Stories
Slash Boxes
Comments

SoylentNews is people

posted by janrinok on Thursday November 22 2018, @12:18PM   Printer-friendly
from the one-down,-lots-more-more-to-go dept.

Submitted via IRC for SoyCow1984

Police arrest alleged Russian hacker behind huge Android ad scam

Though the exact details of his alleged crimes won't come to light until his extradition to the US -- where he faces a maximum prison sentence of 20 years -- a Crime Russia report claims Zhukhov may have been involved in a fake advertising network that Google shut down last month.

The scam (outed in a Buzzfeed exposé) used bots to mimic user behaviour on a network of 125 Android apps connected to front and shell companies in Cyprus, Malta, British Virgin Islands, Croatia, and Bulgaria. This fake traffic was used to con brands out of "hundreds of millions" of ad dollars, according to a "person involved in the scheme." However, Google put the figure at $10 million, while Russian newspaper Kommersant says Zhukhov has been charged with ad fraud of up to $7 million, which took place between September 2014 to 2016. During this time, the hacker reportedly operated a network of 50 servers, renting them out to others, who later used them to inflate video ad views.


Original Submission

 
This discussion has been archived. No new comments can be posted.
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
  • (Score: 1) by deimtee on Friday November 23 2018, @01:23AM (3 children)

    by deimtee (3272) on Friday November 23 2018, @01:23AM (#765386) Journal

    I am a bit conflicted on this. These people are obviously scummy con-men, but the only people they took money from are google and the other bastards tracking people and filling the net with ads. Since this will probably damage the whole ad ecosystem, and inspire copycats who will damage it further, I would be tempted to jury nullify any charges on the grounds that they were providing a public service.

    On a more serious note, I am a bit troubled by the assertion that having a computer automatically click a link can be a criminal offense. There are often processes running in computers that could do this. Is it an offense not to look at any page that your browser pre-fetched? If they were breaking the terms of their contracts with ad-servers, that should be a civil matter. It also seems a small step from criminalizing fake clicks to criminalizing ad-blockers.

    --
    If you cough while drinking cheap red wine it really cleans out your sinuses.
  • (Score: 2) by pipedwho on Friday November 23 2018, @05:52AM

    by pipedwho (2032) on Friday November 23 2018, @05:52AM (#765462)

    I think the fraud is at the receiving of the payments for ads that have been automatically clicked.

    Just making an app to click ads in most likely completely legal, and using it as an end user with no contractual agreements to the ad agency that is paying someone for 'clicks' is also most likely completely above board.

    It becomes fraud if you as a supplier to the ad company, come in and say "hey, please pay me for 1 million views of ads on my page", when in fact those 'views' where generated by you (or your agent) and not actual 'viewers'.

    So in this case, someone enlists as a supplier of 'ad impressions' to Google due to people visiting their site. I imagine the agreement includes conditions that stipulate things to make faking impressions against the contract, and payment terms per real view. Now if you come in and say, "look, I've had X number of views" that were in fact 'not views', then that can be potentially prosecuted as fraud (doesn't mean the prosecutor would win, but it opens up the "auto clicker" to legal attack). The consultant that ran the auto-clicker is by extension an agent and accessory to the act of fraud committed by the site owner.

    The court still has to consider intent of each party involved. (i.e. not everyone may have been a willing or knowingly complicit party). But, of course with US justice, where pretty much just being charged is a guaranteed jail/loss to anyone without deep enough pockets to fight it, this distinction may be moot.

  • (Score: 0) by Anonymous Coward on Friday November 23 2018, @07:17AM

    by Anonymous Coward on Friday November 23 2018, @07:17AM (#765473)

    The crime is taking money from the rich.

  • (Score: 2) by darkfeline on Saturday November 24 2018, @11:27AM

    by darkfeline (1030) on Saturday November 24 2018, @11:27AM (#765857) Homepage

    Intent is important when determining if a crime was committed.

    They clearly ran these processes with the intent of defrauding other companies. It's not like a runaway Bash script written by a junior sysadmin "accidentally" hooked up a network of devices to spam ad clicks.

    Fraud is (can be) a crime, it can also be tort. So you can potentially sue the perpetrator both in criminal and civil court (although technically the government prosecutes criminal cases on behalf of the victims).

    Ad blockers don't defraud anyone. Now, if you ran an ad "blocker" that fakes clicks on the ads like Ad Nauseum, that could indeed be considered fraud because you're running it with the explicit intent of causing financial harm to the ad company, although I doubt such a case could be brought to court and won, at least currently.

    --
    Join the SDF Public Access UNIX System today!