Stories
Slash Boxes
Comments

SoylentNews is people

posted by janrinok on Sunday December 25 2016, @01:28PM   Printer-friendly
from the at-least-someone-likes-the-advertisers dept.

Here's the Seattle Times with a syndicated NY Times article, http://www.seattletimes.com/nation-world/russian-cybergang-ring-scored-millions-in-giant-ad-fraud/

Researchers say that a Russian cyber-forgery ring has created more than half a million fake internet users and 250,000 fake websites to trick advertisers into collectively paying as much as $5 million a day for video ads that are never watched.

The fraud, which began in September and is still going on, represents a new level of sophistication among criminals who seek to profit by using bots — computer programs that pretend to be people — to cheat advertisers.

"We think that nothing has approached this operation in terms of profitability," said Michael Tiffany, a founder and the chief executive of White Ops, the ad-focused computer security firm that publicly disclosed the fraud in a report Tuesday. "Our adversaries are bringing whole new levels of innovation to ad fraud."

The thieves impersonated more than 6,100 news and content publishers, stealing advertising revenue that marketers intended to run on those sites, White Ops said. The scheme exploited known flaws in digital advertising, including the lack of a consistent, reliable method for tracking ads and ensuring that they are shown to the promised audience.

The spoofed outlets include a who's who of the web: video-laden sites like Fox News and CBS Sports, large news organizations like The New York Times and The Wall Street Journal, major content platforms like Facebook and Yahoo and niche sites like Allrecipes.com and AccuWeather. Although the main targets were in the United States, news organizations in other countries were also affected.

$5 mil/day is enough to support a pretty good sized team, I wonder how big the scamming operation is?


Original Submission

 
This discussion has been archived. No new comments can be posted.
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
  • (Score: 5, Interesting) by Unixnut on Sunday December 25 2016, @04:43PM

    by Unixnut (5779) on Sunday December 25 2016, @04:43PM (#445795)

    It doesn't bother me at all. In fact I think it is genius. For years advertisers have been complaining and fighting (both technically and legally) to prevent ad blocking.

    However maybe we should change tack. Rather than fighting them head on, we should give them clicks they so desire. If rather than an ad-blocker, people ran a bot that basically randomly clicked on ads, we would render them useless.

    Thank about it, companies only pay for Internet adverts because they believe every click/visit is a potential human customer, and the online ad companies make money by tracking/trending people (so they can say to their clients "Look, your new ad resulted in $X increase in clicks, vs a drop of $Y clicks to your nearest competitor. Gives us more money for the ad space!)

    If however we flood the advertisers with random clicks, their clients who are buying the ads may well not be convinced that the clicks are real. It would spread uncertainty and doubt, the value of ad space online would fall, and these companies would start to struggle.

    If the companies did actually believe the bot clicks are real, the price of ad space would go up, they would find the conversion rate ( the rate where clicking on an ad results in a sale) goes down dramatically, and they would consider the cost not worth the money, causing the ad companies to struggle.

    Essentially what we would have is the same as these guys set up, except rather than setting it up to make money via fraud, we would just have it to drain money away from the companies engaged in online advertising.

    Starting Score:    1  point
    Moderation   +3  
       Interesting=2, Underrated=1, Total=3
    Extra 'Interesting' Modifier   0  
    Karma-Bonus Modifier   +1  

    Total Score:   5  
  • (Score: 2, Insightful) by fustakrakich on Sunday December 25 2016, @04:59PM

    by fustakrakich (6150) on Sunday December 25 2016, @04:59PM (#445801) Journal

    It doesn't bother me at all.

    Me neither. What goes around comes around. Where do I sign up? I'll need something to replace my social security which is under a real threat now.

    I do have to admit though, I love how they accuse the Russians of every crime in the books now.

    --
    La politica e i criminali sono la stessa cosa..
  • (Score: 3, Interesting) by edIII on Sunday December 25 2016, @09:06PM

    by edIII (791) on Sunday December 25 2016, @09:06PM (#445868)

    I absolutely love your idea and have been thinking about it for years. Of course, I didn't have a budget they probably had, or the willingness to engage in such complicated fraud.

    However, it may not be as simple as that. These guys are downloading and dealing with malvertisement payloads as well as they are dealing with legit advertisements. All of that stuff has heavy tracking in it that you need to deal with, which may be mitigated by proxying. You need to deal with information leakage from your browsers.

    I imagine they are using a custom scraper that runs on Linux or BSD, which I've been looking into for screen scraping and automation purposes. These scrapers have become Enterprise level in what they are able to accomplish, so I'm not surprised at all that a team could create this.

    Unfortunately, it may be a lot easier to create these systems as headless, and not so much designed for presentation. It would be exceptionally cool if you could request a "sanitized" page for presentation that had every thing else stripped out, but still left the functional javascript for presentation purposes.

    Combine this with something that defeats browser finger printing and you have a real winner.

    --
    Technically, lunchtime is at any moment. It's just a wave function.
    • (Score: 2) by Unixnut on Monday December 26 2016, @12:46PM

      by Unixnut (5779) on Monday December 26 2016, @12:46PM (#446053)

      I will stake a bet that the browser/scraper they are using is casperjs (http://casperjs.org/), a javascript platform that sits on top of a headless browser and lets you inject, scrape and manipulate the site to your whim. It is immensely powerful, especially against modern dynamic sites where simple static scrapers (like BeautifulSoup + urllib2) cannot do.

      I have used both of the above and after reading about this, I can hazard a guess that stack is how they did it.

      Yes, these guys were handling a lot more than the basics, however this was an income stream for them, a business. Also, they probably didn't start out so advanced. Earning 5 million USD a day would have paid for an entire enterprise company, you could have programmers on the payroll banging out all kinds of code.

      Also, the AC below me posted this (hi might be connected to the project), looks like someone has already gotten started on the idea (admittedly with a browser extension). First time I heard of it, and no idea if it is any good, but if you're interested you can find it here: https://adnauseam.io/ [adnauseam.io]

  • (Score: 0) by Anonymous Coward on Monday December 26 2016, @01:21AM

    by Anonymous Coward on Monday December 26 2016, @01:21AM (#445913)
    Here ya go: https://adnauseam.io/ [adnauseam.io]