The biggest fraud to date, fake pages and a botnet to steal $ 180 million


Every time we hear more about security issues related to the digital data, the clearest example is the Yahoo and its more than 1,500 million stolen accounts. Another example is that DDoS attack that threw some services for several hours, which was related to the security void that exists in some devices Internet of Things.

Today White Ops, company security research is revealing some details of what is considered “the largest and most profitable operation digital advertising fraud to date”. A fraud was carried out thank you a sophisticated network of bots Russians that went unnoticed for more than two months, which meant losses of more than $ 180 million.

Image Source: Google Image

Losses for more than 180 million dollars

This botnet was developed by the Russian hacking group ‘Ad Fraud Komanda’ or AFK13. This advanced automated system is known as Methbot, and their task was to consume ads, mainly video, and so do advertisers have to pay for digital advertising between 3 and 5 million dollars a day.

For this to work, the hackers created a fictional advertising firm where they offered to large companies to host their ads on sites like ESPN, CBS Sports, Vogue, Fox News, among others. To achieve this, they set up fake web pages that ultimately nobody visited, so they had to use between 800 and 1,200 dedicated servers located in the United States and the Netherlands.

You may also like to read another article on TheKindle3Books: The robots are programmable and their materials will be also thanks to MIT

Once assembled, it was time to activate Methbot. The army of bots was distributed in 571,904 IP addresses assigned to providers such as Verizon, Comcast and other ISPs based in the United States. These bots were programmed to see ads mounted on fake webs, so hackers could charge advertisers.

The real magic of all this is that every bot was programmed so that the fraud detection algorithms would not skip, i.e. each bot was active only during the day, pretended to be using Chrome on a Mac, and even had a Facebook profile. With this, they never raised suspicions and statistics showed what appeared to be real people. The key was that each bot saw between two and three videos per day, as well as simulating a user’s actions, such as movements and mouse clicks, or false logins on social networks.

White Ops estimates that AFK13 accounted for 300 million impressions per day, earning between $ 3 million and $ 5 million. An operation that was kept secret for more than two months, where advertisers were paying for ads that never reached a human eye. This operation is placed as the largest fraud scheme ever, an operation that still has unknowns such as the process that carried out to collect, or how they managed to hire the servers to operate illegally, all without anyone noticing.