A Ukrainian national accused of infecting computers worldwide with more than 100 million pieces of malware was extradited from the Netherlands after being tracked down by the U.S. Secret Service and Dutch authorities, the government said Friday.
Oleksii Petrovich Ivanov, 31, infected the computers –100 of them in New Jersey – using what’s known as “malvertising,” U.S. Attorney for New Jersey Craig Carpenito said.
The scheme was particularly dangerous, Carpenito said, because “it uses online ads to target millions of unsuspecting Internet users engaged in activities as routine as booking their next vacation.”
Ivanov was arrested last October following an international investigation led by the U.S. Secret Service in coordination with Dutch law enforcement.
He arrived in Newark on Thursday after a Dutch judge approved his extradition and was brought before a U.S. District Court judge.
The attacks lasted five years, beginning in 2013, Carpenito said.
The malicious ad campaigns appeared legitimate, he said, “but attempted to direct victims’ browsers to malicious computer programs (malware), unwanted advertisements, and other computers that could install malware.
“Ivanov and others caused unsuspecting users to view or access malicious advertisements on more than 100 million occasions,” the U.S. attorney said.
Ivanov and his accomplices “used fake online personas and fake companies to pose as legitimate advertisers seeking to purchase online advertisements,” Carpenito said. “They told the advertising companies they were distributing ads for real products and services, and even created false banners and websites showing purported advertisements.
“The advertisements they purchased were used instead to push malware out victims.
For example, in 2014, Ivanov submitted a series of malicious advertisements to a U.S.-based internet advertising company for distribution by posing as posed as “Dmitrij Zaleskis,” CEO of a fake United Kingdom company called “Veldex Limited,” Carpenito said.
These included two campaigns that were viewed or accessed 17,328,129 times “in a matter of days,” he said.
“The internet advertising company repeatedly told Ivanov that his advertisements were being flagged as malware threats,” Carpenito said, “but Ivanov denied any wrongdoing and persuaded the company to continue running his malicious advertisements for months.
“After online advertisers and advertising server platforms flagged many of the conspirators’ advertisements as malicious, Ivanov and others lied and denied that their advertisements were malicious,” the U.S. attorney added.
“When their advertisements were banned as malicious, they switched to new online advertising companies and used new fake identities to buy more advertisements,” he said.
Ivanov and his accomplices also used bogus identities to register internet domains that hosted malicious advertisements and launch purported advertising campaigns.
They also offered networks of infected devices, or “botnets,” Carpenito said.
Botnet malware that he controlled infected more than 100 devices in New Jersey, the U.S. attorney said.
Carpenito and Assistant Attorney General Brian A. Benczkowski of the Justice Department’s Criminal Division credited special agents of the U.S. Secret Service, Criminal Investigations, and the Newark Field Office for the investigation that led to an indictment that was unsealed with Ivanov’s arrest.
“Substantial support” was also provided by the Secret Service’s Attaché Office in The Hague and the Justice Department’s Office of International Affairs in coordinating the extradition of Ivanov, Carpenito said.
Also thanked were the public prosecutors of the Dutch Ministry of Security and Justice, the National High Tech Crime Unit of the Dutch National Police and the National Crime Agency (UK) for their assistance.
Handling the case for the government is Justin S. Herring, chief of Carpenito’s Cybercrimes Unit and Assistant U.S. Attorneys Melissa Wangenheim and Dara Govan of the District of New Jersey, along with Aarash Haghighat, a trial attorney with the Criminal Division’s Computer Crime and Intellectual Property Section (CCIPS).
Click here to sign up for Daily Voice's free daily emails and news alerts.