Case 1:18-cr-00633-ERK Document 8 Filed 11/27/18 Page 1 of 34 PageID #: 48
iNCL'^ vK'o OFFICE

korman, j.

U.S. DISTRi Tr OCoRT E.D.N.Y

^ NOV 27 2018
RMT:SK/AFM/MTK

GOLD, MJ.

F. #2016R02228

BROOKLYM OFFICE

UNITED STATES DISTRICT COURT
EASTERN DISTRICT OF NEW YORK
X

I NDICTMENT

UNITED STATES OF AMERICA

CH^r.lp.

- against -

(T. 18, U.S.C., §§ 37lT98T(a)TT5(C),
982(a)(1), 982(a)(2)(B), 982(b)(1),
1028A(a)(l), 1028A(b), 1028A(c)(4),
1030(a)(2), 1030(a)(4), 1030(a)(5),
1030(b), 1030(c)(2)(A), 1030(c)(2)(B),
1030(c)(3)(A), 1030(c)(4), 1030(i)(l),
1030(0(2), 1343,1349,1956(h),
1957(a), 2 and 3551 et seq.: T. 21,
U.S.C., § 853(p); T. 28, U.S.C.,
§ 2461(c))

ALEKSANDR ZHUKOV,
BORIS TIMOKHIN,
MIKHAIL ANDREEV,
DENIS AVDEEV,
DMITRY NOVIKOV,
SERGEY OVSYANNIKOV,
ALEKSANDRISAEV and

YEVGENIY TIMCHENKO,
Defendants.
X

THE GRAND JURY CHARGES:
INTRODUCTION

At all times relevant to this Indictment, unless otherwise indicated:

1.

Individuals and businesses("publishers") were able to provide free

content on the intemet—such as websites, search engines, translation services, video

playback services and global mapping services—because advertisers paid for the opportunity
to show advertisements(sometimes referred to as "ads") alongside that content.

2.

The digital advertising industry was made up of a chain ofspecialized

businesses. Publishers commonly used entities called supply-side platforms("SSPs")to

conduct auctions that sold the advertising space on their sites. These auctions commenced

 Case 1:18-cr-00633-ERK Document 8 Filed 11/27/18 Page 2 of 34 PageID #: 49

as soon as an internet user accessed a website and concluded within milliseconds, before the

webpage displayed to the user. Businesses seeking to promote their goods and services
online ("brands")commonly used entities called demand-side platforms("DSPs")to bid in
these auctions and thereby had their advertisements placed on webpages that real human

internet users were browsing. Brands commonly paid for advertising on a lump-sum basis,
and publishers commonly received payment based on how many times users clicked on or
viewed advertisements(sometimes referred to as "impressions"). The entities in between
the brands and the publishers—the DSPs, SSPs and ad networks that connected SSPs with
publishers—charged fees along the way.
3.

The defendants in this case used sophisticated computer programming

and infrastructure spread around the world to exploit the digital advertising industry through
fraud. They represented to others that they ran legitimate ad networks that delivered
advertisements to real human internet users accessing real internet webpages. In fact, the
defendants faked both the users and the webpages: in each of the charged schemes,they

programmed computers they controlled to load advertisements on fabricated webpages, via
an automated program, in order to fraudulently obtain digital advertising revenue.
4.

In one iteration—a datacenter-based scheme referred to in the ad

industry as "Methbot"—the defendants used computers they controlled that they had rented
from commercial datacenters in Dallas, Texas, and elsewhere.
5.

In another iteration—a botnet-based scheme referred to in the ad

industry as "3ve.2 Template A"—the defendants used computers to which they had gained
unauthorized access (i.e. that had been "hacked"), including computers belonging to

 Case 1:18-cr-00633-ERK Document 8 Filed 11/27/18 Page 3 of 34 PageID #: 50

individuals and businesses in the United States and elsewhere, including in the Eastern
District of New York.
1.

The Defendants

6.

The defendant ALEKSANDR ZHUKOV was a citizen of the Russian

Federation. He led the development ofthe datacenter-based scheme. ZHUKOV served as
the chief executive officer of Ad Network #1,the identity of which is known to the Grand
Jury. Ad Network #1 was a private corporation owned by ZHUKOV with offices in the
Russian Federation and the Republic of Bulgaria. It purported to assist customers with
delivering advertisements to real human internet users via its ad network.
7.

The defendant BORIS TIMOKHIN was a citizen ofthe Russian

Federation and worked for Ad Network #1. TIMOKHIN handled programming aspects of
the datacenter-based scheme.

8.

The defendant MIKHAIL ANDREEV was a resident of the Russian

Federation and the Ukraine and worked for Ad Network #1. ANDREEV handled

programming aspects ofthe datacenter-based scheme.
9.

The defendant DENIS AVDEEV was a citizen of the Russian

Federation and worked for Ad Network #1. AVDEEV handled technical and business

aspects ofthe datacenter-based scheme.
10.

The defendant DMITRY NOVIKOV was a resident ofthe Russian

Federation and worked for Ad Network #1. NOVIKOV handled administrative and

coordination aspects ofthe datacenter-based scheme.
11.

The defendant SERGEY OVSYANNIKOV was a citizen of the

Republic of Kazakhstan. He led the development ofthe botnet-based scheme and provided

 Case 1:18-cr-00633-ERK Document 8 Filed 11/27/18 Page 4 of 34 PageID #: 51

technical assistance to the operators ofthe datacenter-based scheme. OVSYANNIKOV

served as a principal and owner of Ad Network #2,the identity of which is known to the
Grand Jury. Ad Network #2 was a private corporation owned by OVSYANNIKOV and
ALEKSANDRISAEV with a registration address in Edinburgh, Scotland. It purported to
assist customers with delivering advertisements to real human internet users via its ad
networks.

12.

The defendant ALEKSANDR ISAEV was a citizen of the Russian

Federation and served as a principal, owner and chief executive officer of Ad Network #2.
ISAEV handled business and contracting aspects ofthe botnet-based scheme.
13.

The defendant YEVGENIY TIMCHENKO was a resident ofthe

Republic of Kazakhstan and worked at Ad Network #2. TIMCHENKO handled logistical
and administrative aspects ofthe botnet-based scheme.
II.

The Schemes to Defraud
A.

The Datacenter-Based Scheme

14.

In or about September 2014,ZHUKOV,TIMOKHIN,ANDREEV,

AVDEEV and NOVIKOV (collectively, the "Methbot defendants")launched a digital

advertising fraud scheme under the guise of operating Ad Network #1. Ad Network #1 had
business arrangements with other advertising networks that enabled it to receive payment in
return for placing advertising placeholders("ad tags") with publishers on behalf ofthose
advertising networks. Rather than place these ad tags on real publishers' webpages,
however,ZHUKOV and others rented more than 1,900 computer servers located at
commercial datacenters in Dallas, Texas, and elsewhere, and used those datacenter computer

servers to simulate humans viewing ads on fabricated webpages. By these means,the

 Case 1:18-cr-00633-ERK Document 8 Filed 11/27/18 Page 5 of 34 PageID #: 52

Methbot defendants caused thousands of datacenter computer servers to load fabricated

webpages, offer up the advertising space on the fabricated webpages for bidding, and load
advertisements on the fabricated webpages through an automated computer program. This
activity (the "fraudulent ad traffic") was not viewed by any real human internet users.
15.

ZHUKOV and others programmed the datacenter computer servers to

load fabricated webpages—that is, mostly blank webpages containing a blank space for an

ad—that purported to be located at the domains of well-known publishers. ZHUKOV
researched lucrative domains to fabricate and ran online searches for the "top 10000

domains" and "top 100k domains." ZHUKOV then sent TIMOKHIN "new domains to try,"
deliberately targeting "the top USA desktop domains" for businesses in the United States.
In this way,the Methbot defendants fabricated (or "spoofed") more than 250,000 webpages
distributed across more than 5,000 domains associated with online publishers, including the
domains ofthousands of businesses in the United States and multiple businesses in the
Eastern District of New York.

16.

TIMOKHIN,ANDREEV and others also programmed the datacenter

computer servers to simulate the internet activity of real human internet users when loading
the fabricated webpages, in order to deceive SSPs and others in the digital advertising
industry and to evade fraud detection software widely used in the industry. They developed

programming code that caused the datacenter computer servers to operate an automated
browser, click on online advertisements a randomly determined number oftimes, simulate a

mouse moving around and scrolling down a webpage, control and monitor video playback,
and falsely appear to be signed into popular social media services. The programming code

 Case 1:18-cr-00633-ERK Document 8 Filed 11/27/18 Page 6 of 34 PageID #: 53

contained explicit references to "Meth" and "Fake," including "MethBrowser,"

"MethFlashObjects,""FakeClient" and "FakedPixel."
17.

In furtherance of their fraudulent scheme,the Methbot defendants

communicated with one another about the development ofthis programming code using an
online project management platform. For example:
(a)

On or about October 25,2014, ANDREEV circulated

programming code and stated that it was designed to ensure that signals coming from the
datacenter computer servers had the correct'"browser' parameters."
(b)

On or about October 28, 2014, NOVIKOV instructed

TIMOKHIN to carry out "research about how to make 'mouse moves and scroll more
realistic/meaningful"' on the datacenter computer servers. ZHUKOV similarly instructed
TIMOKHIN to address the "lack of mouse move," an undertaking that continued over the

following year. TIMOKHIN researched methods for simulating mouse movements by,for
example, running an online search for "actionscript simulate mouse click."
(c)

On or about October 28, 2014, NOVIKOV discussed

"[ejmulating 'video watch'" on the datacenter computer servers and cautioned that "[t]he
videos need to be clicked on and watched for 60-90 seconds." This was because advertisers

often would not pay for a video impression unless they knew that the user had watched the
video for a substantial amount oftime.

(d)

On or about November 21,2014, ANDREEV circulated

programming code and stated that it was designed to set the datacenter computer servers'"IP

 Case 1:18-cr-00633-ERK Document 8 Filed 11/27/18 Page 7 of 34 PageID #: 54

address time zone" to "EST"—^Eastern Standard Time—^"by default." Earlier that day,
ANDREEV had run an online search for "new york timezone."

(e)

On or about December 1, 2014, ANDREEV circulated

programming code designed to cause the datacenter computer servers to automatically start
and stop an online video player, and stated,"Basically this is how it is possible to generate
the events."

(f)

In a to-do list dated June 25,2015,ZHUKOV instructed

TIMOKHIN to cause the datacenter computer servers to appear to be signed into Facebook:
"add authorization for Facebook [] users. There is Google, twitter too;[but] no FB (There

should be approximately 40% ofthem.)"
(g)

On or about August 4,2015,ZHUKOV stated that he intended

to research the fraud detection software deployed by certain U.S. cybersecurity firms and
"check [] out [their] filter for the possibility offucking them over."
18.

On or about October 16, 2016, after discovering that the signals coming

from the datacenter computer servers did not register as fraudulent with a certain U.S.
cybersecurity firm,ZHUKOV boasted to TIMOKHIN that their scheme was "magnificent."
On or about December 10, 2016,ZHUKOV sent an email to a potential business partner in
which he offered "100% USA traffic" that could pass through "filters" from various U.S.
cybersecurity firms and amounted to "20-50 millions [sic] impressions daily."
19.

To further deceive SSPs and others in the digital advertising industry

into believing that the datacenter computer servers were genuine human users,ZHUKOV
and others leased more than 650,000 Internet Protocol("IP") addresses from various IP

 Case 1:18-cr-00633-ERK Document 8 Filed 11/27/18 Page 8 of 34 PageID #: 55
8

address leasing companies and assigned multiple IP addresses to each ofthe datacenter
computer servers. ZHUKOV,AVDEEV and others then created false entries for the

datacenter computer servers in a global register ofIP addresses. These false entries made it
appear that the datacenter computer servers controlled by the Methbot defendants were

residential computers belonging to individual human internet users who were subscribed to
various residential internet service providers. For example:
(a)

Several ofthe false IP address registry entries misappropriated

or mimicked the corporate identities of at least six major U.S. internet service providers,
including at least one provider with offices in the Eastern District of New York. ZHUKOV
maintained a list ofthese and other false corporate names in his cloud storage account.

None ofthe IP addresses registered in the respective U.S. internet service providers' real or
mimicked names was actually in their possession, custody or control. In this way,the
Methbot defendants sought to make it appear to SSPs and others that the computers in

question belonged to customers ofthese internet service providers, rather than being located
in datacenters.

(b)

For the same reason, the Methbot defendants also incorporated

false usage and location information into the IP address registries. For example, on or about
May 13,2016, AVDEEV directed an IP leasing company to change the "Usage type" for
approximately 261,000 leased IP addresses from "commercial" or "datacenter" to "ISP"
(internet service provider), ascribe a more diverse set of cities and states to the leased IP
addresses, and reduce the number of leased IP addresses associated with certain small cities
to more realistic levels commensurate with their populations. In this way,the Methbot

 Case 1:18-cr-00633-ERK Document 8 Filed 11/27/18 Page 9 of 34 PageID #: 56

defendants sought to make it appear to SSPs and others that the computers in question
belonged to real human internet users located in homes and businesses around the country.
20.

The Methbot defendants thus created the illusion that real human

internet users were visiting real internet webpages. ZHUKOV and others solicited bids on
the opportunity to show advertisements to those purported users. In response, DSPs bid on
those opportunities. The winning DSPs made payments to SSPs(using money provided by
brands)in return for the purported impressions, and the SSPs transferred those payments to
advertising networks to be passed along the chain ofintermediaries described above.
21.

OVSYANNIKOV collaborated with the Methbot defendants to

knowingly obtain fraudulent ad traffic for his own companies. OVSYANNIKOV did
business with the Methbot defendants, purchased fraudulent ad traffic from the Methbot
defendants and provided the Methbot defendants with technical advice and assistance to
ensure that the fraudulent ad traffic passed as real. For example, on or about October 22,
2014, OVSYANNIKOV instructed NOVIKOV that the datacenter computer servers'

automated browsers needed to include "accept-language" in their headers—vindicating the

purported user's preferred language—to evade fraud detection software. Similarly, in or
about November 2014, OVSYANNIKOV discussed the concept of"mouse move" with the
Methbot defendants.

22.

Over the course ofthe scheme,the Methbot defendants falsified

billions of ad impressions. Hundreds of brands and ad agencies around the world, including
many in the United States and at least one with offices in the Eastern District of New York,

 Case 1:18-cr-00633-ERK Document 8 Filed 11/27/18 Page 10 of 34 PageID #: 57
10

collectively paid more than $7 million in advertising fees for fraudulent ad traffic. The
Methbot defendants, in turn, reaped millions of dollars in revenue.
23.

The Methbot defendants recorded the revenue from the datacenter-

based scheme—which amounted to 10s ofthousands of dollars daily—using an online

control panel that tracked the millions of bids solicited by the datacenter computer servers

each day and the millions of resulting ad impressions falsified each day. For example,

during a single day in October 2016,the Methbot defendants recorded more than $56,000 in
revenue from placing more than 442 million fraudulent bid requests and falsifying more than
16 million ad impressions.
24.

The Methbot defendants re-invested some ofthe proceeds from the

datacenter-based scheme to perpetuate the fraud, and they concealed other proceeds by

transferring them to other companies. For example,ZHUKOV directed payments from ad
networks to a corporate bank account located in the Czech Republic, which he then used to

pay for servers and IP addresses used in the scheme. ZHUKOV also redirected $5.4 million
from the account to a corporate bank account located in New Zealand.
25.

On or about December 20,2016, researchers at a private cybersecurity

firm based in New York City publicly revealed the operation ofthe datacenter-based scheme
in a white paper titled "The Methbot Operation."
26.

The Methbot defendants reacted to the publication of the white paper

by attempting to delete evidence. They deleted all of their communications from the online
project management platform that they used to develop the scheme, and they deleted more
than 26,000 emails from an email account identified in the white paper, which was the

 Case 1:18-cr-00633-ERK Document 8 Filed 11/27/18 Page 11 of 34 PageID #: 58
11

registration email account for more than 1,400 IP addresses used in the scheme.
TIMOKHIN also deleted more than 96,000 emails from his own email account, which

contained explicit discussions ofthe scheme and referenced more than 15,500 IP addresses
used in the scheme.

27.

In the days after the publication ofthe white paper, ANDREEV

researched whether he had been publicly associated with the scheme; for example,
ANDREEV ran online searches for "russian hackers methbot" and "mikhail andreev

methbot." In communications with associates, ANDREEV privately acknowledged his

association with the scheme, speculated that he was "being investigated by the FBI,"
admitted to writing code for the scheme "[a]t the initial stage" and explained that "[t]he
companies that get fooled consider it fraud."
B.

The Botnet-Based Scheme

28.

In or about December 2015, OVSYANNIKOV,ISAEV and

TIMCHENKO (collectively, the "Eve 2A defendants") launched another digital advertising
fraud scheme under the guise of operating Ad Network #2.

29.

Ad Network #2 had business arrangements with other advertising

networks that enabled it to receive payment in return for placing ad tags with publishers on
behalf ofthose advertising networks. Rather than place these ad tags on real publishers'

webpages, however. Ad Network #2 obtained access to a network of computers that had been
hacked with malware(a "botnet") and used those infected computers—without their true
owners' knowledge or permission—to load ads on fabricated webpages.

 Case 1:18-cr-00633-ERK Document 8 Filed 11/27/18 Page 12 of 34 PageID #: 59
12

30.

At a single point in time, OVSYANNIKOV and others accessed more

than 1.7 million infected computers, including approximately 1 million in the United States
and more than 1,500 at residences and businesses in the Eastern District of New York. The

overall number ofinfected computers over the course ofthe scheme was much larger.
31.

OVSYANNIKOV and others caused the infected computers to load

fabricated webpages—^in this instance, mostly blank webpages containing an intemal
placeholder for an ad and embedded with computer code instructing the browser to load a
video player—that purported to be articles and other content on the domains of well-known

publishers. OVSYANNIKOV and TIMCHENKO researched domains to fabricate,
deliberately targeting domains for businesses in the United States, and placed promising
domains on a running list titled '*New companies for spoofing." OVSYANNIKOV also
maintained lists of domains in his cloud storage account and on servers that he controlled.
The domains included more than 86,000 domains associated with online publishers,

including the domains ofthousands of businesses in the United States and multiple
businesses in the Eastern District of New York.

32.

To carry out the scheme, OVSYANNIKOV,TIMCHENKO and others

developed an elaborate infrastructure of command-and-control servers and other servers
designed to provide instructions, resources and means of obfuscation to the infected

computers. These servers were located in the United States and around the world, including
in Missouri, California, New Jersey and the Netherlands. TIMCHENKO deliberately chose

certain U.S. service providers because they had the "coolest processors" and a "larger" cache
(for temporary data storage)than competing providers. OVSYANNIKOV maintained a

 Case 1:18-cr-00633-ERK Document 8 Filed 11/27/18 Page 13 of 34 PageID #: 60
13

collaborative spreadsheet in his cloud storage account titled "[Ad Network] Structure.

Hosting and Domains" that set out this infrastructure and listed many of the servers involved
in the scheme(including several designated as repositories of"spoof webpages).

TIMCHENKO had access and editing privileges to the spreadsheet; ISAEV had read-only
access to the spreadsheet.
33.

The Eve 2A defendants' servers performed various functions:
(a)

The infected computers communicated with the "Redirect

Servers," which provided them with instructions to connect to the "Fraudulent Content
Servers."

(b)

The Fraudulent Content Servers(including those described by

OVSYANNIKOV in his spreadsheet as repositories of"spoof webpages)supplied infected

computers with fabricated webpages purporting to be located at the spoofed domains. The
infected computers loaded the fabricated webpages on hidden browsers that were invisible to
the computers' true owners. The infected computers then downloaded digital video players
for use in "watching" video advertisements in the relevant ad spaces on the fabricated
webpages.

(c)

The infected computers again communicated with the Redirect

Servers, which supplied them with ad tags and caused them to contact SSPs and offer up the

advertising space on the fabricated webpages for bidding. During this process, the infected
computers sent the SSPs information including, among other things, their IP addresses, the
webpage addresses for the fabricated webpages,the dimensions ofthe places in which the
advertisements would play, and the technical specifications ofthe video players.

 Case 1:18-cr-00633-ERK Document 8 Filed 11/27/18 Page 14 of 34 PageID #: 61
14

(d)

The Redirect Servers meanwhile communicated with "Backend

Servers" thousands oftimes per hour. The Backend Servers contained lists of online
publishers' domains, as well as computer code designed to respond to incoming
communications with domains to be spoofed and ad tags containing instructions to contact an
SSP. The Backend Servers also contained computer code designed to vet the IP addresses

ofinfected computers to check and record whether the computers already had been flagged
by cybersecurity companies as associated with digital advertising fraud.
(e)

Over the course ofthe scheme,the Eve 2A defendants' servers

connected with over 15 million IP addresses worldwide.

34.

OVSYANNIKOV explained the resulting system to his co-conspirators

in a communication on April 20, 2016. "[Y]ou give me a company," he began, and then

provided a web address that included a major U.S. retailer's domain; he continued,"the hot
takes that link [and] sets itself accordingly" so that the "spoofed domain" would be

"[retailer].com" and the "host ip" would be "www2," OVSYANNIKOV's nickname for one
ofthe Fraudulent Content Servers.

35.

By these means,the Eve 2A defendants caused millions ofinfected

computers around the world to surreptitiously download fabricated webpages, offer up the
advertising space on the fabricated webpages for bidding, and load advertisements on the
fabricated webpages. All the while, the infected computers' true owners saw none ofthis
activity. Thus,the advertisements were not viewed by any real human internet users.
36.

To evade fraud detection software, the Eve 2A defendants vetted the

information emitted from their hots. They developed programming code designed to check
and record whether the IP address and other identifying characteristics of a particular hot had

 Case 1:18-cr-00633-ERK Document 8 Filed 11/27/18 Page 15 of 34 PageID #: 62
15

already been flagged by cybersecurity companies as associated with digital advertising fraud.
Over the course of approximately four months, they employed the code to vet more than 9.7
million IP addresses worldwide, including more than 4 million in the United States and more
than 8,300 in the Eastern District of New York. OVSYANNIKOV cautioned others not to

direct traffic from hots that had already been flagged by cybersecurity companies to SSPs
that were relying on those cybersecurity companies.
37.

The Eve 2A defendants thus created the illusion that real human

internet users were visiting real internet webpages. OVSYANNIKOV and others solicited
bids on the opportunity to show advertisements to those purported users. In response, DSPs
bid on those opportunities. The winning DSPs made payments to SSPs(using money
provided by brands)in return for the purported impressions, and the SSPs transferred those
payments to advertising networks to be passed along the chain of intermediaries described
above.

38.

The Eve 2A defendants recorded the revenue from the botnet-based

scheme using various spreadsheets that tracked the millions of bids solicited by the infected

computers each day and the millions ofresulting ad impressions falsified each day.
39.

Over the course ofthe scheme,the Eve 2A defendants falsified billions

of ad impressions. Hundreds of brands and ad agencies around the world, including many in
the United States and at least one with offices in the Eastern District of New York,

collectively paid 10s of millions of dollars in advertising fees for these falsified ad
impressions. The Eve 2A defendants, in turn, reaped 10s of millions of dollars in revenue.
For example,from January 2016 through May 2017,the Eve 2A defendants received more
than $29 million in revenue from the scheme.

 Case 1:18-cr-00633-ERK Document 8 Filed 11/27/18 Page 16 of 34 PageID #: 63
16

40.

The Eve 2A defendants re-invested some ofthe proceeds from the

botnet-based scheme to perpetuate the fraud. For example, OVSYANNIKOV and ISAEV
directed payments from ad networks to corporate bank accounts in the Czech Republic and
Switzerland, at least one of which they then used to pay for servers used in the scheme.
41.

The Eve 2A defendants sought to conceal other proceeds by layering

the funds amongst various shell companies, each of which contained no public website or
outward-facing business. For example:
(a)

On or about December 1, 2016, OVSYANNIKOV obtained a

list of"high filling" publishers' domains from an employee of an ad network, who requested
that OVSYANNIKOV "increase [his] traffic." The next day,TIMCHENKO added 10 of
the domains to the running list of"New companies for spoofing." In or about March 2017,
the ad network paid more than $340,000 into Ad Network #2's bank account in the Czech

Republic, with the notation "December revenue," as payment for advertising traffic. Funds
were subsequently wired from Ad Network #2's account to shell entities, including an entity
controlled by OVSYANNIKOV and another entity that in turn wired the funds directly to
ISAEV. None ofthese entities had any public website or outward-facing business.
(b)

In or around and between July 2016 and May 2017, Ad Network

#2's account also wired approximately $1.2 million into accounts in Switzerland, held in the
name of an entity controlled by OVSYANNIKOV. This entity, too, lacked any public
website or outward-facing business.

42.

On or about October 22, 2018,foreign law enforcement authorities

arrested OVSYANNIKOV in Kuala Lumpur, Malaysia. OVSYANNIKOV sought to notify

 Case 1:18-cr-00633-ERK Document 8 Filed 11/27/18 Page 17 of 34 PageID #: 64
17

his co-conspirators of his arrest, and ISAEV and TIMCHENKO subsequently deleted the
contents of their email accounts and online cloud storage accounts used in the scheme.
III.

The Victims
43.

The datacenter-based scheme and the botnet-based scheme victimized

numerous players in the digital advertising industry.
44.

The schemes victimized brands who sought opportunities to advertise

their goods and services to real human internet users but lost those opportunities and instead

paid for advertisements automatically loaded by computers.
45.

The schemes victimized online publishers by creating false and

fraudulent webpages purporting to be located at real publishers' domains, stealing the
publishers' identities and misappropriating those identities for a fraudulent purpose,
undermining the reputation and credibility ofthose publishers in the ad market and reducing

the revenues that the actual publishers would otherwise earn.
46.

The schemes victimized ad platforms—the SSPs and DSPs—by

misusing these clearinghouses of ad traffic for fraud.
47.

The datacenter-based scheme victimized internet service providers by

stealing their corporate identities for the purpose ofregistering IP addresses with false
information.

48.

The botnet-based scheme victimized individuals and businesses whose

computers were used, without their knowledge or authorization, to perpetrate the fraud.

 Case 1:18-cr-00633-ERK Document 8 Filed 11/27/18 Page 18 of 34 PageID #: 65
18

COUNT ONE

(Wire Fraud Conspiracy—^Datacenter-Based Scheme)
49.

The allegations contained in paragraphs one through 27 and 43 through

47 are realleged and incorporated as though fully set forth in this paragraph.
50.

In or about and between September 2014 and December 2016, both

dates being approximate and inclusive, within the Eastern District ofNew York and
elsewhere, the defendants ALEKSANDR ZHUKOV,BORIS TIMOKHIN, MIKHAIL

ANDREEV,DENIS AVDEEV,DMITRY NOVIKOV and SERGEY OVSYANNIKOV,

together with others, did knowingly and intentionally conspire to devise a scheme and
artifice to defraud brands, ad platforms and others in the digital advertising industry, and to

obtain money and property from brands, ad platforms and others in the digital advertising
industry by means of materially false and fraudulent pretenses, representations and promises,
and for the purpose of executing such scheme and artifice, to transmit and cause to be
transmitted by means of wire communication in interstate and foreign commerce, writings,
signs, signals, pictures and sounds,to wit: electronic communications to computers and
servers in the United States and elsewhere, emails and other online communications and

monetary transfers, contrary to Title 18, United States Code, Section 1343.
(Title 18, United States Code, Sections 1349 and 3551 et seq.I
COUNT TWO

(Wire Fraud—^Datacenter-Based Scheme)

51.

The allegations contained in paragraphs one through 27 and 43 through

47 are realleged and incorporated as though fully set forth in this paragraph.

 Case 1:18-cr-00633-ERK Document 8 Filed 11/27/18 Page 19 of 34 PageID #: 66
19

52.

In or about and between September 2014 and December 2016, both

dates being approximate and inclusive, within the Eastern District of New York and
elsewhere, the defendants ALEKSANDR ZHUKOV,BORIS TIMOKHIN,MIKHAIL
ANDREEV,DENIS AVDEEV,DMITRY NOVIKOV and SERGEY OVSYANNIKOV,

together with others, did knowingly and intentionally devise a scheme and artifice to defraud

brands, ad platforms and others in the digital advertising industry, and to obtain money and
property from brands, ad platforms and others in the digital advertising industry by means of
materially false and fraudulent pretenses, representations and promises, and for the purpose

of executing such scheme and artifice, did transmit and cause to be transmitted by means of
wire communication in interstate and foreign commerce, writings, signs, signals, pictures and
sounds, to wit: electronic communications to computers and servers in the United States and
elsewhere, emails and other online communications and monetary transfers.
(Title 18, United States Code, Sections 1343,2 and 3551 et SQq.)
COUNT THREE

(Money Laundering Conspiracy—Datacenter-Based Scheme)

53.

The allegations contained in paragraphs one through 27 and 43 through

47 are realleged and incorporated as though fully set forth in this paragraph.
54.

In or about and between September 2014 and December 2016, both

dates being approximate and inclusive, within the Eastern District of New York and
elsewhere, the defendants ALEKSANDR ZHUKOV,BORIS TIMOKHIN,MIKHAIL
ANDREEV,DENIS AVDEEV and DMITRY NOVIKOV,together with others, did
knowingly and intentionally conspire to:

 Case 1:18-cr-00633-ERK Document 8 Filed 11/27/18 Page 20 of 34 PageID #: 67
20

(a)

transport, transmit and transfer monetary instruments and funds

from a place in the United States to and through a place outside the United States and to a

place in the United States from and through a place outside the United States,(i) with the
intent to promote the carrying on ofone or more specified unlawful activities, to wit: wire
fraud, in violation of Title 18, United States Code, Section 1343, and wire fraud conspiracy,
in violation of Title 18, United States Code, Section 1349, contrary to Title 18, United States

Code, Section 1956(a)(2)(A); and (ii) knowing that the monetary instruments and funds
involved in the transportation, transmission and transfer represented the proceeds ofsome
form of unlawful activity, and knowing that such transportation, transmission and transfer
was designed in whole and in part to conceal and disguise the nature, location, source,

ownership and control ofthe proceeds of one or more specified unlawful activities, to wit:
wire fraud, in violation of Title 18, United States Code, Section 1343, and wire fraud

conspiracy, in violation of Title 18, United States Code, Section 1349, contrary to Title 18,
United States Code, Section 1956(a)(2)(B)(i); and

(b)

engage in one or more monetary transactions within the United

States involving property of a value greater than $10,000 that was derived from one or more
specified unlawful activities, to wit: wire fraud, in violation of Title 18, United States Code,
Section 1343, and wire fraud conspiracy, in violation of Title 18, United States Code, Section
1349, knowing that the funds were the proceeds ofsome unlawful activities and were in fact
proceeds of one or more specified unlawful activities, to wit: wire fraud, in violation of Title
18, United States Code, Section 1343, and wire fraud conspiracy, in violation of Title 18,

United States Code, Section 1349, contrary to Title 18, United States Code, Section 1957(a).
(Title 18, United States Code, Sections 1956(h) and 3551 et seq.)

 Case 1:18-cr-00633-ERK Document 8 Filed 11/27/18 Page 21 of 34 PageID #: 68
21

COUNT FOUR

(Engaging in Monetary Transactions in Property Derived from Specified Unlawful
Activity—Datacenter-Based Scheme)

55.

The allegations contained in paragraphs one through 27 and 43 through

47 are realleged and incorporated as though fully set forth in this paragraph.
56.

In or about and between September 2014 and December 2016, both

dates being approximate and inclusive, within the Eastern District of New York and
elsewhere, the defendants ALEKSANDR ZHUKOV,BORIS TIMOKHIN,MIKHAIL

ANDREEV,DENIS AVDEEV and DMITRY NOVIKOV,together with others, did

knowingly and intentionally engage in one or more monetary transactions within the United
States involving property of a value greater than $10,000 that was derived from one or more
specified unlawful activities, to wit: wire fraud, in violation of Title 18, United States Code,
Section 1343, and wire fraud conspiracy, in violation of Title 18, United States Code, Section
1349, knowing that the funds were the proceeds ofsome unlawful activities and were in fact

proceeds of one or more specified unlawful activities, to wit: wire fraud, in violation of Title
18, United States Code, Section 1343, and wire fraud conspiracy, in violation of Title 18,
United States Code, Section 1349.

(Title 18, United States Code, Sections 1957(a),2 and 3551 et seq.)
COUNT FIVE

(Wire Fraud Conspiracy—Botnet-Based Scheme)
57.

The allegations contained in paragraphs one through 13 and 28 through

46 and 48 are realleged and incorporated as though fully set forth in this paragraph.
58.

In or about and between December 2015 and October 2018, both dates

being approximate and inclusive, within the Eastern District of New York and elsewhere, the

 Case 1:18-cr-00633-ERK Document 8 Filed 11/27/18 Page 22 of 34 PageID #: 69
22

defendants SERGEY OVSYANNIKOV,ALEKSANDRISAEV and YEVGENIY

TIMCHENKO,together with others, did knowingly and intentionally conspire to devise a
scheme and artifice to defiraud brands, ad platforms and others in the digital advertising

industry, and to obtain money and property from brands, ad platforms and others in the
digital advertising industry by means of materially false and fraudulent pretenses,

representations and promises, and for the purpose of executing such scheme and artifice, to
transmit and cause to be transmitted by means of wire communication in interstate and

foreign commerce, writings, signs, signals, pictures and sounds, to wit: electronic
communications to computers and servers in the United States and elsewhere, emails and
other online communications and monetary transfers, contrary to Title 18, United States
Code, Section 1343.

(Title 18, United States Code, Sections 1349 and 3551 et seq.l
COUNT SIX

(Wire Fraud—Botnet-Based Scheme)

59.

The allegations contained in paragraphs one through 13 and 28 through

46 and 48 are realleged and incorporated as though fully set forth in this paragraph.
60.

In or about and between December 2015 and October 2018, both dates

being approximate and inclusive, within the Eastern District of New York and elsewhere, the
defendants SERGEY OVSYANNIKOV,ALEKSANDR ISAEV and YEVGENIY

TIMCHENKO,together with others, did knowingly and intentionally devise a scheme and
artifice to defraud brands, ad platforms and others in the digital advertising industry, and to

obtain money and property from brands, ad platforms and others in the digital advertising

industry by means of materially false and fraudulent pretenses, representations and promises,

 Case 1:18-cr-00633-ERK Document 8 Filed 11/27/18 Page 23 of 34 PageID #: 70
23

and for the purpose of executing such scheme and artifice, did transmit and cause to be

transmitted by means of wire communication in interstate and foreign commerce, writings,
signs, signals, pictures and sounds, to wit: electronic communications to computers and
servers in the United States and elsewhere, emails and other online communications and

monetary transfers.
(Title 18, United States Code, Sections 1343,2 and 3551 et seq.^
COUNT SEVEN

(Aggravated Identity Theft—Botnet-Based Scheme)

61.

The allegations contained in paragraphs one through 13 and 28 through

46 and 48 are realleged and incorporated as though fully set forth in this paragraph.
62.

In or about and between December 2015 and October 2018,both dates

being approximate and inclusive, within the Eastem District of New York and elsewhere, the
defendants SERGEY OVSYANNIKOV,ALEKSANDRISAEV and YEVGENIY

TIMCHENKO,together with others, during and in relation to the crimes charged in Counts

Five and Six, did knowingly and intentionally transfer, possess and use, without lawful
authority, one or more means ofidentification of other persons, to wit: IP addresses and other
information, knowing that these means of identification belonged to said persons.
(Title 18, United States Code, Sections 1028A(a)(l), 1028A(b), 1028A(c)(4),
2 and 3551 et seq.i

 Case 1:18-cr-00633-ERK Document 8 Filed 11/27/18 Page 24 of 34 PageID #: 71
24

COUNT EIGHT

(Conspiracy to Commit Computer Intrusions—^Botnet-Based Scheme)
63.

The allegations contained in paragraphs one through 13 and 28 through

46 and 48 are realleged and incorporated as though fully set forth in this paragraph.
64.

In or about and between December 2015 and October 2018, both dates

being approximate and inclusive, within the Eastem District of New York and elsewhere, the
defendants SERGEY OVSYANNIKOV,ALEKSANDRISAEV and YEVGENIY

TIMCHENKO,together with others, did knowingly and willfully conspire to:
(a)

intentionally access one or more computers without

authorization and exceed authorized access, and thereby to obtain information from one or
more protected computers for the purpose of commercial advantage and private financial
gain, and in furtherance of criminal and tortious acts in violation ofthe laws ofthe United

States and any State, and the value ofthe information obtained exceeded $5,000, contrary to
Title 18, United States Code, Sections 1030(a)(2), 1030(b), 1030(c)(2)(A) and 1030(c)(2)(B);

(b)

with intent to defraud access one or more protected computers

without authorization, and exceed authorized access, and by means ofsuch conduct to further
the intended fraud and obtain something of value, to wit: the use of a computer, information
and United States and foreign currency, contrary to Title 18, United States Code, Sections
1030(a)(4), 1030(b) and 1030(c)(3)(A); and

(c)

(i) knowingly cause the transmission of a program, information,

code and command,and as a result ofsuch conduct, intentionally cause damage without
authorization affecting 10 or more protected computers during a one-year period; and (ii)

intentionally access one or more protected computers without authorization, and as a result of

 Case 1:18-cr-00633-ERK Document 8 Filed 11/27/18 Page 25 of 34 PageID #: 72
25

such conduct, recklessly cause damage affecting 10 or more protected computers during a
one-year period, contrary to Title 18, United States Code, Sections 1030(a)(5), 1030(b) and
1030(c)(4).

65.

In furtherance ofthe conspiracy and to effect its objects, within the

Eastern District of New York and elsewhere, the defendants SERGEY OVSYANNIKOV,

ALEKSANDRISAEV and YEVGENIY TIMCHENKO,together with others, committed
and caused to be committed, among others, the following:
OVERT ACTS

(a)

On or about April 20,2016, OVSYANNIKOV sent an online

message to his co-conspirators explaining how computers in the botnet would be instructed
to spoof a domain.
(b)

On or about August 8,2016,ISAEV sent an invoice to an ad

network for advertising services.
(c)

On or about February 27,2017,TIMCHENKO logged in to the

administrative panel of one ofthe Fraudulent Content Servers.
(d)

On or about May 17,2018, OVSYANNIKOV,ISAEV and

TIMCHENKO,together with others, caused an infected computer belonging to a business in
Blue Point, New York,to surreptitiously download a fabricated webpage, offer up the

advertising space on the fabricated webpage for bidding and load an advertisement on the
fabricated webpage for a nonprofit hospital located in West Islip, New York, all without the
knowledge or permission ofthe infected computer's true owner.
(Title 18, United States Code, Sections 371 and 3551 et seq.")

 Case 1:18-cr-00633-ERK Document 8 Filed 11/27/18 Page 26 of 34 PageID #: 73
26

COUNT NINE

(Computer Intrusion and Obtaining Information—^Botnet-Based Scheme)
66.

The allegations contained in paragraphs one through 13 and 28 through

46 and 48 are realleged and incorporated as though fully set forth in this paragraph.
67.

In or about and between December 2015 and October 2018, both dates

being approximate and inclusive, within the Eastern District of New York and elsewhere, the
defendants SERGEY OVSYANNIKOV,ALEKSANDRISAEV and YEVGENIY

TIMCHENKO,together with others, did knowingly and intentionally access, and attempt to

access, one or more computers without authorization and exceed authorized access, and
thereby did obtain information from one or more protected computers for the purpose of
commercial advantage and private financial gain, and in furtherance of criminal and tortious
acts in violation ofthe laws ofthe United States and any State, and the value ofthe
information obtained exceeded $5,000.

(Title 18, United States Code, Sections 1030(a)(2), 1030(b), 1030(c)(2)(A),
1030(c)(2)(B), 2 and 3551 et seq.l
COUNT TEN

(Computer Intrusion in Furtherance of Fraud—^Botnet-Based Scheme)
68.

The allegations contained in paragraphs one through 13 and 28 through

46 and 48 are realleged and incorporated as though fully set forth in this paragraph.
69.

In or about and between December 2015 and October 2018, both dates

being approximate and inclusive, within the Eastern District of New York and elsewhere, the
defendants SERGEY OVSYANNIKOV,ALEKSANDR ISAEV and YEVGENIY

TIMCHENKO,together with others, did knowingly and with intent to defraud access, and

 Case 1:18-cr-00633-ERK Document 8 Filed 11/27/18 Page 27 of 34 PageID #: 74
27

attempt to access, one or more protected computers without authorization, and exceed
authorized access, and by means ofsuch conduct did further the intended fraud and obtain

something of value, to wit: the use of a computer, information and United States and foreign
currency.

(Title 18, United States Code, Sections 1030(a)(4), 1030(b), 1030(c)(3)(A), 2

and 3551 et seq.^
COUNT ELEVEN

(Computer Intrusion and Causing Damage—Botnet-Based Scheme)

70.

The allegations contained in paragraphs one through 13 and 28 through

46 and 48 are realleged and incorporated as though fully set forth in this paragraph.
71.

In or about and between December 2015 and October 2018, both dates

being approximate and inclusive, within the Eastem District of New York and elsewhere, the
defendants SERGEY OVSYANNIKOV,ALEKSANDR ISAEV and YEVGENIY

TIMCHENKO,together with others, did:(i) knowingly cause the transmission ofa program,
information, code and command,and as a result ofsuch conduct, intentionally cause damage

without authorization affecting 10 or more protected computers during a one-year period;
and (ii) intentionally access a protected computer without authorization, and as a result of
such conduct, recklessly cause damage affecting 10 or more protected computers during a
one-year period.

(Title 18, United States Code, Sections 1030(a)(5), 1030(b), 1030(c)(4), 2 and
3551 et seq.)

 Case 1:18-cr-00633-ERK Document 8 Filed 11/27/18 Page 28 of 34 PageID #: 75
28

COUNT TWELVE

(Money Laundering Conspiracy^—Botnet-Based Scheme)

72.

The allegations contained in paragraphs one through 13 and 28 through

46 and 48 are realleged and incorporated as though fiilly set forth in this paragraph.
73.

In or about and between December 2015 and October 2018, both dates

being approximate and inclusive, within the Eastern District of New York and elsewhere, the
defendants SERGEY OVSYANNIKOV,ALEKSANDRISAEV and YEVGENIY

TIMCHENKO,together with others, did knowingly and intentionally conspire to:
(a)

transport, transmit and transfer monetary instruments and funds

from a place in the United States to and through a place outside the United States and to a
place in the United States from and through a place outside the United States,(i) with the
intent to promote the carrying on of one or more specified unlawful activities, to wit: wire

fraud, in violation of Title 18, United States Code, Section 1343, wire fraud conspiracy, in
violation of Title 18, United States Code, Section 1349, and computer intrusion, in violation
of Title 18, United States Code, Sections 1030(a)(2),(a)(4) and (a)(5), contrary to Title 18,

United States Code, Section 1956(a)(2)(A); and (ii) knowing that the monetary instruments

and funds involved in the transportation, transmission and transfer represented the proceeds
ofsome form of unlawful activity, and knowing that such transportation, transmission and

transfer was designed in whole and in part to conceal and disguise the nature, location,

source, ownership and control ofthe proceeds of one or more specified unlawful activities, to
wit: wire fraud, in violation of Title 18, United States Code,Section 1343, wire fraud

conspiracy, in violation of Title 18, United States Code, Section 1349, and computer

 Case 1:18-cr-00633-ERK Document 8 Filed 11/27/18 Page 29 of 34 PageID #: 76
29

intrusion, in violation of Title 18, United States Code, Sections 1030(a)(2),(a)(4) and (a)(5),

contrary to Title 18, United States Code, Section 1956(a)(2)(B)(i); and
(b)

engage in one or more monetary transactions within the United

States involving property of a value greater than $10,000 that was derived from one or more

specified unlawful activities, to wit: wire fraud, in violation of Title 18, United States Code,
Section 1343, wire fraud conspiracy, in violation of Title 18, United States Code, Section
1349, and computer intrusion, in violation of Title 18, United States Code, Sections

1030(a)(2),(a)(4) and (a)(5), knowing that the funds were the proceeds ofsome unlawful
activities and were in fact proceeds of one or more specified unlawful activities, to wit: wire
fraud,in violation of Title 18, United States Code, Section 1343, wire fraud conspiracy, in

violation of Title 18, United States Code, Section 1349, and computer intrusion, in violation
of Title 18, United States Code, Sections 1030(a)(2),(a)(4) and (a)(5), contrary to Title 18,
United States Code, Section 1957(a).
(Title 18, United States Code, Sections 1956(h) and 3551 et seg.)
COUNT THIRTEEN

(Engaging in Monetary Transactions in Property Derived from Specified Unlawful
Activity—Botnet-Based Scheme)
74.

The allegations contained in paragraphs one through 13 and 28 through

46 and 48 are realleged and incorporated as though fully set forth in this paragraph.
75.

In or about and between December 2015 and October 2018,both dates

being approximate and inclusive, within the Eastern District of New York and elsewhere, the
defendants SERGEY OVSYANNIKOV,ALEKSANDRISAEV and YEVGENIY

TIMCHENKO,together with others, did knowingly and intentionally engage in one or more

monetary transactions within the United States involving property of a value greater than

 Case 1:18-cr-00633-ERK Document 8 Filed 11/27/18 Page 30 of 34 PageID #: 77
30

$10,000 that was derived from one or more specified unlawful activities, to wit: wire fraud,
in violation of Title 18, United States Code, Section 1343, wire fraud conspiracy, in violation
of Title 18, United States Code, Section 1349, and computer intrusion, in violation of Title
18, United States Code, Sections 1030(a)(2),(a)(4) and (a)(5), knowing that the funds were
the proceeds ofsome unlawful activities and were in fact proceeds of one or more specified
unlawful activities, to wit: wire fraud, in violation of Title 18, United States Code,Section

1343, wire fraud conspiracy, in violation of Title 18, United States Code, Section 1349, and
computer intrusion, in violation of Title 18, United States Code, Sections 1030(a)(2),(a)(4)
and (a)(5).

(Title 18, United States Code, Sections 1957(a), 2 and 3551 et seq.)
CRIMINAL FORFEITURE ALLEGATION

AS TO COUNTS ONE.TWO.FIVE AND SIX

76.

The United States hereby gives notice to the defendants charged in

Counts One, Two,Five and Six that, upon their conviction ofsuch offenses, the government
will seek forfeiture in accordance with Title 18, United States Code, Section 981(a)(1)(C)

and Title 28, United States Code, Section 2461(c), which require any person convicted of
such offenses to forfeit any property, real or personal, constituting or derived from proceeds
obtained directly or indirectly as a result ofsuch offenses.
77.

If any ofthe above-described forfeitable property, as a result of any act

or omission ofthe defendants:

(a)

cannot be located upon the exercise of due diligence;

(b)

has been transferred or sold to, or deposited with, a third party;

(c)

has been placed beyond the jurisdiction of the court;

 Case 1:18-cr-00633-ERK Document 8 Filed 11/27/18 Page 31 of 34 PageID #: 78
31

(d)

has been substantially diminished in value; or

(e)

has been commingled with other property which cannot be

divided without difficulty;

it is the intent ofthe United States, pursuant to Title 21, United States Code, Section 853(p),
to seek forfeiture of any other property ofthe defendants up to the value ofthe forfeitable
property described in this forfeiture allegation.
(Title 18, United States Code, Section 981(a)(1)(C); Title 21, United States
Code, Section 853(p); Title 28, United States Code, Section 2461(c))
CRIMINAL FORFEITURE ALLEGATION
AS TO COUNTS THREE.FOUR.TWELVE AND TfflRTEEN

78.

The United States hereby gives notice to the defendants charged in

Counts Three, Four, Twelve and Thirteen that, upon their conviction ofsuch offenses, the
government will seek forfeiture in accordance with Title 18, United States Code, Section
982(a)(1), which requires any person convicted ofsuch offenses to forfeit any property, real
or personal, involved in such offenses, or any property traceable to such property.

79.

If any ofthe above-described forfeitable property, as a result of any act

or omission of the defendants:

(a) cannot be located upon the exercise of due diligence;
(b) has been transferred or sold to, or deposited with, a third party;

(c) has been placed beyond the jurisdiction of the court;
(d) has been substantially diminished in value; or

(e) has been commingled with other property which cannot be divided
without difficulty;

 Case 1:18-cr-00633-ERK Document 8 Filed 11/27/18 Page 32 of 34 PageID #: 79
32

it is the intent ofthe United States, pursuant to Title 21, United States Code, Section 853(p),

as incorporated by Title 18, United States Code, Section 982(b)(1), to seek forfeiture of any
other property ofthe defendants up to the value ofthe forfeitable property described in this
forfeiture allegation.

(Title 18, United States Code, Sections 982(a)(1) and 982(b)(1); Title 21,
United States Code, Section 853(p))
CRIMINAL FORFEITURE ALLEGATION
AS TO COUNTS EIGHT THROUGH ELEVEN

80.

The United States hereby gives notice to the defendants charged in

Counts Eight through Eleven that, upon their conviction ofsuch offenses, the government
will seek forfeiture in accordance with Title 18, United States Code, Sections 982(a)(2)(B)

and 1030(i)(l), which require any person convicted of such offenses to forfeit any property

constituting, or derived from,proceeds obtained directly or indirectly as a result ofsuch
offenses, and such person's interest in any personal property that was used or intended to be
used to commit or to facilitate such offenses, including but not limited to the following
domain names:

(a)

adzos.com;

(b)

clickandia.com

(c)

webvideocore.com;

(d)

clickservers.net;

(e)

clickmediallc.net;

(f)

mobapptrack.com; and

(g)

rtbclick.net.

 Case 1:18-cr-00633-ERK Document 8 Filed 11/27/18 Page 33 of 34 PageID #: 80
33

81.

If any ofthe above-described forfeitable property, as a result of any act

or omission ofthe defendants:

(a)

cannot be located upon the exercise of due diligence;

(b)

has been transferred or sold to, or deposited with, a third party;

(c)

has been placed beyond the jurisdiction ofthe court;

(d)

has been substantially diminished in value; or

(e)

has been commingled with other property which cannot be

divided without difficulty;

it is the intent ofthe United States, pursuant to Title 21, United States Code, Section 853(p),

as incorporated by Title 18, United States Code, Sections 982(b)(1) and 1030(i)(2), to seek
forfeiture of any other property ofthe defendants up to the value ofthe forfeitable property
described in this forfeiture allegation.

(Title 18, United States Code, Sections 982(a)(2)(B), 982(b)(1), 1030(i)(l) and
1030(i)(2); Title 21, United States Code,Section 853(p))
A TRUE BILL

FORBPBRSON

RICHARD P. DONOGl

UNITED STATES ATTORNEY
EASTERN DISTRICT OF NEW YORK

 THE UNITED STATES OF AMERICA

CRIMINAL DIVISION

EASTERN District of NEW YORK

UNITED STATES DISTRICT COURT

INDICTMENT

TIMCHENKO,
Defendants.

ALEKSANDR ZHUKOV,BORIS TIMOKHIN,MIKHAIL
ANDREEV,DENIS AVDEEV,DMITRY NOVIKOV,SERGEY
OVSYANNIKOV,ALEKSANDR ISAEV and YEVGENIY

No.

Bail, $

of

A.D.20

day,

Saritha Komatireddy, Alexander Mindlin, Michael Keilty,
Assistant US,Attorneys(718)254-7000

Filed in open court this

Clerk

(T. 18, U.S.C., §§ 371, 981(a)(1)(C), 982(a)(1), 982(a)(2)(B), 982(b)(1), 1028A(a)(l), 1028A(b), 1028A(c)(4), 1030(a)(2), 1030(a)(4),
1030(a)(5), 1030(b), 1030(c)(2)(A), 1030(c)(2)(B), 1030(c)(3)(A), 1030(c)(4), 1030(i)(l), 1030(i)(2), 1343, 1349, 1956(h), 1957(a), 2
and 3551 et scfl.; T. 21, U.S.C., § 853(p); T. 28, U.S.C., § 2461(c))

JUN. 85

FORM DBD-34

F.#: 2016R02228

Case 1:18-cr-00633-ERK Document 8 Filed 11/27/18 Page 34 of 34 PageID #: 81