'King of Fraud' sentenced for Methbot botnet operation

Aleksandr Zhukov, the self-proclaimed "King of Fraud" convicted of stealing millions of dollars in the "Methbot" botnet operation, has been sentenced to prison for 10 years.

The U.S. Attorney's Office for the Eastern District of New York announced the sentencing Wednesday. Zhukov, a Russian national arrested in Bulgaria in 2018 and extradited to the U.S. in 2019, was convicted for a defrauding digital advertising clients out of $7 million dollars via a botnet.

Zhukov's "company," Media Methane, took on clients under the agreement that his company would place client advertisements on various websites in exchange for payment. However, Zhukov's company never placed the ads on real websites. Instead, he and his co-conspirators "programmed the bots to load real ads on blank webpages while falsely representing that the ads were loading on real webpages, 'spoofing' the domains of more than 6,000 publishers," including The New York Times and New York Post, the Attorney's office said in the press release.

The operation accomplished this by renting more than 2,000 servers in data centers located in Dallas and Amsterdam, as well as 765,000 IP addresses. Then, Media Methane programmed the servers, cumulatively referred to as the Methbot botnet, to properly simulate humans viewing ads.

"Zhukov and his co-conspirators programmed the bots to appear and behave like human internet users: falsely representing that they had screens and mouses, that they were running operating systems used for personal computers, and that they were running commercially available internet browsers (like Chrome, Internet Explorer, and Firefox), when they were not," the U.S. Attorney's Office said in the press release.

Authorities said Zhukov and co-conspirators at Media Methane programmed the bots to simulate human activity, making random clicks on sites, as well as accepting cookies and bypassing CAPTCHA challenges. According to the U.S. Attorney's Office, Zhukov called himself the "king of fraud!" and referred to his co-conspirators as "my developers."

John Marzulli, public information officer at the U.S. Attorney's Office for the Eastern District of New York, told SearchSecurity that Zhukov was charged along with four co-conspirators who were programmers: Boris Timokhin, Mikhail Andreev, Denis Avdeev and Dmitry Novikov. Marzulli added that "at least four additional people assisted with the operation and were discussed in the trial record but not charged," though he declined to say how large the total operation was.

The original 2018 indictment included three additional defendants: Sergey Ovsyannikov, Aleksandr Isaev and Yevgeniy Timchenko. 

UPDATE: Marzulli said the three individuals were were primarily involved in a second ad fraud operation run by Zuhkov; that botnet campaign was called "3ve" and was similar to the original Methbot. "Two of those people (Ovsyannikov and Timchenko) were arrested and extradited to the U.S.," Marzulli said in an email to SearchSecurity. "Timchenko was sentenced and served 2 years and 4 months in custody and has since returned to Kazakhstan; Ovsyannikov is still awaiting sentencing; Isaev remains at large."

According to the press release, Media Methane stole $7 million from client companies, and Zhukov transferred his illegal earnings to multiple corporate and personal bank accounts throughout Europe. Additionally, the U.S. Attorney's Office said Zhukov "kept 75% of the scheme's proceeds for himself and pocketed more than $4.8 million from the fraud." Zhukov has been ordered to pay $3,827,493 in forfeitures.

HUMAN, an ad fraud prevention vendor formerly known as White Ops, published a blog alongside the Attorney's Office press release. The vendor discovered the botnet in 2016 and assisted U.S. law enforcement in its investigation, which resulted in a takedown of Methbot and 3ve.

"HUMAN (formerly White Ops) initially discovered the Methbot cybercriminal organization back in 2016," the blog post read. "We then took a leading role in engaging with law enforcement and many of our ad tech partners to create the largest private/public sector collaboration in history to orchestrate a major botnet takedown."

Alexander Culafi is a writer, journalist and podcaster based in Boston.