By Robin Kurzer
This week, a federal court indicted eight individuals for their roles in widespread digital advertising fraud, with charges ranging from wire fraud and computer intrusion to aggravated identity theft and money laundering.
The news is the latest chapter in a multi-year investigation of ad fraud botnets initiated by ad fraud security firm WhiteOps in 2016. Botnets are complex networks of computers, IP addresses and automation that mimic human behavior on websites to siphon ad dollars from unsuspecting advertisers led to believe their ads are getting served to real people.
3ve and Methbot botnets. WhiteOps worked with Google and an alliance of nearly 20 companies representing the interests of ad tech, security, and internet infrastructure to investigate the fraudulent activity. According to WhiteOps, the botnet 3ve (pronounced “eve”) infected a minimum of 1.7 million computers at any given time, counterfeited more than 10,000 websites and generated between 3 to 12 billion requests per day to sell fake online advertising.
The indictment is against three so-called ‘bot kingpins’ of the infamous botnets known as Methbot and 3ve, as well as other parties that were involved. Per Bjorke, product manager of ad traffic quality at Google, said in a blog post that the FBI coordinated a takedown of the 3ve’s infrastructure, making it hard to rebuild.
Richard P. Donoghue, United States Attorney for the Eastern District of New York, said in a statement: “This case sends a powerful message that this Office, together with our law enforcement partners, will use all our available resources to target and dismantle these costly schemes and bring their perpetrators to justice, wherever they are.”
“Remarkably sophisticated.” Because of the breadth and complexity of botnet systems, they are incredibly difficult to take down. Google says that “at its peak, [3ve] controlled over 1 million IPs from both residential malware infections and corporate IP spaces primarily in North America and Europe.”
It gets even more complicated. In the course of the investigation of 3ve, the group found a sophisticated operation that generated billions of fraudulent ad bid requests and it created thousands of spoofed fraudulent domains.
“3ve was remarkably sophisticated,” said Tamer Hassan, CTO of WhiteOps. “It showed every indication of a well-organized engineering operation with best practices in software development. It exhibited reliability, resilience and scale, rivaling many state-of-the-art software architectures.”
Why you should care. These massive fraud operations hurt advertisers and undermine the digital advertising ecosystem as a whole. Google said the detected growth in ad bid requests didn’t necessarily mean there was a growth in transactions that resulted in charges to advertisers and that the “bid request volume was only a small percentage of overall bid request volume across the industry,” but the FBI said it cost advertisers millions of dollars and undermined confidence in the process.
FBI Assistant Director-in-Charge William Sweeney said, “[T]hese individuals built complex, fraudulent digital advertising infrastructure for the express purpose of misleading and defrauding companies who believed they were acting in good faith, costing them millions of dollars. This kind of exploitation undermines confidence …read more
Read more here:: Marketingland-advertising