In a conference room nine floors above London's St. Giles High Street, a Russian engineer named Sasha booted up a computer and began giving me instructions.
"First step, let's go to some website," he commanded. "AdAge.com, how about that one?" As the page loaded on my browser, a stream of code ran down the screen in a separate window to the left. After a few seconds, Sasha explained what was happening. "I'm afraid that when you're dealing with our team, you shouldn't just go to a website when we tell you," he said. The computer, brand new, was already infected. "You are participating in a botnet."
Actually, the connection I was operating on was hacked, not AdAge.com; visiting any site on the internet would have infected the computer. But Sasha appeared to be enjoying my discomfort, and his work was just beginning.
Sasha is a member of Google's secretive antifraud team. The unit, numbering more than 100, is locked in a war against an unknown quantity of cybercriminals who are actively siphoning billions of dollars out of the digital advertising industry, primarily via the creation of robotic traffic that appears human. Mysterious to many even within Google, the group has never spoken to an outsider about the way it hunts botnets, let alone allowed someone into its offices to observe the process. But that silence ended the moment Sasha opened his computer.
For players on the web both big and small, digital ad fraud is a significant and growing problem. The flow of advertising dollars to digital media from TV and print, accompanied by digital's movement toward automation, has turned the space into fertile ground for some of the internet's worst actors. According to a study by the fraud-fighting firm White Ops and the Association of National Advertisers, $6.3 billion will be lost to ad fraud in 2015. And Google, the biggest advertising technology company on the planet, stands to lose the most because of the enormous amount of transactions running through its ad servers, automated-buying platform and ad exchange every day. If advertisers believed the company's operation were fraud-filled, they could take their money elsewhere and the business would falter.
The best available reckoning of Google's ad-tech dominance comes from a data pull by Ghostery, an ad-technology company that monitors ad tags on the web. In the month of September 2013, the most recent estimate available from the company, Ghostery found Google technology served 316 billion ad impressions. The next largest company, OpenX, came in at 84.4 billion. The heft means Google is exposed when it comes to fraud, but it also puts it in position to lead the fight against the problem. Until now, the company was content to work against fraud from behind the scenes, but it's hard to lead while keeping quiet, part of the reason it is speaking to Ad Age.
"Sharing our point of view and our stance on it, our level of investment, is something that we think will help the rest of the industry along," said Neal Mohan, Google VP-video and display ad products.
Google's decision led to my trip across the Atlantic this spring, to embed with Sasha and his colleagues, as they opened up the door to one of the most important and best-protected secret units of the web. Though almost every word spoken was on the record, Sasha and a number of his fellow Google employees asked to be referred to by their first names, saying they were concerned for their safety. "Because it is part of organized crime, I'm guessing it would not be a friendly environment for the people that speak out against it," said one team member.