Slashdot Mirror

← Back to Stories (view on slashdot.org)

Russian Hackers Stole $5 Million Per Day From Advertisers With Bots and Fake Websites (cnn.com)

Posted by BeauHD on from the it's-all-an-illusion dept.

Russian hackers have used fake websites and bots to steal millions of dollars from advertisers. According to researchers, the fraud has siphoned more than $180 million from the online ad industry. CNNMoney reports: Dubbed "Methbot," it is a new twist in an increasingly complex world of online crime, according to White Ops, the cybersecurity firm that discovered the operation. Methbot, so nicknamed because the fake browser refers to itself as the "methbrowser," operates as a sham intermediary advertising ring: Companies would pay millions to run expensive video ads. Then they would deliver those ads to what appeared to be major websites. In reality, criminals had created more than 250,000 counterfeit web pages no real person was visiting. White Ops first spotted the criminal operation in October, and it is making up to $5 million per day -- by generating up to 300 million fake "video impressions" daily. According to White Ops, criminals acquired massive blocks of IP addresses -- 500,000 of them -- from two of the world's five major internet registries. Then they configured them so that they appeared to be located all over the United States. They built custom software so that computers (at those legitimate data centers) acted like real people viewing those ads. These "people" even appeared to have Facebook accounts (they didn't), so that premium ads were served. Hackers fooled ad fraud blockers because they figured out how to build software that mimicked a real person who only surfed during the daytime -- using the Google Chrome web browser on a Macbook laptop.

93 comments

  1. A single tear runs down my cheek. by Anonymous Coward · · Score: 5, Insightful

    Turn off your ad blocker and reload this page.

    Now, look at the shit down there.

    Wait, now click on some of them - go ahead. Try the one with the really hot chick or movie star - there's always one of those.

    You'll be stuck in horseshit hell. Some have mousetraps and other sleazy techniques to generate more page hits than you intended.

    Fuck'em.

    I mean really. It's one assholes "stealing" from another.

    1. Re: A single tear runs down my cheek. by Anonymous Coward · · Score: 3, Insightful

      Yeah, but we are talking about taking money! Mucking around with an election is one thing, but when you start stealing money then you have crossed the line.

    2. Re: A single tear runs down my cheek. by Moheeheeko · · Score: 4, Funny

      the ones that generate an additional page that makes your phone vibrate like mad and tell you "O NO UR PHONE HAS TEH AIDZ!!!" are my favorite.

    3. Re: A single tear runs down my cheek. by Anonymous Coward · · Score: 0

      Can we give these guys an award or something? Maybe a Nobel Peace Prize?

    4. Re: A single tear runs down my cheek. by Anonymous Coward · · Score: 0

      They seem to give those away for no clear reason. I also vote peace prize.

    5. Re: A single tear runs down my cheek. by Anonymous Coward · · Score: 0

      The kiddies say "f*ck em" the ad people are frauds.

      Those ads provide free content you nitwits. Those same Russian hackers have stolen millions from average citizens as well as the ad marketers.
      Will the slashdot kiddies ever grow up?

    6. Re: A single tear runs down my cheek. by ArylAkamov · · Score: 1

      Remember the ones that would fullscreen and were designed to look like a windows xp or windows 7 desktop with the default wallpaper?

      Click anywhere and welcome to hell. Also had a windows error box with the standard "YOU'VE BEEN INFECTED!" shit.

      Always laughed extra hard when I got one of those on Arch or Ubuntu.

    7. Re: A single tear runs down my cheek. by Anonymous Coward · · Score: 0, Insightful

      You need to be a nlgger to stand a chance, with ties to ISIS.

    8. Re: A single tear runs down my cheek. by Anonymous Coward · · Score: 0

      Heya, Zuck, sup. Ad money dont bring billions at your stupid Teh Vaginabook anymore?

    9. Re: A single tear runs down my cheek. by Anonymous Coward · · Score: 0

      Anyone can provide content...

    10. Re: A single tear runs down my cheek. by Anonymous Coward · · Score: 0

      Hahahahaa 90 percent of the content you speak of is the "You wont believe what happens next!" Type content. You know the type that is hard to distinguish whether it, or the ads on the page are t he point

    11. Re: A single tear runs down my cheek. by Anonymous Coward · · Score: 0

      I think you need to order hits on a bunch of people during lunch in a conference room to get a Nobel Peace prize these days.

    12. Re: A single tear runs down my cheek. by Anonymous Coward · · Score: 0

      No one's angry at Google for their ads. You know why? They generally keep the scum that work in advertising on a leash. It's the news sites that typically have the worst of the worst. They lost money? Serves them right. Who reads them any more?

    13. Re: A single tear runs down my cheek. by Anonymous Coward · · Score: 0

      You know who hosts the worst of the worst ads on those sites, right? Usually Google. Google doesn't vet their ads and have been a malware vector before.

    14. Re: A single tear runs down my cheek. by Anonymous Coward · · Score: 0

      Ads will continue to be blocked until they are static images no larger than 200x40, clearly labeled as "sponsored content", and function as a direct link to the site.

      Until ads are regulated, they get blocked. For every article, story, or anecdote I see about malvertising and scams, the height gets one pixel smaller.

  2. Ha Ha by Anonymous Coward · · Score: 0

    I buy amplifier!!!

  3. I am okay with this by wbr1 · · Score: 5, Insightful
    The online ad industry is so fucked, let it happen. Defraud the fraudsters. Exhaust their funding

    Every PC I service gets adblocking with customer permission and education on it. It is in my opinion unethical not to. There are so many fraudulent (even browser hijacking and malware delivering ads), that there is no other choice.

    Not to mention that it often speeds up browsing by a third or more, pertinent info is easier to find, etc.

    Fix the industry or get thee gone.

    --
    Silence is a state of mime.
    1. Re:I am okay with this by unixisc · · Score: 2, Funny

      Sounds like an Alien vs Predator deal. So which side should we support here? The bot owners or the evil Russians that pulled off a Russian revolution in America and gave us President Donald Fredovich Trumpov?

    2. Re:I am okay with this by Anonymous Coward · · Score: 0

      Obviously you support the weaker enemy, help them destroy the other, and then turn on them and destroy them. Didn't you learn anything in AvP?

    3. Re:I am okay with this by unixisc · · Score: 1

      Can't they just destroy each other w/o us being involved?

    4. Re:I am okay with this by Anonymous Coward · · Score: 0

      I bet you wouldn't be so against it if they were showing nude faggots instead of chicks.

    5. Re: I am okay with this by Anonymous Coward · · Score: 1

      CNN, NBC, CBS spend so much time on russians and on Putin next time around I will definitely be voting for Comarade Trumpov.
      Make russia great again.

    6. Re:I am okay with this by Anonymous Coward · · Score: 0

      They won't destroy each other, there will be one left standing. This is why you support the weaker one, or at least the one that you can easily destroy after the other is gone

    7. Re: I am okay with this by unixisc · · Score: 1

      They and their staff should all be extradited to Moscow, where they can join Comrade Snowden. Putin can give them the Litvenenko treatment if needed

  4. Re:RUSSIAN HACKERS by klingens · · Score: 0

    Cause this time you can easily follow the money. With Hillary there was no money trail.

  5. who was it? by Anonymous Coward · · Score: 0

    I need to ask them some advice on finding an IP address available....

    "criminals acquired massive blocks of IP addresses -- 500,000 of them -- from two of the world's five major internet registries."

  6. Sounds like a public service to me... by gweihir · · Score: 5, Interesting

    If they are identified, I think they should be fined $1 and then be given a medal.

    --
    Most ACs are not even worth the keystrokes to insult them. Be generically insulted by this and ignored otherwise.
    1. Re:Sounds like a public service to me... by Z00L00K · · Score: 0

      The Russian way is to hand out a medal and then shoot them.

      --
      If builders built buildings the way programmers wrote programs, then the first woodpecker would destroy civilization.
    2. Re:Sounds like a public service to me... by Anonymous Coward · · Score: 0

      And the Z00L00K way is to bend over and take it in the ass.

    3. Re:Sounds like a public service to me... by Anonymous Coward · · Score: 0

      Yeap, just like your mom.

  7. Re:2016... by Anonymous Coward · · Score: 0

    Your opinions are dumb and your grammar is bad.

  8. Re:RUSSIAN HACKERS by Tablizer · · Score: 1

    I keep hearing [about] "Russian Hackers"

    Because their main competition, the Nigerian Prince, has already been caught.

    --
    Table-ized A.I.
  9. Re:Any chance by irving47 · · Score: 1

    Sometimes the only thing more dangerous than the answer is the question. Be careful, comrade!

    --
    I had a sucky sig.
  10. Re:Any chance by IMightB · · Score: 0

    nah, these ones have ethics

  11. Hacker seems to get thrown around a lot by TheCastro1689 · · Score: 1

    It doesn't seem like there was much unauthorized access to a computer system, sounds like they breached the ToS for Facebook, but other than that I don't see an actual crime here.

    1. Re:Hacker seems to get thrown around a lot by avandesande · · Score: 1

      Only US advertisers are allowed to do these things.

      --
      love is just extroverted narcissism
    2. Re:Hacker seems to get thrown around a lot by Anonymous Coward · · Score: 0

      Well, its debatable if they were computer criminals. But as for being hackers - absolutely!
      I have 20 years in the industry, and I don't feel like I could call myself a hacker yet.
      Acquiring 0,5M IP addresses, herding them to look legit and all they did... From my point of view that takes mad skillz... Definitely hackers, these guys!
      This is /., not Fox.

  12. bottom feeders by IMightB · · Score: 1

    If your stealing from the worst kind of bottom feeders, is it really stealing?

  13. If them RUSKIES got that, image what GOOGLE took by Anonymous Coward · · Score: 0

    AnellofalotMORE!

  14. Fake FB accounts by Dan+East · · Score: 4, Interesting

    I run a couple FB community groups that are quite specific. They aren't of interest to anyone outside the community. Fairly regularly I will get requests to join the group from obviously fake accounts. Many have the wrong gender for their name or profile picture. They will have a small random assortment of friends from vastly different nationalities. They will belong to multiple groups in multiple languages. Most of them I report to FB are immediately classified by them as fake accounts and are deleted.

    Anyway, I wondered what the point was of these fake accounts. I thought maybe they harvested information (by joining groups they could see who is in the groups and thus attempt to build a graph connecting users). However, now I believe these accounts are created to consume advertising in scams such as this one, and at least some attempt is made to make the accounts appear genuine by having an array of friends and belonging to groups, etc.

    --
    Better known as 318230.
  15. I have a dream, a browser... by Anonymous Coward · · Score: 0

    The address bar of browsers is pretty useless as it is. In the old times, it showed where information as loaded from. Today, not really.

    I'm dreaming of an address-sidebar instead of an address bar. For each address the browser wants to get data from, I want to be able to select to a) do it, connect, but don't get any data, c) ignore it.

    Shouldn't be too hard?

    1. Re:I have a dream, a browser... by Anonymous Coward · · Score: 0

      Look into a tool called Burpsuite (its "hacker" tool for web site penetration testers) Allows to basically push a "pause" and "play" button for every action your browser does. https://portswigger.net/burp/

    2. Re:I have a dream, a browser... by Anonymous Coward · · Score: 0

      uMatrix?

    3. Re:I have a dream, a browser... by Anonymous Coward · · Score: 0

      LOL. Yes, iMatrix...

    4. Re:I have a dream, a browser... by Anonymous Coward · · Score: 0

      LiveHTTPHeaders Firefox plugin
      HTTP Trace Chrome Extension

      Nope, that wasn't too hard at all, a simple search revealed it.

    5. Re:I have a dream, a browser... by Anonymous Coward · · Score: 0

      This. Why didn't anyone tell me about this one before?

      Thanks. Feels like xmas :D

  16. Re:Any chance by Anonymous Coward · · Score: 1

    The Hillshill tears are delicious. So delicious...

  17. Ah, the Russian hackers by Anonymous Coward · · Score: 1

    the most talented in the world, but clumsy to the likening of bumbling clowns who drop Russian flags, business cards, e-mail addresses, and personal details, everywhere in their path. The picture of the smart-but-dumb Russian hacker doesn't quite add up.

  18. Paid Ad for WhiteOps? by Anonymous Coward · · Score: 0

    I find it ironic that this information comes about Ads, but it appears to me that this post might just be and Ad/plug for whiteopsdotcom! There site doesn't have any real data (at least at first glance). Normally when these things are reported by a security firm, there is a link to the white paper or the actual incident, and how they gleaned this information. All I see is a website advertising their services, and products. Not to mention the "contact us" for info and give us your email so we can spam you!

    Again irony...

    1. Re:Paid Ad for WhiteOps? by Anonymous Coward · · Score: 0

      I retract this statement, I found *their white-paper/write up. Although looking through the urls there are some interesting ones like "pbskids.org/videos" this makes me very concerned.

    2. Re:Paid Ad for WhiteOps? by lamber45 · · Score: 2

      If you're asking about the file domains.txt , that's not the "bad" domains, that's the "legitimate" advertisers who were victimized by the scheme. The whitepaper doesn't have full technical detail, but it sounds like the bot-farms used hosts files or private DNS to serve pages that seemed to be within those domains, without ever hitting the origin servers or even a public CDN. The list of "bad" actors, by IP address range, is the file IPs-CIDR.txt .

  19. What's the problem? by Anonymous Coward · · Score: 0

    Sounds like they made money off of a stupid system by using the system in exactly they way it was intended to be used. What's the problem here?

  20. Good thing by Anonymous Coward · · Score: 0

    The sooner websites notice, that ads are the wrong way, the better for the user. Find some better way than forcing shit on us.

    1. Re: Good thing by Anonymous Coward · · Score: 0

      I thought you liked shit? You're reading CNN after all, right?

  21. Re: RUSSIAN HACKERS by Anonymous Coward · · Score: 3, Insightful

    I can probably find Russia on a map. You going to be down on me for that? Personally I think Trump is an idiot but let him, you know, actually be Prez before you cry about how bad a Prez he is. Otherwise you just sound like crybaby Hollywood celeb.

  22. Stealing? by Anonymous Coward · · Score: 0

    For the benefit of the millions of future imitators - can anybody explain how this activity could in any way be construed as theft on the part of the system developers. With the minimal details available, it appears that the ad was served, but the representation that the ad was delivered to a person was made by the ad networks - who are therefore the only party actually engaging in fraudulent activity.

    It seems akin to paying an advertising agency to run a postal campaign, who then engage a subcontractor to dispose of the leaflets - which end up ultimately being dumped. The subcontractor dumping the leaflets isn't violating their contract for disposal.

    1. Re:Stealing? by Narcocide · · Score: 1, Interesting

      The advertisers aren't the ones paying for this service that the "Russian hackers" are providing. The site owners who host the ad campaigns are paying the hackers to inflate their traffic stats in order to defraud the advertising networks.

      Granted, I have trouble feeling sorry for the advertisers here too, but these figures are also being used for public traffic stats, which then in turn drives investment and stock prices of internet startup businesses, eventually leading to massive derailment of one of the basic fundamental assumptions upon which the US market thrives. This is a much bigger problem than just the 5 million dollars.

    2. Re:Stealing? by Anonymous Coward · · Score: 0

      derailment of one of the basic fundamental assumptions upon which the US market thrives

      I think I found your problem right here.

    3. Re:Stealing? by Anonymous Coward · · Score: 0

      one of the basic fundamental assumptions upon which the US market thrives.

      And what's that? There's one born every minute? As high as the market can bear? Fuck the customers, I want the yacht/private plane now?

  23. Facebook could have caught this by JoeyRox · · Score: 2

    If only their engineers knew basic math, the kind that would allow them to not miscalculate basic real metrics let alone the fraudulent ones.

    1. Re:Facebook could have caught this by Anonymous Coward · · Score: 0

      Why would FB care? They're getting a cut of all the advertising revenues world over... so it's in their best interests to turn a blind eye. (say FB makes 10% cut of those ads... $5m a day for hackers means $500k/day for FB, and they didn't even have to do anything!). In fact, I suspect all these advertising places know that this is happening... a lot... but simply choose to remain ignorant because advertising revenues are just too good. (don't cut branch you're sitting on, etc.)

  24. nice. by sootman · · Score: 0

    Hackers fooled ad fraud blockers because they figured out how to build software that mimicked a real person who only surfed during the daytime -- using the Google Chrome web browser on a Macbook laptop.

    Ugh. Who the hell would want to advertise to those assholes? I mean, Mac users are bad enough, but Mac users running Chrome... *shudder*

    ... who only surfed during the daytime...

    Let me guess: IPs spoofed to look like they came from a Panera?

    --
    Dear Slashdot: next time you want to mess with the site, add a rich-text editor for comments.
  25. Re: RUSSIAN HACKERS by Anonymous Coward · · Score: 0

    How about we look at all of the people he's listed for his Cabinet who are almost universally in fundamental conflict with the departments they'll be nominated to head and decide we've already seen far more than enough (even letting alone all of his lies and vile behavior while campaigning).

  26. Is it illegal? by Anonymous Coward · · Score: 0

    What exact law did they offend?

    This isn't too far off from building bots to cheat at online games.

    It's bannable but illegal?

    1. Re:Is it illegal? by gl4ss · · Score: 1

      well yeah.

      mind you that when google does it, then it's not fraud. only when some "crooks" do it.

      also they were creating fake accounts, which counts as fraud of some kind depending on where the "crime" of creating them took place.

      --
      world was created 5 seconds before this post as it is.
  27. Re:RUSSIAN HACKERS by smooth+wombat · · Score: 2, Informative

    You conveniently leave out the key detail: Hillary Clinton was never involved in the deal. You further leave out that the Canadian government was also involved and had to sign off on the deal.

    You also leave out that in addition to the State Department there were eight other agencies involved with the deal, including the Director of National Intelligence.

    But I guess in your fantasy world Hillary was able to cajole all these people, including a foreign government, to make the deal because in a round-about manner her foundation received legal foreign donations from a country who was in negotiation to buy a uranium mine, a deal in which she was never involved with. Yeah, sounds completely plausible.

    --
    We will bankrupt ourselves in the vain search for absolute security. -- Dwight D. Eisenhower
  28. World's smallest violin by Anonymous Coward · · Score: 1

    I am playing one right now.

  29. This is nothing new by Anonymous Coward · · Score: 0

    I worked policing affiliates for XPICS, the company that claims to have invented pay per click, back in the 1990's, the first internet job I had. We busted all sorts of scams that tried to send fake users and fake clicks to collect advertising revenue. Seems like a larger scale more modern continuation of that same type of operation.

  30. Good for them by Anonymous Coward · · Score: 0

    Well done

  31. Comment removed by account_deleted · · Score: 2

    Comment removed based on user account deletion

  32. Re: 2016... by Anonymous Coward · · Score: 0

    No no no, it is your nlgger grammar that is wrong. Sup

  33. Those evil ruskies... by Anonymous Coward · · Score: 0

    Commies all of them!

  34. Russian Hackers Faked the Moon Landing by Anonymous Coward · · Score: 0

    They're everywhere!!! EVERYWHERE!!!

  35. Re: Any chance by Anonymous Coward · · Score: 0, Funny

    hillary's sand nlgger electorate is so cheap

  36. Is there a newsletter? by argStyopa · · Score: 4, Insightful

    ...because I'd rather get the DNC/Obama Admin "message of the day" directly first thing in the morning, instead of having to wait for it to filter through their shills and then social media.

    Thanks!

    --
    -Styopa
  37. A tiny violin plays. by Anonymous Coward · · Score: 0

    *shrug* Maybe it's for the best. Mankind wasn't meant to have nice things. It's not like we'll miss them anyway.

  38. Reading cyber-security news by Anonymous Coward · · Score: 0

    Reading cyber-security news on CNN and NY Time is like taking stick tips from a bum. Very misinformed article. Just read the original research.

    1. Re:Reading cyber-security news by hesiod · · Score: 1

      They probably have plenty of tips: these sticks are good for kindling, those sticks can fend off dogs, these over here make good imaginary swords to scare the passers-by.

  39. Finally by Anonymous Coward · · Score: 0

    Finally someone has done what I've always wanted to do: massive click fraud botnets. I hope more spring up like this.

    Second on the list: 'viruses' that automatically install an appropriate adblocker on all infected machines...

  40. List of hostnames to block this in hosts files by Anonymous Coward · · Score: 0

    See subject & http://methbot.s3-website-us-east-1.amazonaws.com/domains.txt/ & for the best hosts file creator APK Hosts File Engine 9.0++ SR-4 32/64-bit https://www.google.com/search?hl=en&source=hp&biw=&bih=&q=%22APK+Hosts+File+Engine%22+and+%22start64%22&btnG=Google+Search&gbv=1/

    * 8th botnet hosts stop in 1 week with this one, here's the rest https://yro.slashdot.org/comments.pl?sid=10010777&cid=53510613/ listed...

    APK

    P.S.=> It's NOT easy being "world-class" (like me, lol)... apk

  41. Only sad I didnt do this myself by Anonymous Coward · · Score: 0

    Like seriously I'm almost tempted to move to Siberia. Why not make $5 million per day where no one will arrest you for doing this? Here I sit coding away for a lowly 100k a year like a good little drone while some Ivan is making $5 million a day off of code I could cobble together in a month myself. Oh, right -- I don't want to damn my very soul....

  42. Russian hackers by Anonymous Coward · · Score: 0

    government speak for "somebody"