A complex ad fraud scheme has been siphoning $3 million to $5 million per day since October from the largest U.S. brands and media companies, making it the most profitable and advanced operation seen by the industry to date, according to a new report from WhiteOps, an anti-ad fraud security firm.
By comparison, other large, well-known ad-fraud attacks garnered $200,000 to $900,000 a day, WhiteOps said.
A group of Russian hackers were behind the attack, creating more than half a million fake users and 250,000 fake websites to pull off the scheme, according to WhiteOps. Bots, which are used to mimic human behavior to dupe advertisers in paying for impressions never seen by humans, were used to view some 300 million video ads a day, according to the report.
WhiteOps said it would not release the names of the brands affected by the attack.
The Methbot operation targeted the most expensive advertising on the internet: full-sized video ads served in full view on name-brand sites to users who were logged in to social media and showed signs of engagement like mouse movement, WhiteOps said. The operation was able to avoid notice for weeks by mimicking many of the telltale signals of human interaction monitored by advertisers and anti-fraud firms.
How can this happen?
In the programmatic world, there is no such thing as an authorized reseller of ad inventory. Someone can scoop up a portion of unsold inventory from a publisher's website and later resell it at a higher cost in a process known as arbitrage.
In this case, the Russian hackers allegedly represented themselves as having ad inventory on The New York Times, for example, and sold ad space to major brands. In reality, however, the ads were served on a faux New York Times website that was actually owned by Methbot.
Unlike typical botnets, Methbot was run completely out of data centers using IPs with forged registration data with internet service providers like Verizon, Comcast, AT&T, Cox, CenturyLink and TWC. That helped it bypass datacenter blacklists, WhiteOps said.
"Methbot elevates ad fraud to a whole new level of sophistication and scale," Michael Tiffany, co-founder and CEO of White Ops, said in a statement. "The most expensive advertising on the internet is full-sized video ads, on name brand sites, shown to users who are logged into social media and who show signs of 'engagement.'"
"The Russian operators behind Methbot targeted the most profitable ad categories and publishers," he added. "They built their infrastructure and tools and compromised key pieces of architectural Internet systems to maximize their haul. Methbot is a game changer in ad fraud and further evidence that the issue of human verification is constantly evolving and innovating, not abating."
According to the Association of National Advertisers, ad fraud will cost the industry $7.2 billion in 2016, up nearly $1 billion from the previous year.