Skip to Content

How Russian Hackers Stole $5 Million a Day from U.S. Advertisers

Using clever bots to reinvent an old click fraud technique turned out to be lucrative.
December 21, 2016

American advertisers have been duped into paying for millions of dollars of online ad placement every day by Russian criminals armed with a network of bots.

Security research company White Ops has uncovered what it calls the “largest and most profitable ad fraud operation to strike digital advertising to date.” Hackers created an automated system for racking up ad views that was sophisticated enough for nobody to notice the problem for two months—costing advertisers as much as $180 million in the process.

The trick was simple. The criminals acted as an advertising firm, promising to host ads on sites like Fox News, ESPN, or CBS Sports. In reality, they built fake Web pages that no real person would visit. Then they used a sophisticated army of bots, known as Methbot, scattered across 500,000 different U.S. IP addresses, to view the ads.

The smart part is that those bots were programmed to be active during the daytime, appeared to be using Chrome on a Mac, and even had fake Facebook accounts. To anyone checking stats, they looked like real people. "[It] is a beautiful simulacrum of a real browser," explained White Ops CEO Michael Tiffany to CNN. "This is the kind of theft in which nothing has gone missing."

Fake traffic is bad news for advertisers, because they have to pay up without a human eye ever seeing the promotion. And in this case, it really hurt: the approach netted the hackers between $3 million and $5 million per day.

It’s by no means a new idea, of course. Hijacking ads using robotic clicks has been a problem for as long as pay-per-click advertising has been online. Way back in in 2005, New Scientist suggested that Google’s AdWords platform could be at risk from such attacks. But the latest scam is notable for its scale and smarts.

Trouble-making bots have run amok in 2016. Over the past few months, an army of Internet-connected devices has been corralled and controlled to take down large swaths of the Internet. The bad news is that, unlike the ad-scamming bots,  they’re growing in number, up for hire—and dangerous.

(Read more: White Ops, CNN, “IoT Botnets Are Growing—and Up for Hire,” “Security Experts Warn Congress That the Internet of Things Could Kill People”)

Keep Reading

Most Popular

Conceptual illustration of a therapy session
Conceptual illustration of a therapy session

The therapists using AI to make therapy better

Researchers are learning more about how therapy works by examining the language therapists use with clients. It could lead to more people getting better, and staying better.

street in Kabul at night
street in Kabul at night

Can Afghanistan’s underground “sneakernet” survive the Taliban?

A once-thriving network of merchants selling digital content to people without internet connections is struggling under Taliban rule.

Conceptual illustration showing a file folder with the China flag and various papers flying out of it
Conceptual illustration showing a file folder with the China flag and various papers flying out of it

The US crackdown on Chinese economic espionage is a mess. We have the data to show it.

The US government’s China Initiative sought to protect national security. In the most comprehensive analysis of cases to date, MIT Technology Review reveals how far it has strayed from its goals.

IBM engineers at Ames Research Center
IBM engineers at Ames Research Center

Where computing might go next

The future of computing depends in part on how we reckon with its past.

Stay connected

Illustration by Rose WongIllustration by Rose Wong

Get the latest updates from
MIT Technology Review

Discover special offers, top stories, upcoming events, and more.

Thank you for submitting your email!

Explore more newsletters

It looks like something went wrong.

We’re having trouble saving your preferences. Try refreshing this page and updating them one more time. If you continue to get this message, reach out to us at with a list of newsletters you’d like to receive.