Not All Ad Fraud Originates Overseas. Law Enforcement Is Starting to Look Closer to Home

The myth of the foreign bogeymen defrauding the U.S. ad industry could be over

Illustration of a gray hand holding a yellow bitcoin over a laptop as a bear trap clamps shut.
Authorities are addressing domestic ad fraud. Animation: Aanya Gupta; Sources: Getty Images
Headshot of Ronan Shields

The financial impact of ad fraud is expected to total $5.8 billion worldwide this year, invalidating 8% of display and 14% of video ad impressions, according to the Association of National Advertisers’ latest annual report.

And while the conventional wisdom is that those crimes are perpetrated by foreign entities, multiple sources told Adweek that law authorities are beginning to zero in on U.S. soil and that those perpetrators are aided by programmatic players eager to legitimize their role in the often murky world of ad tech.

While few people would speak on the record—due in part to the sensitive nature of ongoing legal cases and investigations—many in the industry indicated that the myth of the foreign bogeymen defrauding the U.S. ad industry of its hard-earned dollars could soon erode, as uncomfortable truths are aired in public.

The gateway Methbot report

Last year saw the culmination of a year-and-a-half project known as Project 3ve, with the Federal Bureau of Investigation’s Cyber Division helping to issue a series of indictments widely recognized as one of the industry’s most high-profile attempts to combat online ad fraud.

The Project 3ve indictments, unsealed last November, were the culmination of an investigation first spurred by claims made in a December 2016 report from bot detection company White Ops. The report alleged that in an operation known as Methbot, a Russia-based network of cybercriminals employed different techniques than the “normal means of ad fraud,” infecting users’ machines with malicious code to generate fake ad impressions to pull off the biggest ad fraud on record.

A sidebar of data about ad fraud and steps being taken to deal with it.

Methbot created hundreds of thousands of counterfeit IP addresses that were registered to legitimate internet service providers and then used to generate fake traffic. This would then make it difficult for the majority of the industry’s invalid traffic-spotters to detect and resulted in more than $3 million per day disappearing into the pockets of fraudsters, according to the report.

Growing sophistication among advertisers

Although the accuracy over the extent of the Methbot’s financial impact varies, some of the industry’s most high-powered marketers have since grown wary of simply accepting ad verification companies’ assertions.

For instance, in Methbot’s immediate aftermath, Marc Pritchard, chief brand officer at Procter & Gamble, publicly issued a resounding clean-up call during his 2017 IAB Leadership Summit address. He described the ad-tech sector as opaque at best and fraudulent at worst in a presentation where he told vendors to shape up or lose his business. Later that year, a high-profile legal dispute between Uber and Fetch helped keep the issue of ad fraud in the public eye.

Shailin Dhar, who works with several blue-chip advertisers as CEO and co-founder of fraud intelligence company Method Media Intelligence, said that his clients are increasingly starting to question the figures from their digital ad partners.

“Many of the brands that we work with have accepted the fact there’s a systematic problem in the supply chain in digital media,” he said. “One of the things they’re always interested in looking at is what waste they can cut out and what can they objectively prove is fraud.”

The 3ve takedown

Separately—and most crucially, quietly—in 2017, White Ops handed over details of its Methbot investigation to law enforcement authorities, including the Department of Justice and FBI, with the company also joining forces with Google to assist in a subsequent investigation.

The result was a 13-count indictment unsealed by the DoJ in November, which saw eight foreign nationals alleged to have committed offenses including wire fraud, computer intrusion, aggravated identity theft and money laundering.

Federal documents detailing the charges claim that the affair involved the creation of more than 5,000 fake domains and the leasing of more than 650,000 fake IP addresses to compromise more than 1.7 million computers in order to defraud advertisers.

In a statement at the time, William F. Sweeney Jr., assistant director of the FBI’s New York office, said, “Thanks to the hard work of our legal attachés and law enforcement partners overseas, with the cooperation of our international and U.S.-based private sector partners, the defendants will face justice for their alleged crimes.”

Although prosecuted in a U.S. court, 3ve involved the prosecution and arrest of several nationals from the Russian Federation, Ukraine and Kazakhstan, with arrests taking place as far away as Malaysia.

Approximately 15 companies, including a number of household names like Adobe and Amazon, were involved in the 3ve investigation, with some initially hesitant over being named publicly as participants. One source with knowledge of the affair said how certain internationally renowned companies were concerned as to the potential political undertones that could be interpreted given that it involved the prosecution and arrest of several Russian nationals.

Meanwhile, others were simply concerned that having their names publicly associated with the takedown of 3ve could raise the ire of potentially vengeful groups of organized hackers.

Domestic affairs

The case is still ongoing, but in its aftermath, Sen. Mark Warner (D-Va.) penned a letter to the Federal Trade Commission expressing “grave concerns” over the agency’s slow response to investigating digital ad fraud.

However, multiple Adweek sources have said that attentions are starting to turn domestic, with trade bodies in the space assisting, and in particular, the Trustworthy Accountability Group forming a “threat exchange” to further such efforts.

Mike Zaneis, CEO of TAG, said the ad-tech trade body has just completed the beta test of the TAG Threat Exchange, working with TruStar to form an information-sharing hub its members can use to share intel on suspicious activity.

For instance, if an ad exchange identifies a set of IP addresses that are associated with fraudulent traffic, they can share those IP addresses on the TAG threat exchange, enabling other members to act immediately and also shut them down.

“About a year ago we were designated a federal information-sharing and analysis organization for our industry,” he said. “We took some examples from the ISAO in the retail industry and learned some of the techniques they use to help share information when they see people committing credit card fraud and how they shut that down.”

This is in anticipation of a more comprehensive crackdown of suspect players in the ecosystem on U.S. soil, with one source telling Adweek, “Pursuing this Eastern European bogeyman narrative is a bit stupid when there are literally hundreds of companies here in the U.S. that do it.”

As the focus turns to the U.S., “you’re likely to see executives from tier-three and below ad networks wearing cuffs,” suggested another.

According to sources, ad exchanges that don’t perform background checks on participants, such as those that support publisher self-sign-up, are likely to come under scrutiny as part of this effort.

“A lot of these guys were counterfeiting legit premium publishers so they can get a seat on an ad exchange,” said one ad verification company source.

Given that federal law enforcement agents spoke at several high-profile industry events during this year’s Cannes Lions Festival of Creativity, bad actors in the digital media space should get used to more pressure being applied going forward.

This story first appeared in the July 22, 2019, issue of Adweek magazine. Click here to subscribe.
@ronan_shields Ronan Shields is a programmatic reporter at Adweek, focusing on ad-tech.