The biggest ad fraud ever: A group of Russian hackers are reportedly making somewhere between USD 3-5 mn a day, security firm White Ops claimed, “it’s the biggest digital ad fraud ever uncovered and perpetrated by faking clicks on video ads.” Forbes’ Thomas Fox-Brewster, writes the perpetrators, Ad Fraud Komanda or AFK13, started by creating more than “6,000 domains and 250,267 distinct URLs within those that appeared to belong to real big-name publishers, from ESPN to Vogue. But all that could be hosted on the page was a video ad. With faked domain registrations, they were able to trick algorithms that decided where the most profitable ads would go into buying their fraudulent web space. Those algorithms typically make bids for ad space most suitable for the advertisement’s intended audience, with the auction complete in milliseconds. But AFK13 were able to game the system so their space was purchased over big-name brands” The hackers then invested in a “bot farm” firing traffic at the ads, driving up their revenue through the pay per clicks system.

These bots “watched” as many as 300 mn video ads a day, replicating actions of real people with “clicks, mouse movements and social network login information” raking in an average payout of USD 13.04 per 1,000 faked views. Fox-Brewster adds “to make those bots appear more real, and thereby bypass normal anti-fraud detection measures, the group obtained hundreds of thousands of IP addresses and associated them with major U.S. internet providers so it looked like they were based in American homes. Those IP addresses were fraudulently obtained from at least two of the world’s five regional Internet registries.” The fraud could have been bigger even because White Ops was only able to analyse data directly observed by it, “the total ongoing monetary losses within the greater advertising ecosystem may be exponentially greater.”