Move over Scott Richter, a Russian man who once described himself as the “king of fraud” for his role in orchestrating a multimillion dollar crime spree was sentenced Wednesday to 10 years in prison.
Aleksandr Zhukov, 41, was convicted in May of defrauding U.S. advertising companies out of $7 million in part by using networks of hacked computers, or botnets, to artificially inflate web traffic. Working with a small network of cybercriminals, Zhukov directed bot traffic to inauthentic websites, charging marketing companies to run advertisements on websites that attracted little, if any, real visitors.
Two of Zhukov’s associates have pleaded guilty to involvement in the 3ve scheme, also known as Methbot, while six others have faced charges for the alleged roles in the effort.
“Sitting at his computer keyboard in Bulgaria and Russia, Zhukov boldly devised and carried out an elaborate multi-million-dollar fraud against the digital advertising industry, and victimized thousands of companies across the United States,” U.S. Attorney Breon Peace said in a statement. “Today’s sentence holds the defendant accountable for his deception and outright theft of more than $7 million, and sends a powerful message to cyber criminals around the world that there is no escape from the international reach of law enforcement.”
Prosecutors had requested a sentence of 15 years.
Bulgarian authorities arrested Zhukov in November 2018, around the same time other suspects were apprehended in Malaysia and Estonia, at the behest of the U.S. Department of Justice. He was extradited to the U.S. in January 2019, pleading not guilty and maintaining his innocence for more than two years of incarceration at the Metropolitan Detention Center in New York City.
In a sentencing request, the Justice Department included as evidence a chat log between Zhukov and an associated dated from 2014, in which the Russian man, using the alias adw0rd, described how he conceived of the idea to start the operation.
“It’s simple,” he wrote, according to a court filing. “While I was drinking I realized that I need money ASAP [smiley face] and since I am an experienced scam artist/adventurer, I immediately started thinking about how I could screw everyone one more time [smiley face] and I succeeded [smiley face].”
At one point he sought new legal representation and described himself in a letter to the court as a “weaponless soldier in front of a tank with name FBI.”
The 3ve/Methbot investigation, which FBI officials have cited frequently in recent years as a win for U.S. law enforcement over cybercrime, helped illuminate the shadowy world of advertising fraud. The issue costs marketing firms hundreds of millions of dollars annually, results in inflated prices for legitimate publishers and has since become a topic of focus for mobile security firms.
The case is the latest example of U.S. law enforcement going after alleged Russian cybercriminals around the world, a trend that has infuriated the Kremlin, which has accused the United States of hunting Russian citizens.
But written into the code of the Methbot case, there’s also technical intrigue: The network of servers that was allegedly used by the hackers has been under scrutiny to determine whether it was used by Russian state-backed hackers, or intelligence agencies, to hack into U.S. political parties
“Differentiating between what is ‘cybercrime’ and what is nation-state activity, such as espionage, is getting increasingly difficult, especially concerning Russia,” Mathew Schwartz, executive editor of the industry journal DataBreachToday, told RFE/RL. “In part, this is because some individuals who have day jobs as government hackers — or contractors — seem to hack the West in their spare time — for fun, patriotism or profit.”