Until now, if an ad fraud scam was uncovered, the criminals behind it would usually fade back into the shadows with impunity, and shortly thereafter, they’d be back at it again – the seemingly eternal game of Whac-A-Mole.
This time, there’s accountability.
Two global botnets, Methbot and 3ve, are no more, and there are real people facing charges.
On Tuesday, the Department of Justice unsealed indictments against eight men from Russia and Kazakhstan accused of running the schemes, which collectively sucked millions of dollars out of the advertising ecosystem over several years.
Three of the accused perpetrators are awaiting extradition, and the remaining five are still at large. They’ve been charged with 13 counts, including money laundering, wire fraud, computer intrusion and aggravated identity theft. [Read the indictment here.]
The Federal Bureau of Investigation collaborated with White Ops, Google and a group of other ad tech companies to dismantle the operations. Methbot was shut down in December 2016, close to the time White Ops went public with the more than 4,000 compromised IP addresses involved in the plot.
The 3ve botnet, which exploited a combination of counterfeit websites, malware, a fake ad network and seats on legit exchanges to do its bidding, was dismantled in October. (Fun fact: “3ve,” pronounced “Eve,” is a portmanteau of “three,” for the three sub-operations within 3ve, and the word “evasion.” Buzzfeed has a detailed report on 3ve’s crackdown.)
But the consequences of this ad fraud campaign are different, said White Ops CEO Sandeep Swadia: “There are handcuffs involved.”
But why now and why is the DOJ interested in this case? Ad fraud has been plaguing the ad industry since the Internet was born.
It came down to two factors: actionable data and a willingness to act, said Tamer Hassan, CTO and co-founder of White Ops.
After White Ops published its paper on Methbot in 2016, federal law enforcement decided it had enough data and materials for the FBI Cyber Division to start tracking other ad fraud operations.
The amount of money involved clearly also piqued the FBI’s interest. The 3ve investigation could shed light on where the cash goes once it’s been stolen.
“When you hack 1.7 million machines at any given time, what else can you do with it? When you make this kind of money, where else can you invest? That is TBD,” Swadia said. “But there are so many downstream possibilities that curbing that flow of money to these guys is the most important thing. That’s why the DOJ was very keenly involved in doing this at a global level.”
Another motivator was the “sheer sophistication and ambition” of the 3ve fraud scheme, which was “metastasizing across the entire ecosystem,” Swadia said.
Shutting down Methbot was a matter of publishing IP addresses to blacklist, but the 3ve case required bigger guns. Simply shutting it down would have tipped off the perps. That’s why killing 3ve required a coordinated effort between the FBI, cybersecurity experts and the ad industry.
And now that there’s a real deterrent against ad fraud, the ad industry has one of the most important tools it was missing to win the war against ad fraud.
“The key here is having consequences,” said Per Bjorke, a product manager for ad traffic quality at Google, who worked closely with the DOJ and White Ops on the takedown. “People are going to now think twice, because they could end up getting arrested and extradited out of their country.”
And now that the ball is rolling, we could see more activity in the year to come, said Amy King, VP of product marketing at fraud detection company Pixalate.
“This case sets a precedent for holding fraudsters accountable,” King said, “We believe there will be more to come in 2019.”
The DOJ did not respond to questions in time for publication.