Department of Justice Indicts 8 People in Massive Digital Ad-Fraud Scheme

The 13-count indictment, which was unsealed today in federal court in Brooklyn, is a part of a multiyear investigation into two international cybercriminal rings that has now led to charges of wire fraud, computer intrusion, aggravated identify theft and money laundering. So far, three of people have been arrested, while others remain at large, according to the DOJ.

According to the DOJ, the activity, which involved more than 5,000 fake domains and 1,900 computers, occurred between September 2014 and December 2016. The defendants allegedly also leased more than 650,000 IP addresses, resulting in more than $7 million in revenue from fake advertising.

A second scheme, which involved defendants allegedly using malware-infected computers to run automated ad-fraud schemes without users’ knowledge or consent, occurred between December 2015 and October 2018, reaching more than 1.7 million computers and resulting in $29 million in payments for fake digital ads.

“As alleged in court filings, the defendants in this case used sophisticated computer programming and infrastructure around the world to exploit the digital advertising industry through fraud,” U.S. Attorney Richard Donoghue said in a statement. “This case sends a powerful message that this office, together with our law enforcement partners, will use all our available resources to target and dismantle these costly schemes and bring their perpetrators to justice, wherever they are.”

As part of the investigation, the federal court allowed the FBI to take control of 31 internet domains and provided search warrants for 89 computer servers allegedly engaged in digital advertising fraud with the help of botnets. Google, White Ops, Microsoft and the ad-tech firm MediaMath also assisted the FBI in the investigation and taking down the botnets.

Late this afternoon, Google published a report detailing how it worked with White Ops and others to identify the ad-fraud program and how it worked to protect clients from being affected. The paper also details the size and scope of the operation, which included more than 3 billion daily bid requests, 1 million compromised IP addresses and 700,000 active infected devices.

“While ad fraud traditionally has been seen as a faceless crime in which bad actors don’t face much risk of being identified or consequences for their actions, [the takedown of the ad fraud operation] demonstrates that there are risks and consequences to committing ad fraud,” wrote Per Bjorke, Google’s product manager for ad traffic quality. “We’re confident that our collective efforts are building momentum and moving us closer to finding a resolution to this challenge.”