WHAT IS AD FRAUD? 


-  the single biggest cybercrime at over $10 billion per year in revenue

-  a way to make millions of dollars per day without risk of severe consequence

-  an effective way to attack a company's, industry's or geographical area's economy

-  a way to fund other criminal and state-level activity

WHAT OTHER PROBLEMS AD FRAUD IS RELATED WITH? 


-  illegal mass-surveillance

-  spreading malware 

-  very large botnets

-  targeted phishing attacks

HOW BIG IS AD FRAUD?

Ad fraud revenue is necessarily a subset of total advertising spend in platforms that are subject to exposure to ad fraud. 

-  some research say 10% of all related spend

-  some say research say 90% of all related spend

-  commercial research tends to say low

-  academic research tends to say high

-  maybe somewhere around 50% globally ​

FIVE KINDS OF DAMAGE CAUSED BY AD FRAUD

-  cost of ad fraud to advertising

-  cost of ad fraud to business

-  cost of ad fraud to category

-  cost of ad fraud to national economy 

-  cost of ad fraud to global economy 


​Damage caused by ad fraud is dependent on the type of business that is under attack. 

leading source of independent ad fraud research and information

joining as a member will take less than 1 minute and is totally free

WHERE DOES THE AD FRAUD REVENUE END UP


-  ad networks

-  agencies

-  advertising technology companies

-  spammers

-  botmasters 

The rule of thumb is that more money ends up always in the pocket of the industry than ends up in the pocket of the criminal.

WHAT KIND OF BOTNETS ARE THERE

-  those made of compromised devices 

-  those made of compromised servers

-  those made of compromised routers

-  those made of other compromised devices (IoT, etc)

-  those that are based on cloud resources 

-  those that are social media based 

CLOUDBOTS WE CAN DIVIDE FURTHER IN TO FIVE

-  where the host is abusive

-  where the host is compromised

-  where the host is a proxy

-  where the host is a compromised proxy

-  where the host is a compromised proxy

It could also be any combination of these . 

HOW BIG ARE AD FRAUD BOTNETS

-  we've seen the data on one that sends 5 billion request per day

-  commonly a single IP can send requests worth $10,000 per day

-  an IP range could be sending 50x or more that

-  a single spam site could receive over 100 million visits per day of such traffic 

-  one major spam site network we have found to include thousands of sites

WHAT KIND OF SPAM SITES ARE THERE

-  major sites 

-  social viral news site

-  themed site (e.g. movies or right-wing politics)

WAYS TO MONETIZE A SITE

-  Google adsense

-  Affiliate networks

-  ad networks

-  ad exchanges 

-  exit traffic 

-  content marketing / native

-  hidden redirects

-  malware peddling

-  cookie stuffing 

-  and many more...

COMMON SPAM SITE INDICATORS

-  very low bounce rate

-  high page-views

-  high share of traffic from native advertising sources

-  low branded search volume

-  low overall search volume

-  only few high quality links

-  sites hosted on the same IP

-  sites using the same GA tag

-  sites using the same Adsense ID

-  quality of social shares

-  young domain age

-  use of common evasion techniques​

WHAT KIND OF OTHER CONTROLS ARE USED

-  traffic

-  captcha solvers 

-  credit card validators

-  quality scoring of sites or traffic

-  email auto-responding 

-  SMS verification and phone numbers 

-  social sharing

-  various website tools

-  domain aftermarket

-  audience verification 

-  domain privacy 

WHAT KIND OF TRAFFIC IS USED

-  botnet traffic 

-  cloudbot traffic (self-generated)

-  traffic company traffic 

-  SEO spam 

-  redirects 

-  various others

EXAMPLES OF TRAFFIC COMPANIES

-  ​supremetrafficbot.com

-  aetraffic.com

-  visitorzoom.com

-  revisitors.com

-  trafficexploderbot.com

-  maxvisits.com

-  adf.ly

-  growtraffic.com

-  lotsofvisitors.com

-  hitleap.com

-  traflow.com

ANTI AD FRAUD VENDORS

-  whiteops.com

-  integraladscience.com

-  doubleverify.com

-  fraudlogix.com

-  improvely.com

-  sentrant.com

-  comscore.com

-  pixelate.com

-  forensiq.com

-  oxford-biochron.com

-  kochava.com

-  telemetry.com

FIVE AD FRAUD RESEARCH PRINCIPLES 

1)  get the right data

2)  get to the right sample

3)  run the right analysis

4)  tell the right story

5)  produce the right report ​

THREE SUGGESTED FOCUS FOR RESEARCH 

-  threat intelligence

-  log-file analysis 

-  adversary psychology

OTHER METHODS FOR ADVERTISERS

-  set penalty for clearly defined violations

-  apply "3 strikes and out" with partners 

-  provide data and intel to CERT team

-  seek remedy retrospectively 

-  take legal action 

-  fund research 

-  support publicity and transparency

-  participate in programs 

PROACTIVE METHODS FOR ADVERTISERS

-  build anti ad fraud team

-  co-invest in a research lab

-  log-file forensics

-  whitelist management

-  blacklist management

-  adopting common whitelist

-  adopting common blacklist

-  sharing threat intelligence

-  infosec education

-  use of 3rd-party solutions

-  creation of propriety solution

-  safeguarding 1st party data

-  invest in primary research​

WHAT TOOLS TO USE FOR DOMAIN RESEARCH

BUY-SIDE DATA

sitescout.com

adwords.com​

TAG ADOPTION DATA

builtwiththis.com

w3bin.com

SOCIAL SHARING DATA

github.com/srefik/t


twitter.com

facebook.com​

HISTORICAL DNS

robtex.com

IP TO ASN

cymru.com

TRAFFIC DATA

alexa.com

compete.com

quantcast.com

DOMAIN WHOIS

myip.com

domaintools.com

WHAT KIND OF ADVERSARIES ARE INVOLVED IN AD FRAUD

-  black hat marketer

-  major company

-  advertising technology startup

-  investor

-  thief

-  organized crime

-  various other