So far the fraud has siphoned more than $180 million from the online ad industry.
Security outfit White Ops have named the technique “Methbot,” and said that it is a very advanced cyber operation on a scale no one’s seen before.
Eddie Schwartz, White Ops chief operating officer said that Methbot, so nicknamed because the fake browser refers to itself as the “methbrowser,” operates as a sham intermediary advertising ring.
Companies would pay millions to run expensive video ads. Then they would deliver those ads to what appeared to be major websites. What they didn’t know was that the criminals had created more than 250,000 counterfeit web pages no real person was visiting.
White Ops first spotted the criminal operation in October, and it is making up to $5 million per day — by generating up to 300 million fake “video impressions” daily.
According to White Ops, criminals acquired massive blocks of IP addresses — 500,000 of them — from two of the world’s five major internet registries. Then they configured them so that they appeared to be located all over the United States.
They built custom software so that computers (at those legitimate data centres) acted like real people viewing those ads. These “people” even appeared to have Facebook accounts (they didn’t), so that premium ads were served.
Hackers avoided ad-fraud blockers because the software mimics a real person who only surfed during the daytime — using the Google Chrome web browser on a Macbook laptop.
However, media experts noted that the additional fake 300 million “views” now existing in the advertising marketplace does put significant pressure on media companies who are competing over an audience that doesn’t really exist.
White Ops said its researchers traced back Methbot’s creators to individual hackers in Russia, but the firm would not release additional details on the record.