Russian Fraudsters Stole Up to $5 Million per Day With Fake Video-Ad Views, Security Firm Claims
LOS ANGELES - A sophisticated Russian-based cybercrime ring has spoofed online-video advertising on a massive scale, generating up to 300 million bogus video views daily and raking in upwards of $5 million per day from U.S. advertisers, according to a report from security firm White Ops.
Some 6,111 domain names were targeted by the ring, dubbed by White Ops as "The Methbot Operation" because of references to meth in the code used to perpetrate the fraud. Those include ABC.Go.com, CNBC.com, CNN.com, WSJ.com, Comcast.net, Discovery.com, Economist.com, ESPN.com, Facebook.com, FoxNews.com, MTV.com, NYTimes.com, Reddit.com, Verizon.com, Vevo.com and Variety.com, according to White Ops.
The "Methbot" crew targeted premium programmatic video-ad inventory, and made the impressions appear for sale on ad markets as premium ad spots on name-brand websites. The fraudsters operated hundreds of servers from data centers in the U.S. and Amsterdam, and used a custom-written web browser to reduce the likelihood of detection, according to White Ops. The Methbot operation also faked the data collected by viewability-measurement providers, including video time watched and engagement actions like mouse movements.
The report from White Ops, a privately held company based in New York City, has not been independently verified. White Ops has an interest in publicizing its findings, because it sells verification and optimization solutions to the advertising industry. But the company did provide a statement from Mike Zaneis, CEO of the Trustworthy Accountability Group (TAG), a digital-advertising industry consortium, to bolster its claims.
"This particular attack highlights the massive scale of the fraudsters and their growing sophistication," Zaneis said in a prepared statement. "Given the most advanced feature of this operation -- its forged IP space -- we believe TAG's information sharing platform will allow responsible industry actors to mitigate the threat quickly and effectively."
Methbot has used a network of proxies running on 571,904 unique Internet Protocol addresses, which were falsified to appear as if they came from large ISPs including Comcast, Verizon, AT&T and Cox Communications, White Ops said. The company said it has notified law-enforcement agencies and is working with them to investigate the bot ring.
The ad rates the Russian criminals were able to illicitly charge ranged from $3.27 to $36.72 per thousand views, with an average cost per thousand (CPM) of $13.04, White Ops said.