Tamer Hassan, co-founder and CTO of White Ops, spoke to eMarketer about the evolving tactics used by ad fraudsters to siphon money.
Regarding this recent ad fraud takedown, what tactics stood out to you?
They were basically hijacking IP addresses at corporations and redirecting them to their own servers.
Is that a common tactic?
We've seen it a lot in the old days of email spam, but we hadn't seen it at this scale in ad fraud. It's something newer. It ended up being about 1.7 million IP addresses, corporations of US companies and companies abroad, where they had IP space they weren't using; they were hijacked, taken control of and redirected to [the fraudsters’] bot farms in their data center.
How do fraudsters take over a company’s IP addresses?
Basically, a lot of companies have acquired IP space. They don't use it all, and some of it is lying dormant and not assigned. It doesn't have a route on the internet. If there's nobody announcing a set of IPs, and you're able to identify that, you can take over that IP space and redirect it.
What was another tactic the fraudsters used?
Tag evasion. It is a behavior built into the bot to look for a verification tag and suppress it. We're seeing that more and more. We've been watching the behavior for years, but this operation was probably one of the first ones to bring it to scale.
While it's understood why some people are excited that a few fraudsters were arrested, the overall ad fraud economy will keep churning. How can the ad industry adjust its incentives to shut out fraud?
We’re used to playing cat and mouse, and we've been talking about this for awhile as an industry. With strategy, we've always said it's economic warfare. It's raising the risk model and lowering the opportunities for profit. The moment [fraud] becomes less attractive—where the losses hurt more than the gains—then you've changed it for all the attackers, rather than trying to just pick off attacker after attacker.