A Russian citizen who helped install malware on servers in Minneapolis, Duluth and elsewhere – in an ad click scheme that raked in millions of dollars – will spend nearly four years behind bars.
Maxim Senakh was sentenced to 46 months in prison Thursday, the Department of Justice announced. He'll be deported once his time is up.
He'd actually been indicted back in 2015, then was arrested the next year in Finland before being extradited to the U.S.
He'd pleaded guilty to these cyber crime charges back in March.
What he's accused of doing
Senakh, according to the indictment against him, was accused of installing malware called Ebury on servers across the U.S. It started with a server in Minneapolis in August of 2013, then one in Duluth, before spreading to thousands more.
This Ebury malware could then steal log-in credentials for the servers – allowing hackers like Senakh to take control without anyone knowing.
When someone tried to go to certain websites through those servers, the malware could instead redirect them to an advertisers' website. In turn, Senakh and co. would get paid as if it was an ad click. (We explained how it works in more detail when Senakh pleaded guilty.)
In all, the group – which the Department of Justice described as a criminal enterprise – collected millions of dollars from the scheme.
Pay-per-click fraud, as it's called, is listed by Sophos as one of the go-to methods hackers use to make money through malware.