why do hackers hack? of course, it's fun for them. But they hack to make tons of money with their unique skillset. How does hacking connect to ad fraud? Here are a few examples.
1. February 2020 / Page 0marketing.scienceconsulting group, inc.
linkedin.com/in/augustinefou
Ad Fraud is “Cash Out”
for Malware/Hacking
February 2020
Augustine Fou, PhD.
acfou [at] mktsci.com
2. February 2020 / Page 1marketing.scienceconsulting group, inc.
linkedin.com/in/augustinefou
Why do hackers hack?
3. February 2020 / Page 2marketing.scienceconsulting group, inc.
linkedin.com/in/augustinefou
To make enormous profits
Stealing from digital ad budgets – like an open vault of gold
Advertisers Publishers
Bad Guys
1/3
2/3
Ads are not shown
to humans, wasted
ad dollars
Ad revenue declines
because dollars are
stolen by bad guys.
Steal money using fake ads;
siphon dollars out of ecosystem.
4. February 2020 / Page 3marketing.scienceconsulting group, inc.
linkedin.com/in/augustinefou
How big? $330B every year
Worldwide digital ad spending to exceed $330 billion by 2020
5. February 2020 / Page 4marketing.scienceconsulting group, inc.
linkedin.com/in/augustinefou
How do hackers make
money?
6. February 2020 / Page 5marketing.scienceconsulting group, inc.
linkedin.com/in/augustinefou
Counterfeit goods bits/bytes
Fakes or unauthorized replicas of real ad impressions
ad impressions shown to
bots/software not to humans
ad fraud
7. February 2020 / Page 6marketing.scienceconsulting group, inc.
linkedin.com/in/augustinefou
Simple three step process
1. set up
FAKE SITES
2. buy
FAKE TRAFFIC
3. sell
FAKE ADS
8. February 2020 / Page 7marketing.scienceconsulting group, inc.
linkedin.com/in/augustinefou
More profitable use of DDoSNow use enormous DDoS traffic to generate enormous ad revenues
Google Digital Attack Map
9. February 2020 / Page 8marketing.scienceconsulting group, inc.
linkedin.com/in/augustinefou
New “largest ever” botnet every year
Vast botnets targeting high-value video ads, disguising/hiding
10. February 2020 / Page 9marketing.scienceconsulting group, inc.
linkedin.com/in/augustinefou
Fake Sites, Fake News Thrive
November 2019
https://www.buzzfeednews.com/
article/craigsilverman/fake-local-
news-sites-albany-edmonton
February 2020
https://www.buzzfeednews.com/article/
craigsilverman/these-fake-local-news-
sites-have-confused-people-for-years
Fake sites are
spreading
disinformation,
hate, fake news,
and other
content; they
are able to
thrive and grow
because they
make money
using adtech.
11. February 2020 / Page 10marketing.scienceconsulting group, inc.
linkedin.com/in/augustinefou
What about mobile?
12. February 2020 / Page 11marketing.scienceconsulting group, inc.
linkedin.com/in/augustinefou
Millions of apps on millions of phones
Apps loading ads in background, continuously; stealing data
September 2019
https://www.buzzfeednews.com/
article/craigsilverman/sweet-
camera-play-store-removed-
ihandy
May 2019
https://www.buzzfeednews.com/
article/craigsilverman/vidmate-
app-download
April 2019
https://www.buzzfeednews.com/
article/craigsilverman/google-
play-store-ad-fraud-du-group-
baidu
13. February 2020 / Page 12marketing.scienceconsulting group, inc.
linkedin.com/in/augustinefou
Millions of apps on millions of phones
Stealing data, abusing permissions, attribution fraud
October 2018
https://www.buzzfeednews.com/
article/craigsilverman/how-a-
massive-ad-fraud-scheme-
exploited-android-phones-to
November 2018
https://www.buzzfeednews.com/
article/craigsilverman/android-
apps-cheetah-mobile-kika-
kochava-ad-fraud
March 2019
https://www.buzzfeednews.com/
article/craigsilverman/in-banner-
video-ad-fraud
14. February 2020 / Page 13marketing.scienceconsulting group, inc.
linkedin.com/in/augustinefou
Uber sues 100 mobile exchanges
https://www.linkedin.com/pulse/stone-meet-glass-
house-significance-ubers-second-ad/
Mobile exchanges
were falsifying
placement reports to
make it appear the ads
ran on legitimate sites
and apps; some
exchanges were
fabricating the reports
entirely, when no ads
were even shown
15. February 2020 / Page 14marketing.scienceconsulting group, inc.
linkedin.com/in/augustinefou
(2017) Been going on for a while…
May 26 Forbes “Judy Malware”
• 40 bad apps to load ads
• 36 million fake devices to load
bad apps
• e.g. 30 ads per device /minute
• 30 ads per minute = 1 billion
fraud impressions per minute
June 1 Checkpoint “Fireball”
• 250 million infected computers
• primary use = traffic for ad
fraud
• 4 ads /pageview (2s load time)
• fraudulent impressions at the
rate of 30 billion per minute
16. February 2020 / Page 15marketing.scienceconsulting group, inc.
linkedin.com/in/augustinefou
What about CTV/OTT?
17. February 2020 / Page 16marketing.scienceconsulting group, inc.
linkedin.com/in/augustinefou
Mobile Apps Fake Video Streams
January 2020
https://www.buzzfeednews.com/
article/craigsilverman/grindr-
roku-apps-ad-fraud-scheme
Source: http://blog.pixalate.com/invalid-ssai-measure-ott-ctv-ad-fraud
Fraudsters use the same bots to
simulate more video streams to
cause more video ads.
18. February 2020 / Page 17marketing.scienceconsulting group, inc.
linkedin.com/in/augustinefou
What else?
19. February 2020 / Page 18marketing.scienceconsulting group, inc.
linkedin.com/in/augustinefou
Browser extensions, js code
Extensions can load ads, fake clicks, record clicks, exfiltrate data
https://gadgets.ndtv.com/internet/news/google-chrome-web-store-
extensions-500-removed-ad-fraud-2180242
Source: Freedom to Tinker, Nov 2017
20. February 2020 / Page 19marketing.scienceconsulting group, inc.
linkedin.com/in/augustinefou
Malvertising
Malware in ads used to compromise fresh devices, for ad fraud
https://twitter.com/j_rom_/status/1221715676907393024
https://medium.com/@clean.io/summary-of-
malicious-ads-and-reputation-threats-q3-2019-
2dd285e1c65a
21. February 2020 / Page 20marketing.scienceconsulting group, inc.
linkedin.com/in/augustinefou
Online child abuse images
“Using a variety of sophisticated techniques to avoid detection,
offenders are exploiting online advertising networks to
monetise their distribution of child sexual abuse material.”
Source: The Drum Nov 6, 2018 Source: CNN, Feb 2019 Source: NYT, Sep 2019
22. February 2020 / Page 21marketing.scienceconsulting group, inc.
linkedin.com/in/augustinefou
Alter measurement; click fraud
Make the ads appear viewable; affiliate fraud (click flooding)
Buzzfeed, March 2018
Source:
http://articles.latimes.com/2013/apr/19/business/la-
fi-mo-cookie-stuffing-ebay-20130419
“Laguna Niguel man pleads
guilty in 'cookie stuffing' scam
against Ebay. The online
auctioneer paid Dunning’s
company about $5.2 million in
2006 and 2007, the U.S. Attorney
said.”
23. February 2020 / Page 22marketing.scienceconsulting group, inc.
linkedin.com/in/augustinefou
Stolen identities; fake accounts
Unverifiable lookalike audiences contain fake profiles/preferences
Bots pretend to be
oncologists by visiting
oncology related sites.
“[LOTAME] purged 400 million
of its over 4 billion profiles after
identifying them as bots.”
Adweek, Feb 2018
24. February 2020 / Page 23marketing.scienceconsulting group, inc.
linkedin.com/in/augustinefou
Money laundering
Dollars are laundered as digital media ad spend on “cash out” sites
1. Buy and place digital ads on sites and apps
controlled by the same entity
2. Collect dollars from “cash out” sites, fully
laundered
25. February 2020 / Page 24marketing.scienceconsulting group, inc.
linkedin.com/in/augustinefou
Financial crimes - laundering
Dollars are laundered and moved via digital games, virtual goods
Valve suspended the trading between
players of “container keys”—an in-
game gambling device that players can
buy (with real money) to try to win
(virtual) rewards such as special
weapons or clothing. The firm says
“nearly all” of the trades of such
keys were “believed to be fraud-
sourced”. It is a rare admission of the
growing problem of using video games
to facilitate financial crime.
https://www.economist.com/finance-and-
economics/2019/11/07/financial-crime-through-video-
games-is-on-the-rise
26. February 2020 / Page 25marketing.scienceconsulting group, inc.
linkedin.com/in/augustinefou
About the Author
Augustine Fou, PhD.
acfou [@] mktsci.com
27. February 2020 / Page 26marketing.scienceconsulting group, inc.
linkedin.com/in/augustinefou
Dr. Augustine Fou – Researcher
2013
2014
Published slide decks and posts:
http://www.slideshare.net/augustinefou/presentations
https://www.linkedin.com/today/author/augustinefou
2016
2015
2017
20192018