American advertisers have been duped into paying for millions of dollars of online ad placement every day by Russian criminals armed with a network of bots.
Security research company White Ops has uncovered what it calls the “largest and most profitable ad fraud operation to strike digital advertising to date.” Hackers created an automated system for racking up ad views that was sophisticated enough for nobody to notice the problem for two months—costing advertisers as much as $180 million in the process.
The trick was simple. The criminals acted as an advertising firm, promising to host ads on sites like Fox News, ESPN, or CBS Sports. In reality, they built fake Web pages that no real person would visit. Then they used a sophisticated army of bots, known as Methbot, scattered across 500,000 different U.S. IP addresses, to view the ads.
The smart part is that those bots were programmed to be active during the daytime, appeared to be using Chrome on a Mac, and even had fake Facebook accounts. To anyone checking stats, they looked like real people. "[It] is a beautiful simulacrum of a real browser," explained White Ops CEO Michael Tiffany to CNN. "This is the kind of theft in which nothing has gone missing."
Fake traffic is bad news for advertisers, because they have to pay up without a human eye ever seeing the promotion. And in this case, it really hurt: the approach netted the hackers between $3 million and $5 million per day.
It’s by no means a new idea, of course. Hijacking ads using robotic clicks has been a problem for as long as pay-per-click advertising has been online. Way back in in 2005, New Scientist suggested that Google’s AdWords platform could be at risk from such attacks. But the latest scam is notable for its scale and smarts.
Trouble-making bots have run amok in 2016. Over the past few months, an army of Internet-connected devices has been corralled and controlled to take down large swaths of the Internet. The bad news is that, unlike the ad-scamming bots, they’re growing in number, up for hire—and dangerous.
A Roomba recorded a woman on the toilet. How did screenshots end up on Facebook?
Robot vacuum companies say your images are safe, but a sprawling global supply chain for data from our devices creates risk.
A startup says it’s begun releasing particles into the atmosphere, in an effort to tweak the climate
Make Sunsets is already attempting to earn revenue for geoengineering, a move likely to provoke widespread criticism.
10 Breakthrough Technologies 2023
These exclusive satellite images show that Saudi Arabia’s sci-fi megacity is well underway
Weirdly, any recent work on The Line doesn’t show up on Google Maps. But we got the images anyway.
Get the latest updates from
MIT Technology Review
Discover special offers, top stories, upcoming events, and more.