Trade Body to Roll Out ‘TAG Threat Exchange’ Following FBI Bot Takedown

Threat-indexing system combating malware redirects as it takes the fight to fraudsters

TAG’s initiative has been built to bring bad actors spreading malware and generating fake traffic to justice.
Getty Images

Earlier this week, the U.S. Department of Justice indicted several foreign nationals alleging a digital advertising fraud scheme worth more than $30 million.

This followed an FBI-led investigation aided by the trade group the Trustworthy Accountability Group (TAG). In the first half of this year, TAG rolled out a beta version of a platform for ad-tech companies to share intel on suspicious activity with each other as well as with law enforcement.

Dubbed the “TAG threat exchange,” the platform lets participants, such as buy- and sell-side ad tech, communicate different types of attacks on their respective networks, such as IP addresses that generate fraud or data centers generating large volumes of bot traffic and/or malware.

“At the end of the day, it’s certainly the idea to start passing big information and big databases over to law enforcement,” said Mike Zaneis, CEO of TAG. “It won’t happen overnight, but someday my dream is to see [offenders] do the perp-walk with the criminal in handcuffs to jail, and that’s when TAG will have really achieved its goal.”

Opinions on the impact of fraud vary. A report published by Fraudlogix claimed that up to 12 percent of global ad traffic is fraudulent, with the U.S. market suffering from this phenomenon above the global average. Meanwhile, a 2017 study from the ANA and White Ops pegged the financial impact of the problem at $6.5 billion globally.

Zaneis went on to detail how TAG, which debuted under the auspice of other industry trade groups 4A’s, ANA and IAB, is now partnering with TruSTAR—a company specializing in building information-sharing hubs—to give the platform more scale and ad-tech companies a way to combat and report fraud.

“Let’s say ‘ad exchange A’ identified a set of IP addresses that are associated with a bot-net,” Zaneis said. “They share those IP addresses on the TAG threat exchange, and then everybody immediately knows to look for any traffic coming from them. So it becomes this cascading effect where the big platforms share information and the criminal operations are less effective.”

Paul Kurtz, CEO of TruSTAR, told Adweek the operation should be able to on-board members from the first quarter of next year and that participants in the program should be able to share intelligence in real-time. He predicted that the headlines generated by this week’s court proceedings around ad fraud would provide the impetus for widespread and rapid participation in the scheme.

Beta testers of the platform include some of the industry’s biggest players, like Google, OpenX and risk management firm The Media Trust. The platform is scheduled to open up to the ad-tech community in the first quarter of 2019.

Cooperation between TAG and law enforcement has been in place since its inception, but this coordination picked up the pace in 2017 when the trade group–whose primary remit is to tackle fraud, malware and internet piracy–was designated as a federal information sharing and analysis organization (ISAO).

TAG then kickstarted a beta version of the “threat exchange” earlier this year—it is important to note it was not involved with the aforementioned FBI investigation—with early efforts focused on ensuring players are sharing the right kinds of information and that the infrastructure was fit for purpose.

Presently, intel-sharing is focused on malware attacks that enter the advertising ecosystem via infected ad creatives, as this is the most widely reported complaint from media owners. Once such malware enters the ecosystem, it can redirect audiences from a publisher page to rogue websites which can subsequently infect their machines without their knowledge.

“Our industry is fighting a constant arms race against criminal actors bent on defrauding advertisers and hurting publishers through a variety of means including malware and ad fraud,” said John Murphy, global head of quality at OpenX.

Recommended articles