Slashdot Mirror

← Back to Stories (view on slashdot.org)

Russian Hackers Stole $5 Million Per Day From Advertisers With Bots and Fake Websites (cnn.com)

Posted by BeauHD on from the it's-all-an-illusion dept.

Russian hackers have used fake websites and bots to steal millions of dollars from advertisers. According to researchers, the fraud has siphoned more than $180 million from the online ad industry. CNNMoney reports: Dubbed "Methbot," it is a new twist in an increasingly complex world of online crime, according to White Ops, the cybersecurity firm that discovered the operation. Methbot, so nicknamed because the fake browser refers to itself as the "methbrowser," operates as a sham intermediary advertising ring: Companies would pay millions to run expensive video ads. Then they would deliver those ads to what appeared to be major websites. In reality, criminals had created more than 250,000 counterfeit web pages no real person was visiting. White Ops first spotted the criminal operation in October, and it is making up to $5 million per day -- by generating up to 300 million fake "video impressions" daily. According to White Ops, criminals acquired massive blocks of IP addresses -- 500,000 of them -- from two of the world's five major internet registries. Then they configured them so that they appeared to be located all over the United States. They built custom software so that computers (at those legitimate data centers) acted like real people viewing those ads. These "people" even appeared to have Facebook accounts (they didn't), so that premium ads were served. Hackers fooled ad fraud blockers because they figured out how to build software that mimicked a real person who only surfed during the daytime -- using the Google Chrome web browser on a Macbook laptop.

13 of 93 comments (clear)

  1. A single tear runs down my cheek. by Anonymous Coward · · Score: 5, Insightful

    Turn off your ad blocker and reload this page.

    Now, look at the shit down there.

    Wait, now click on some of them - go ahead. Try the one with the really hot chick or movie star - there's always one of those.

    You'll be stuck in horseshit hell. Some have mousetraps and other sleazy techniques to generate more page hits than you intended.

    Fuck'em.

    I mean really. It's one assholes "stealing" from another.

    1. Re: A single tear runs down my cheek. by Anonymous Coward · · Score: 3, Insightful

      Yeah, but we are talking about taking money! Mucking around with an election is one thing, but when you start stealing money then you have crossed the line.

    2. Re: A single tear runs down my cheek. by Moheeheeko · · Score: 4, Funny

      the ones that generate an additional page that makes your phone vibrate like mad and tell you "O NO UR PHONE HAS TEH AIDZ!!!" are my favorite.

  2. I am okay with this by wbr1 · · Score: 5, Insightful
    The online ad industry is so fucked, let it happen. Defraud the fraudsters. Exhaust their funding

    Every PC I service gets adblocking with customer permission and education on it. It is in my opinion unethical not to. There are so many fraudulent (even browser hijacking and malware delivering ads), that there is no other choice.

    Not to mention that it often speeds up browsing by a third or more, pertinent info is easier to find, etc.

    Fix the industry or get thee gone.

    --
    Silence is a state of mime.
    1. Re:I am okay with this by unixisc · · Score: 2, Funny

      Sounds like an Alien vs Predator deal. So which side should we support here? The bot owners or the evil Russians that pulled off a Russian revolution in America and gave us President Donald Fredovich Trumpov?

  3. Sounds like a public service to me... by gweihir · · Score: 5, Interesting

    If they are identified, I think they should be fined $1 and then be given a medal.

    --
    Most ACs are not even worth the keystrokes to insult them. Be generically insulted by this and ignored otherwise.
  4. Fake FB accounts by Dan+East · · Score: 4, Interesting

    I run a couple FB community groups that are quite specific. They aren't of interest to anyone outside the community. Fairly regularly I will get requests to join the group from obviously fake accounts. Many have the wrong gender for their name or profile picture. They will have a small random assortment of friends from vastly different nationalities. They will belong to multiple groups in multiple languages. Most of them I report to FB are immediately classified by them as fake accounts and are deleted.

    Anyway, I wondered what the point was of these fake accounts. I thought maybe they harvested information (by joining groups they could see who is in the groups and thus attempt to build a graph connecting users). However, now I believe these accounts are created to consume advertising in scams such as this one, and at least some attempt is made to make the accounts appear genuine by having an array of friends and belonging to groups, etc.

    --
    Better known as 318230.
  5. Re: RUSSIAN HACKERS by Anonymous Coward · · Score: 3, Insightful

    I can probably find Russia on a map. You going to be down on me for that? Personally I think Trump is an idiot but let him, you know, actually be Prez before you cry about how bad a Prez he is. Otherwise you just sound like crybaby Hollywood celeb.

  6. Facebook could have caught this by JoeyRox · · Score: 2

    If only their engineers knew basic math, the kind that would allow them to not miscalculate basic real metrics let alone the fraudulent ones.

  7. Re:RUSSIAN HACKERS by smooth+wombat · · Score: 2, Informative

    You conveniently leave out the key detail: Hillary Clinton was never involved in the deal. You further leave out that the Canadian government was also involved and had to sign off on the deal.

    You also leave out that in addition to the State Department there were eight other agencies involved with the deal, including the Director of National Intelligence.

    But I guess in your fantasy world Hillary was able to cajole all these people, including a foreign government, to make the deal because in a round-about manner her foundation received legal foreign donations from a country who was in negotiation to buy a uranium mine, a deal in which she was never involved with. Yeah, sounds completely plausible.

    --
    We will bankrupt ourselves in the vain search for absolute security. -- Dwight D. Eisenhower
  8. Comment removed by account_deleted · · Score: 2

    Comment removed based on user account deletion

  9. Is there a newsletter? by argStyopa · · Score: 4, Insightful

    ...because I'd rather get the DNC/Obama Admin "message of the day" directly first thing in the morning, instead of having to wait for it to filter through their shills and then social media.

    Thanks!

    --
    -Styopa
  10. Re:Paid Ad for WhiteOps? by lamber45 · · Score: 2

    If you're asking about the file domains.txt , that's not the "bad" domains, that's the "legitimate" advertisers who were victimized by the scheme. The whitepaper doesn't have full technical detail, but it sounds like the bot-farms used hosts files or private DNS to serve pages that seemed to be within those domains, without ever hitting the origin servers or even a public CDN. The list of "bad" actors, by IP address range, is the file IPs-CIDR.txt .