EXPOSED: Russian Hackers Have Been Stealing Nearly $3million A Day Since May, Heres How – 3%
Uncategorized

EXPOSED: Russian Hackers Have Been Stealing Nearly $3million A Day Since May, Heres How

White Ops Exposed the fraud learn more below.

Controlled by a single group based in Russia and operating out of data centers in the US and Netherlands, this “bot farm” generates $3 to $5 million in fraudulent revenue per day by targeting the premium video advertising ecosystem. We continue to detect and block fraudulent activity generated by Methbot on behalf of all of our customers.

$3 Million to$5 Million in fraudulent revenue per day

Russian cybercriminals are siphoning millions of advertising dollars per day away from U.S. media companies and the biggest U.S. brand name advertisers in the single most pro table bot operation discovered to date. Dubbed “Methbot” because of references to “meth” in its code, this operation produces massive volumes of fraudulent video advertising impressions by commandeering critical parts of Internet infrastructure and targeting the premium video advertising space.

Using an army of automated web browsers run from fraudulently acquired IP addresses, the Methbot operation
is “watching” as many as 300 million video ads per day on falsi ed websites designed to look like premium publisher inventory. More than 6,000 premium domains were targeted and spoofed, enabling the operation to attract millions in real advertising dollars.

The following report illustrates the sophistication and rapid evolution of the Methbot operation and its damaging e ect on the advertising ecosystem on both the demand and supply sides. This analysis is possibly only a fraction of Methbot’s true impact. Because White Ops is only able to analyze data directly observed by White Ops, the total ongoing monetary losses within the greater advertising ecosystem may be larger.

At this point the Methbot operation has become so embedded in the layers of the advertising ecosystem, the only way to shut it down is to make the details public to help a ected parties take action. Therefore, White Ops is releasing results from our research with that objective in mind.

Information available for download

• IP addresses known to belong to Methbot for advertisers and their agencies and platforms to block.
This is the fastest way to shut down the operation’s ability to monetize.

• Falsifed domain list and full URL
list to show the magnitude of impact this operation had on the publishing industry. These publishers were impersonated and deprived of revenue opportunities because
of this operation.

A Snapshot of the Methbot Operation

Volume and Estimated Financial Impact

• $3 to $5 million in revenue per day for its operators
• CPMs ranged from $3.27 to $36.72 with the average being $13.04
• 200 – 300 million video ad impressions generated per day on fabricated inventory • 250,267 distinct URLs spoofed to falsely represent inventory
• 6,111 premium domains targeted and spoofed
• High value marketplaces targeted including PMPs

Operational Infrastructure

• 571,904 dedicated IPs, many falsely registered as US ISPs

• 800 – 1,200 dedicated servers operating from data centers in the United States and the Netherlands

Advanced Techniques to Avoid Detection

  • Faked clicks, mouse movements, and social network login information to masquerade as engaged human consumers
  • Manipulation of geolocation information associated with the IP addresses under their control
  • Special case countermeasures against code from over a dozen di erent ad tech companies
  • Fully custom http library and browser engine with Flash support, all running under Node.js

WHAT YOU CAN DO

Our intention is that all marketers and tech platforms can take additional and immediate protective action with this information. We hope the public release of our research and findings will result in a rapid end to this criminal enterprise as White Ops remains on constant watch for new threats on the horizon. You may also access the results of our research including:

Falsified domain list and full URL list to show the magnitude of impact this operation had on the publishing industry – these publishers were impersonated and deprived of revenue opportunities because of this operation.

IP addresses known to belong to Methbot for advertisers, their agencies, and platforms to block. This is the fastest way to shut down the operation’s ability to monetize.

To Top