Hackers Make $5M A Day ” Biggest Ad Fraud Ever”

A group of Russian criminals are making between $4 million and $5 million every day in a brazen attack on the advertising market. Amid headlines of “fake news” and censorship, Forbes exposes Methbot – the “biggest digital ad fraud ever” uncovered and perpetrated by faking clicks on video ads.

According to a security firm WhiteOps  who discovered the fraud says that,

“Controlled by a single group based in Russia and operating out of data centers in the US and Netherlands, this “bot farm” generates $3 to $5 million in fraudulent revenue per day by targeting the premium video advertising ecosystem.”

As Forbes’ Thomas Fox-Brewster explains, the crew, which White Ops dubbed Ad Fraud Komanda or “AFK13”, planned their machinations in meticulous detail.

First, they created more than 6,000 domains and 250,267 distinct URLs within those that appeared to belong to real big-name publishers, from ESPN to Vogue. But all that could be hosted on the page was a video ad.

With faked domain registrations, they were able to trick algorithms that decided where the most profitable ads would go into buying their fraudulent web space. Those algorithms typically make bids for ad space most suitable for the advertisement’s intended audience, with the auction complete in milliseconds. But AFK13 were able to game the system so their space was purchased over big-name brands.

AFK13 then invested heavily in a bot farm, taking up space in data centers so they could fire faked traffic from more than 570,000 bots at those ads, thereby driving revenue thanks to the pay per click system they exploited.

As part of what White Ops called the Methbot campaign, those bots “watched” as many as 300 million video ads a day, with an average payout of $13.04 per thousand faked views. And the fraudsters had their bot army replicate the actions of real people, with faked clicks, mouse movements and social network login information.

It’s unclear where the Russian link comes from. Eddie Schwartz, chief operating officer at White Ops, told me the company found links between the data centers and the “unique signals” used by the hackers. He couldn’t provide more details for fear of revealing too much about White Ops’ methods. Nevertheless, he claimed to have “direct attribution” for those behind the crime.

“We have zero doubt this is a group based in Russia, it’s a single group. We’ve actually been working with federal law enforcement for weeks now,” Schwartz added.

Finally Fox-Brewster concludes worryingly, the fraud could be even bigger than reported today.

“Because White Ops is only able to analyze data directly observed by White Ops, the total ongoing monetary losses within the greater advertising ecosystem may be exponentially greater,” the company wrote in its white paper.

“At this point the Methbot operation has become so embedded in the layers of the advertising ecosystem, the only way to shut it down is to make the details public to help affected parties take action.”

Related posts

Water Facilities Must Secure Exposed HMIs – Warns CISA

Glove Stealer Emerges A New Malware Threat For Browsers

ANY.RUN Discovers Tricky Phishing Attack Using Fake CAPTCHA