Hacker Group Said to Steal Up to $5 Million in Fake Video Ad Views Daily - eMarketer

Newsletters Sign-Up

Plans & Pricing

Does My Company Subscribe?

Hacker Group Said to Steal Up to $5 Million in Fake Video Ad Views Daily

Scheme called largest digital ad fraud ever

December 21, 2016 | Retail & Ecommerce

Cyber security firm White Ops uncovered what it claimed is the largest digital ad fraud ring ever, a complex scheme coordinated by Russian hackers that faked video ad views on falsified sites designed to trick advertisers into thinking they were buying from premium publishers including ESPN.com, CNN.com, Yahoo.com and thousands of other domains.

White Ops said the hacker group, which it dubbed “methbot,” generates as much as $5 million in fraudulent revenue each day in the US.

To date, it is the biggest—and most sophisticated—fraud ring. “Using an army of automated web browsers run from fraudulently acquired IP addresses, the methbot operation is ‘watching’ as many as 300 million video ads per day on falsified websites designed to look like premium publisher inventory,” White Ops said. “More than 6,000 premium domains were targeted and spoofed, enabling the operation to attract millions in real advertising dollars.”

White Ops said it spotted a warning sign in September, and by October the bot was creating as many as 137 million impressions.

Word of the hack immediately led to concern that it would crimp the growth of digital ad spending. If the volume of faked video were to run for a full year at $5 million per day, that would be the equivalent of roughly $1.8 billion a year—that’s more than 15% of the $10.3 billion eMarketer estimates that advertisers will spend on digital video advertising in the US in 2016.

“This has a real economic impact,” said Mike Tiffany, CEO and co-founder of White Ops. “Publishers were getting robbed because it was their inventory that was getting counterfeited, and advertisers were spending millions of dollars, thinking that money was going to real publishers, but it wasn’t.”

Although White Ops determined the hack only affects the programmatic ecosystem— wherein the fraudsters were able to pass spoofed domains and URLs as premium publishers—it still raises significant concerns from both premium video advertisers and publishers who have been slow to warm to programmatic as a method of monetizing their inventory.

In an interview with eMarketer earlier this month, Mike Racic, president of media operations at iCrossing, warned of the dangers of fraud in the programmatic space, saying, “Fraud is a massive issue. When you’re looking at programmatic media, you have to worry about bot activity. You’ve got to worry about phantom clicks coming in from random countries around the world.”

It’s not just programmatic players that are affected, Racic said, but they are tempting targets: “People are always sitting there figuring out how to game the system.”

“Even before the disclosure of the ‘methbot’ scam, we had been hearing rumbling in the market this 2017 would be the year that brands pull dollars out of digital and back into TV and other ‘safer’ mediums,” said eMarketer senior analyst Lauren Fisher.

That could also mean that advertisers will pull back from the broad digital ecosystem—but not out of digital entirely—and into so-called walled gardens, such as Facebook. “The scam is definitely not great news for open markets or even private marketplaces, some of which were also affected by methbot,” she said. “It bodes better for programmatic setups in which there is a direct, one-to-one relationship between the buyer and the seller, be it Facebook or any number of other premium publishers.”

Earlier today, Tiffany held a briefing with the Trustworthy Accountability Group (TAG) and 170 leaders in the ad tech space, including the major DSPs and SSPs, to relay the details of the fraud ring and arm them with the necessary information to block and detect further detriment from methbot.

“I’m cautiously optimistic this will have a substantial impact on the operations before the end of today,” Tiffany said. “The DSPs and SSPs and exchanges can all use the details we released today and take fast action to trace back the ways these counterfeited impressions were laundered and brought into the market.”

Go beyond the articles

eMarketer PRO customers get quick and easy access to the exact data and analysis they need to make critical business decisions:


  • Go beyond the articles:

    eMarketer Products

    You've never experienced research like this.

  • Hear from our clients:

    Customer Stories

    Nearly all Fortune 500 companies rely on us.

  • Want to learn more?

    Contact Us

    Inquire about corporate subscriptions today.