The recently concluded US election had no shortage of controversies. One particular controversy which arguably swung the tide to Donald Trumps’ unlikely win was the hacking of the DNC computers and the leaking of certain emails. Russian hackers are being blamed for the event. Evidently, US politics aren’t the only thing affected by Russian hackers.
A group of Russian criminals are making between $3 million and $5 million every day in a brazen attack on the advertising market, security firm White Ops claimed. It’s the biggest digital ad fraud ever uncovered and perpetrated by faking clicks on video ads, the company said.
The Methbot campaign, which is what investigators call it, deceives ad networks into playing videos on fake sites, which the scammers have also created. The videos are then viewed by bots that are disguised as real people.
The scheme is quite complex. First, the hackers referred to as Ad Fraud Komanda (AFK13), had to register over 6,000 fake domains that spoof real websites. Then they had to create over 250,000 fake URLs that are used to host video ads. The hackers get paid after tricking ad networks into playing video ads on their fake sites. They just had to set the bots up to watch the ads, creating a massive amount of ad views.
The hackers kept in mind the minute details of human behavior while creating these bots. The bots had the mouse movements, the clicks as well as social media login info of actual humans. This is how they pulled off the biggest fraud in the history of internet advertising. This makes us wonder on a lot of things – are any numbers that we see on the internet real?
These “bot farms” are operating out of data centers in the U.S. and the Netherlands. The crooks are then paid by the ad networks for an enormous number of views. The larger the number of ad views, the larger the payout. White Ops estimates the scam is bringing in around $3 million each day for the cybercriminals.
In an effort to shut this operation down, White Ops has teamed with the Trustworthy Accountability Group (TAG) and is releasing the following data:
- IP addresses known to belong to Methbot for advertisers, agencies, and technology providers to block so they can prevent ads from appearing on Methbot inventory.
- Falsified domain list.
- Full URL list to show the magnitude of impact this operation had on the publishing industry. These publishers were impersonated and deprived of revenue opportunities because of this operation.
This type of attack might not affect you directly right now, but if companies continue to lose massive amounts of ad revenue, who knows what the future can bring?