The biggest fraud to date, false pages and a botnet to steal $180 million
Every time we hear more about security issues related to digital data, the clearest example is Yahoo and its more than 1.5 billion stolen accounts. Another example is that DDoS attack that threw some services for several hours, which was related to the null security that exists in some devices of the Internet of Things.
Today White Ops, company security research is revealing some details of what is considered “the largest and most profitable operation digital advertising fraud to date”. A fraud was carried out thank you a sophisticated network of bots Russians that went unnoticed for more than two months, which meant losses of more than $180 million.
This botnet was developed by the group of Russian hackers ‘Ad Fraud Komanda’ or AFK13. This advanced automated system is known as Methbot, and its task was to consume advertisements, mainly video, and thus make advertisers have to pay for digital advertising between 3 and 5 million dollars a day.
For this to work, the hackers created a fictional advertising firm where they offered to large companies to host their ads on sites like ESPN, CBS Sports, Vogue, Fox News, among others. To achieve this, they set up fictitious web pages that nobody visited at the end, so they had to use between 800 and 1200 dedicated servers located in the United States and Holland.
Once assembled, it was time to activate Methbot. The bot army was spread over 571904 IP addresses assigned to vendors such as Verizon, Comcast and other ISPs based in the United States. These bots were programmed to see ads mounted on fake websites, so hackers could charge advertisers.
The real magic of all this is that every bot was programmed so that the fraud detection algorithms would not skip, ie each bot was active only during the day, pretended to be using Chrome on a Mac, and even had a Facebook profile. With this, they never raised suspicions and statistics showed what appeared to be real people . The key was that each bot saw between two and three videos daily, plus they also simulated a user’s actions, such as movements and mouse clicks, or false logins on social networks.
White Ops estimates that AFK13 accounted for 300 million impressions per day, earning between $3 million and $5 million. An operation that was kept secret for more than two months, where advertisers were paying for ads that never reached a human eye. This operation is placed as the largest fraud scheme ever, an operation that still has unknowns such as the process they carried out to collect, or how they managed to hire the servers to operate illegally, all without anyone noticing.