Calls for transparency as Russian ‘Methbot’ found robbing publishers & advertisers of millions daily
White Ops released its findings on the giant scam and calls for greater transparency and cooperation between publishers and advertisers to better address fraud.
With all the talk (and some action) of making the programmatic ecosystem more trustworthy and more secure, the industry got a major wake-up call Tuesday morning with the release of a report by ad fraud detection service White Ops that detailed a scheme by Russian hackers to steal an estimated $3 to $5 million every day or over a billion a year from publishers and advertisers.
Why is this such a big deal? Because advertisers are paying for fake ad views through programmatic ad buys in which they don’t even know where their ads are showing up. Publishers are losing out on millions in ad revenue. Ultimately, we all lose out when that ad revenue used to fund our demand for premium content doesn’t reach the publications we’re reading (typically for free).
The botnet exposed by White Ops, dubbed Methbot for the meth references found in its code, spoofed more than 6,000 publisher domains and created over 250,000 fake pages on which to sell video advertising programatically. What’s even more troubling is that Private Marketplaces (PMPs) — thought to be safer than buying on open exchanges because they give publishers and advertisers more control over who they’re doing business with — were not immune, according to the report. The hackers appear to have gone after premium publishers that can command the highest CPMs for their ad inventory and were able to target marketplaces where premium inventory is sold, including PMPs. Estimates by AD/FIN, a programmatic media intelligence company that White Ops partnered with, determined the CPMs on the fake ad impressions generated by Methbot ranged from $3.27 to $36.72, averaging out to $13.04.
What also sets Methbot apart from other large botnets detected is that instead of infecting a network of home computers, the hackers invested in its own network of 800 to 1,200 dedicated servers and more than half a million dedicated IPs, many of which were falsely registered as US IPs. The hackers avoided detection by dozens of programmatic buying platforms in several ways: manipulating the location information of their IPs; a custom http library and browser engine running under Node.js; mimicking real human behavior like clicks, mouse movements and even social logins; and by changing its codebase every day to elude detection by anti-fraud and viewability ad tech vendors.
White Ops called for greater transparency. Unfortunately, similar calls have fallen on deaf ears among many in ad tech (note Turn’s settlement with the FTC this week over its tracking practices). The promise of programmatic theoretically was to make ad selling and buying easier and more effective for publishers and advertisers through automation while giving users better digital experiences by delivering ads tailored to their interests, if they wanted that. Instead, as White Ops points out:
The current complexity, interconnectivity, and resulting anonymity of the advertising ecosystem enabled the Methbot operators to exploit the entire marketplace. An impression may pass through many hands before it lands on a page and the ad is served. Tracing that complete path back through the various marketplaces proves difficult due to walled gardens, reselling, competing interests, and limitations on human capital to devote to this initiative.
The solution? Closer relationships between publisher and advertiser to “circumvent much of this obfuscation and increase transparency,” says White Ops. The firm has partnered with the Trustworthy Accountability Group (TAG) to get the findings on Methbot disseminated throughout the industry, including “130 fraud compliance officers at the largest and most influential digital advertising companies,” said TAG CEO, Mike Zaneis, and determine what actions each can take to shut it down. TAG is also reviewing the list of IPs used by Methbot for inclusion in its shared IP blacklist.
“The massive fraud operation represents a significant threat to the integrity of the ecosystem, and it shows why TAG’s work is so vital in bringing the digital advertising industry together to share information, adopt rigorous standards, validate best practices, and increase transparency,” said Zaneis.
Going back to direct selling for everyone is probably not realistic — nor should it have to be the only option — but there is clearly a need to inject more human interaction (and humanity) into ad tech to address fraud in any meaningful way. The industry’s longer-term response to Methbot and its aftermath will be telling.