Google, FBI, Cybersecurity Firms Shut Down Online Ad Fraud Scam

Google, FBI Help Shut Down Online Ad Fraud Scam

Google, the FBI and White Ops, along with a handful of cybersecurity companies, recently collaborated to shut down a digital ad fraud scam that used 1.7 million computers to generate fake clicks.

According to a report in The Hacker News, the fake clicks were used to trick online advertisers for years and make tens of millions of dollars as a result. According to the report, 3ve (pronounced “Eve”), which is what the group called its online ad fraud campaign, was active since 2014 but could have been around for longer. Activity from the group increased in 2017, becoming a huge business with greater than $30 million in profit last year.

The botnet scheme relied on different strategies to create the fake clicks, including creating their own botnets, making fake versions of websites and visitors, selling fake ad inventory to advertisers and stealing the Border Gateway Protocol IP addresses, according to the report. Other tactics included hiding real IP addresses and infecting PCs with malware to create or generate fake clicks for online ads. The report noted the Department of Justice this week unseals a 13-count indictment against eight people from Russia, Kazakhstan and Ukraine who are believed to be behind the operations.

“Tech-savvy fraudsters try to produce fake traffic and fraudulent ad inventory to trick advertisers into believing that their ads are being seen by actual, interested users,” White Ops researchers said.

The report noted that Google and several cybersecurity firms said the ad fraud scheme was named 3ve because it relies on three sub-operations. “Its operators constantly adopted new ways to disguise 3ve’s bots, allowing the operation to continue growing even after their traffic was blacklisted. Whenever they were blocked off in one place, they’d reappear somewhere else,” Google said.

The Hacker News noted that from September of 2014 through December of 2016, the scammers used more than 1,900 computer servers hosted in commercial data centers to load ads on more than 5,000 counterfeit websites, which generated millions of dollars in profits for the scam company.