White Ops, a pioneer in cybersecurity services for the detection and prevention of sophisticated online fraud in the digital advertising market, announced this week that its security researchers have uncovered the most lucrative and sophisticated ad fraud operation yet seen in the digital advertising industry. Controlled by single group of Russian-based operators and named “The Methbot Operation” after references to “meth” in the code of the bot itself, an estimated $3-5 million per day was culled from major U.S. media companies and brand advertisers through data centers operating in the US and Netherlands. Working with industry leaders in an effort to eradicate this fraud operation, White Ops published the results of its research, which includes detailed information how ad tech companies can squelch Methbot’s profitability.
The Methbot Operation specifically targeted premium programmatic video inventory, generating as much as 200-300 million non-human impressions per day. These impressions appear for sale on programmatic advertising markets as premium ad spots on name brand websites. All told, over 6,000 of the most popular sites on the web, have been defrauded in this manner. Seeking to avoid detection, Methbot uses browser software which is written expressly to reduce the possibility of discovery, a technique which varies widely from typical ad fraud botnets which are operated from infected residential computers and standard web browsers.
“Methbot elevates ad fraud to a whole new level of sophistication and scale,” said Michael Tiffany, co-founder and CEO of White Ops. “The most expensive advertising on the Internet is full-sized video ads, on name brand sites, shown to users who are logged into social media and who show signs of ‘engagement.’ The Russian operators behind Methbot targeted the most profitable ad categories and publishers. They built their infrastructure and tools and compromised key pieces of architectural Internet systems to maximize their haul. Methbot is a game changer in ad fraud and further evidence that the issue of human verification is constantly evolving and innovating, not abating.”
The architects of Methbot displayed their prowess and sophistication in that they clearly studied the entire value chain across digital advertising and trusted Internet practices before creating a tool to game the system. “The Methbot operators clearly have invested research and development time, money and operational know how to create such a large-scale and effective ad fraud operation,” stated Tamer Hassan, co-founder and CTO of White Ops. “Whether it’s the acquisition of IP addresses and domain names, the deep understanding of real-time bidding in programmatic video, or the characteristics of buyers and sellers in the market, the Methbot operators have worked hard to seem legitimate at every level and to ensure unparalleled levels of control, ownership and resiliency/durability.”
Methbot displays a clear sophistication over other more conventional botnets in that it appears human. Methbot uses faked machine cookies to their advantage garnering higher CPMs as advertisers seek to target high-value audiences. Methbot operators also forge cursor movements and clicks along with multiple viewability measures to further mimic observed trends in human behavior. And even more sophisticated techniques were used to create a convincing picture of humanity in that it forges fake social network login information to make it appear as if a user is logged in when an impression occurs. Finally it manipulated geolocation data typically used in programmatic advertising to further increase the value of the fraudulent inventory. Of special note is that the group is not using a shared cyberattack infrastructure or compromised end devices or IoT hardware, but rather their operation is entirely built on custom software and ran completely out of data centers. As noted in White Ops’ report, “Methbot operators invested significant time, research, development, and resources to build infrastructure designed to remove these limitations and provide them with unlimited scale.”
For the full Methbot Operation report, please visit http://whiteops.com/methbot.
About White Ops:
White Ops is a global leader in advertising fraud protection and human verification. Combining data science with advanced security solutions designed to detect and prevent fraudulent advertising activity, our company’s mission is to stop the spread of advertising fraud through our human verification techniques. White Ops works collaboratively with industry groups globally who are dedicated to preventing malicious activity in the advertising space and promoting transparency for the industry as a whole. White Ops is headquartered in New York City with satellite nodes operating in countries around the world. To learn more please visit www.whiteops.com.