A New York-based cybersecurity firm today announced that it uncovered the largest-ever fraud network targeting online publishers and advertisers. The scheme, dubbed “Methbot,” has earned as much as $5 million daily, according to researchers at White Ops.
Methbot used a network of servers in the U.S. and Europe to create as many as 300 million phony video ad “impressions” daily on bogus websites to trick advertisers into paying the fraudsters instead of legitimate sites the marketers thought their ads were showing up on.
“In a unique twist, these impressions appear for sale on programmatic advertising markets as premium ad spots on name brand websites,” White Ops said in a statement, referring to automated ad-placement auctions publishers use. The group added that “6,111 domains, drawn from the most popular sites on the web, have been victimized this way.”
Methbot made it look like hundreds of thousands of people, mostly in the U.S., were watching real video ads from real companies on more than 6,000 fake websites that mimicked well-known publishers, including CNN, ESPN, Vogue and The New York Times.
The criminal ring’s gains come out of the pockets of companies paying for digital ads and also, potentially, of the websites that could have hosted those ads if they were legitimate.
The revelation of the fraud and ongoing anxiety about where ad dollars are going could make it harder for legitimate web publishers to make money from ads if brands become more suspicious, said Forrester digital publishing expert Susan Bidel.
“It’s the advertiser’s money that’s being stolen, it’s the publisher’s reputation. It punishes all of publishing,” she said.
Brands need to insist that advertising-technology platforms and ad agencies show them exactly what they are paying for -- where ads end up, Bidel said. Right now, that’s difficult to determine because of the number of companies and networks involved in automatically placing digital ads on sites that have ad holes to fill.
Fraud has long been a problem in the roughly $187 billion global digital-ad market. White Ops, which sells antifraud software to ad agencies and other advertising players, estimated in January that “bot” ad fraud would amount to $7 billion globally this year. The company will put out a 2017 estimate in May.
White Ops President Eddie Schwartz said he can’t assign a total value on the amount the Russian group has stolen because it’s not clear when the Methbot scam began. But the firm estimates that the scammers were getting $3 million to $5 million per day since roughly early October, and the fraud is still going on.
“White Ops is very well respected company, and I would imagine that is as serious as they are saying,” said Susan Bidel, a senior analyst at Forrester Research.
According to White Ops, Methbot operators are using a customized web browser to avoid detection in an operation whose the size and sophistication are unprecedented. The firm believes Methbot is the work of hackers based in Russia, which coincidentally U.S. intelligence officials have accused of trying to influence the U.S. presidential election through cyberattacks. White Ops, however, has no evidence linking the Methbot hackers to the break-ins at the Democratic Natonal Committee and elsewhere.
“We have got physical evidence that we’ve shared with federal law enforcement as part of an active investigation,” said Eddie Schwartz, White Ops president and chief operating officer, adding that the company first made these overtures about a month ago. He wouldn’t name the group or say which law enforcement agency is working on the case.
Schwartz said this is more “evidence that there are some very well-organized, well-funded groups that are able to take significant amounts of money out of the U.S. economy.”