Bulgaria has extradited a Russian hacker that was indicted by a US court for mounting a sophisticated hacking scheme to the United States.

According to the Russian embassy in Washington, the Russian hacker Alexander Zhukov was extradited on January 18. The Russian embassy has chosen to disclose the news on the VK social network, the Russian version of Facebook. The hacker is currently held in a jail in Brooklyn, New York.

“Employees of the Consulate General in New York will visit him in jail soon,” the embassy said.

Zhukov is accused of being involved in a sophisticated ad fraud scheme that leverages advertising and malware to compromise computer networks.

In November, law enforcement and private firms such as Google and WhiteOps took down one of the largest and most sophisticated digital ad-fraud campaign , tracked as Dubbed 3ve, that infected over 1.7 million computers to carry out advertising frauds.

The name 3ve is derived from a set of three distinct sub-operations using unique measures to avoid detection, and each of them was built around different architectures with different components.

3ve has been active since at least 2014 and experts observed a peak in its activity in 2017. It has been estimated that the campaign allowed its operators to earn more than $30 million, people involved in the ad-fraud campaign are all from Eastern Europe.

The United States Department of Justice indicted 8 individuals from Russia, Kazakhstan, and Ukraine, one of them is Zhukov.

Operators used a broad range of technique to monetize their efforts, they created fake versions of both websites and used their own botnet to simulate visitors’ activities , then offered ad spaces to advertisers, and Border Gateway Protocol hijacking for traffic redirection. Crooks also used malicious code to generate fake clicks over online ads and earn money.

The size of the infrastructure involved in the 3ve ad-fraud campaign is very huge, according to the experts, fraudsters infected 1.7 million computers with malware, attackers used thousands of servers and more than 10,000 counterfeit websites to impersonate legitimate web publishers.

The experts discovered that crooks used over 60,000 accounts selling ad inventory generating a record of 3 to 12 billion of daily ad bid requests.

Zhukov, aka Nastra, was arrested in Bulgaria, where he had lived since 2010, in November.

“According to Kommersant newspaper, which claims to have spoken with a friend of Zhukov, the hacker stood out on the dark web for the selective way he chose his jobs, staying away from credit-card theft or child pornography.” reported the AFP.

“Zhukov was earning about $20,000 per month on his fake ad-view contracts, but was exposed after a conflict with his US client, Kommersant said.”

Pierluigi Paganini

(SecurityAffairs – Zhukov, ad fraud)