.