Russian cybercriminals have built a new high-tech fraud enterprise: Showing real ads to fake people.
The fraud has siphoned more than $180 million from the online ad industry, according to researchers.
Dubbed “Methbot,” it is a new twist in an increasingly complex world of online crime, according to White Ops, the cybersecurity firm that discovered the operation.
“This is a very advanced cyber operation on a scale no one’s seen before,” said Eddie Schwartz, White Ops chief operating officer.
Methbot, so nicknamed because the fake browser refers to itself as the “methbrowser,” operates as a sham intermediary advertising ring: Companies would pay millions to run expensive video ads. Then they would deliver those ads to what appeared to be major websites. In reality, criminals had created more than 250,000 counterfeit web pages no real person was visiting.
White Ops first spotted the criminal operation in October, and it is making up to $5 million per day — by generating up to 300 million fake “video impressions” daily.
In the past, hackers have figured out how to deliver malvertising (viruses through ads) and how to fake clicks on ads. But this is another level.
According to White Ops, criminals acquired massive blocks of IP addresses — 500,000 of them — from two of the world’s five major internet registries. Then they configured them so that they appeared to be located all over the United States.
They built custom software so that computers (at those legitimate data centers) acted like real people viewing those ads. These “people” even appeared to have Facebook accounts (they didn’t), so that premium ads were served.
Hackers fooled ad fraud blockers because they figured out how to build software that mimicked a real person who only surfed during the daytime — using the Google Chrome web browser on a Macbook laptop.
“The Methbot is a beautiful simulacrum of a real browser. It’s gotten better over time. And by better, I mean, a more perfect life-like copy,” said White Ops CEO Michael Tiffany.
That’s why it wasn’t caught for two months.
“This is the kind theft in which nothing has gone missing,” Tiffany said.
However, media experts noted that the additional fake 300 million “views” now existing in the advertising marketplace does put significant pressure on media companies who are competing over an audience that doesn’t really exist.
White Ops said its researchers traced back Methbot’s creators to individual hackers in Russia, but the firm would not release additional details on the record.
Traditionally, doing so could prevent FBI agents from setting up sting operations to arrest them when traveling abroad.
White Ops said it’s going public with this information — including technical details of the criminal enterprise — in an attempt to coordinate an industrywide effort to stop it.