Nov 27, 2018 - Technology

Authorities stop giant digital ad fraud scheme

Rebecca Zisser / Axios

The Justice Department announced Tuesday that it has brought criminal charges against eight people on 13 indictments related to a digital ad fraud scheme dubbed "3ve" worth tens of millions of dollars. The scheme, which included three separate operations, was uncovered by Google and fraud detection firm White Ops.

Why it matters: The operation was one of the largest and most sophisticated schemes ever to be uncovered involving digital ad fraud, in which advertisers are charged for bogus ad views. The discovery required unprecedented collaboration between law enforcement and dozens of different private sector groups, many of whom are competitors.

Our thought bubble: It's easier to have such a joint effort between companies and law enforcement when a financial harm is being committed. Although this sort of collaboration is also beginning to occur more often on the organic media side, catching misinformation botnets, there's less financial incentive for it.

Be smart: Per Buzzfeed's Craig Silverman, who broke the story: "With today’s charges and the takedown of 3ve’s systems, the Department of Justice is sending a message that it now recognizes ad fraud for what it is: a global criminal industry that’s stealing billions with impunity and little fear of prosecution."

The details: The indictment was unsealed in federal court in Brooklyn. Eight men — five from Russia, one from Russia and Ukraine and two from Kazakhstan — were charged with criminal violations, including wire fraud, computer intrusion, aggravated identity theft and money laundering. Three of the eight have been arrested.

  • Some experts found the new fraud scheme reminiscent of the now infamous 2016 Methbot ad fraud botnet that stemmed from Russia.

How it works: The fraudsters ran fake ad networks, pushing ads to load on fabricated webpages, and in turn cashed in on the ad revenue. While this operation was different from the one against Methbot, it did use some of the same infrastructure that helped deliver that fraud scheme two years ago.

By the numbers: To give you a sense of just how complex and advanced the operation was:

  • Officials say "tens of millions" of advertising dollars were obtained illegally.
  • Per Google, the operation involved more than 10,000 counterfeit websites, more than 60,000 accounts selling ad inventory via more than a million compromised IP addresses, and processed more than 3 billion daily bid requests.
  • The federal court in Brooklyn revealed seizure warrants authorizing the FBI to take control of 31 internet domains and to take information from 89 computer servers that were all part of the infrastructure for botnets engaged in the fraud scheme.

How they found it: White Ops and Google worked together to identify and investigate the crime ad operation last year, which led to the news on Tuesday from law enforcement. White Ops says it was truly a cross-industry effort.

"We were in a room at the beginning of this collaboration directed by the FBI with some of the largest platforms on the internet, over a dozen FBI agents and federal prosecutors at the DOJ... It was a rather historic turning point in the history of ad fraud."
— Hassan

The bigger picture: The digital ad industry is extremely vulnerable to such kinds of fraud because there's a lot of money at stake ($273 billion globally, per eMarketer), and there's very little regulation or oversight of transactions.

  • To make matters harder, online criminals can operate well beyond their physical jurisdictions, which means it usually takes international law-enforcement bodies to work together to identify and dismantle such operations.

What's next: The industry, led in part by Google, the dominant player in the global digital ad business, has tried to regulate itself in order to combat the problem.

  • But while these measures have been widely adopted on the publisher side, they are still far from being fully implemented on the ad agency side, and fraudsters have become more sophisticated about how to beat the system while evading detection.

Bottom line: Digital advertising was supposed to bring more transparency to the advertising sector, but its increasingly automated nature has made it more susceptible to fraud. A lack of oversight makes fraud schemes often hard to detect until it's too late. Industry collaboration as a form of self-regulation will be key to maintaining trust in the digital marketplace.

Go deeper