Digital Ad Fraud
Superheroes
Dr. Augustine Fou
http://linkd.in/augustinefou
acfou @mktsci .com
February 2014
-1-

Augustin...
YouTube (Google)

Video ad impressions counted only if user does not click ―skip‖

With video ads you pay only when
someon...
Google
Google proactively filters invalid clicks, does not charge
The vast majority of all invalid clicks on AdWords ads a...
Spider.io (Google)
Advanced technical analysis that detects fraudulent bot activity
We have previously shown how malware-d...
WhiteOps
Advanced technical forensics to determine impact of bot actions

Mr. Tiffany said traffic fraud can be found not ...
Integral Ad Science
Brand safety via analyzing placements of ads

Source: Integral Ads
-6-

Augustine Fou
DoubleVerify
Ad verification technology – placement, viewability, bot detect

Source: http://www.doubleverify.com/
-7-

Au...
Solve Media
Human detection via CAPTCHAs; ad delivery to real humans

TYPE-IN™ ads:
Solve Media's proprietary TYPE-IN™
adv...
The Industry Takes
Action on Ad Fraud
-9-

Augustine Fou
IAB Releases Best Practices
Best Practices For Reducing Traffic Fraud Risk Unveiled by IAB
Specific Strategies Recommended...
LinkedIn Sues John Doe
Professional social networking site LinkedIn has filed a federal lawsuit against ten unspecified
in...
Microsoft Kills Zombie PCs
Armed with a court order and law enforcement help overseas, the team
took steps to cut off comm...
Spider.io Kills Chameleon Botnet
Chameleon Botnet
Date of discovery: 28 February, 2013
Known as: Chameleon Botnet
Discover...
What They Do /
Detection Vectors
- 14 -

Augustine Fou
Remote Fraud Detection

Advanced technical analysis of HOW fraud is
committed via compromised PCs, malware/spyware,
browse...
Placement/Viewability

Technology platforms to analyze the placement of ads
on dimensions like viewability, brand safety, ...
Non-human Visitors

Technology and techniques to detect non-human (bot)
visits to a site and loading of ads; solutions to ...
Digital Ad Fraud
Mitigation Techniques
- 18 -

Augustine Fou
Blacklisting Sites
Value
Exclude sites from
serving your ads

- 19 -

Caveat
For every site excluded,
bad guys put up more...
Enforcing Viewability
Value

Caveat

Only pay for ads which
are viewable (i.e. above
the-fold)

Bad guys can defeat
―viewa...
Bot Detection
Value

Caveat

Good guys use algorithms
to detect unusual
behaviors indicative of
bots (rather than humans)
...
Using CAPTCHAs
Value

Caveat

Captchas deter bots from
filling in forms and stealing
content and cookies.

Some bots can n...
“The above countermeasures are all good, and
advertisers should continue using them. But they are
not enough. If the good ...
Ad Fraud Forensics Process
Preliminary Scan
Sizing of
ad fraud

Forensic Analysis

Maintenance

• Technology Tools
• Stati...
Prioritizing Actions
30%

40%
30%
- 25 -

targeting

improving
optimization

delivery
viewability
bots /not seen by humans...
Low Hanging Fruit
The most immediate, direct impact on ROI comes from reducing waste

25% On-Target Delivery
(Nielsen)

54...
Dr. Augustine Fou – Digital Forensics
“I advise clients on optimizing
advertising across all channels. Using
advanced tech...
Related Articles
ROI Case for Solving Ad Fraud
By: Augustine Fou January 2014

Fake YouTube Videos
By: Augustine Fou, Dece...
Upcoming SlideShare
Loading in...5
×

Digital ad fraud superheroes the good guys by augustine fou

41,766

Published on

There are many good guys already fighting the fight against digital ad fraud. Here are a few of them, including some big ones.

Published in: Technology
2 Comments
3 Likes
Statistics
Notes
No Downloads
Views
Total Views
41,766
On Slideshare
0
From Embeds
0
Number of Embeds
3
Actions
Shares
0
Downloads
0
Comments
2
Likes
3
Embeds 0
No embeds

No notes for slide

Transcript of "Digital ad fraud superheroes the good guys by augustine fou"

  1. 1. Digital Ad Fraud Superheroes Dr. Augustine Fou http://linkd.in/augustinefou acfou @mktsci .com February 2014 -1- Augustine Fou
  2. 2. YouTube (Google) Video ad impressions counted only if user does not click ―skip‖ With video ads you pay only when someone chooses to watch your ad, so you don't waste money advertising to people who aren't interested in your business. Source: http://www.youtube.com/yt/advertise/why-it-works.html -2- Augustine Fou
  3. 3. Google Google proactively filters invalid clicks, does not charge The vast majority of all invalid clicks on AdWords ads are caught by our online filters. These filters are constantly being updated and react to a wide variety of traffic patterns and indications of click fraud attacks. On average, invalid clicks account for less than 10% of all clicks on AdWords ads. At our current revenue run rate, the aggregate value of the clicks that we've identified as suspicious or invalid and excluded from what we've charged advertisers is in the hundreds of millions of dollars. Source: https://support.google.com/adwords/answer/2454071 -3- Augustine Fou
  4. 4. Spider.io (Google) Advanced technical analysis that detects fraudulent bot activity We have previously shown how malware-driven traffic across websites costs display advertisers millions of dollars per month [1]. We have also shown how easy it is to generate this type of fake traffic—with fewer than 100 lines of C++ code [2]. In this post we provide the first case study to show how a well known malware rootkit is being used by cyber criminals today specifically to defraud online display advertisers. The case study is a display advertising analogue of a click-fraud study by Miller et al. [3]. In our investigations into the origins of malware-driven traffic across websites we discovered a TDSS rootkit with dll32.dll and dll64.dll payloads. TDSS has been described by Kaspersky as ―the most sophisticated threat today‖ [4]. In this post we show how hijacked PCs controlled by these TDSS payloads impersonate real website visitors across target webpages on which display ad inventory is being sold. We show in this post how this fake traffic is being sold to publishers today through the ClickIce ad exchange. We show further in this post that some unscrupulous publishers are not just knowingly buying this fake traffic. They are in fact optimising their webpage layouts for this fake traffic. We recorded activity on a hijacked PC controlled by one of these payloads. We have included this below. Source: http://www.spider.io/blog/2013/12/cyber-criminals-defraud-display-advertisers-with-tdss/ -4- Augustine Fou
  5. 5. WhiteOps Advanced technical forensics to determine impact of bot actions Mr. Tiffany said traffic fraud can be found not only on smaller sites serving as shells to game ad exchanges, but on the domains of premium publishers as well. "What we do know is that it's not just a problem hiding out in the long tail, it's not just a problem of bogus websites," he said. "Bots have infiltrated traffic systems across the ecosystem and end up at some premium, name brand publishers." Source: AdAge - Premium Publishers Are Getting Victimized By Traffic Fraud, Too Feb 2014 -5- Augustine Fou
  6. 6. Integral Ad Science Brand safety via analyzing placements of ads Source: Integral Ads -6- Augustine Fou
  7. 7. DoubleVerify Ad verification technology – placement, viewability, bot detect Source: http://www.doubleverify.com/ -7- Augustine Fou
  8. 8. Solve Media Human detection via CAPTCHAs; ad delivery to real humans TYPE-IN™ ads: Solve Media's proprietary TYPE-IN™ advertising guarantees your messaging won't be ignored—because it can't be. Our simple, effective and memorable TYPE-IN™ advertising lets users type in brand messages where they interact on web pages and mobile apps— replacing difficult CAPTCHAs, allowing people to skip video pre-roll ads, or unlocking access to valuable mobile experiences. The result: superior brand lift. Here's how: -8- • Guarantee engagement with your message every time • Deliver 1200% greater message recall than banner ads • Outperform comScore Brand Lift norms by an average of 10X across awareness, association, favorability, and purchase intent • Are performance-based, so you only pay for true engagement. Impressions that users don't engage with are free Augustine Fou
  9. 9. The Industry Takes Action on Ad Fraud -9- Augustine Fou
  10. 10. IAB Releases Best Practices Best Practices For Reducing Traffic Fraud Risk Unveiled by IAB Specific Strategies Recommended for Buyers, Publishers and Networks To Identify False Traffic and Mitigate Its Adverse Effects, in New Document Released for Public Comment NEW YORK, NY (December 5, 2013) — Fraudulent traffic has reached critical levels across the digital advertising ecosystem, and in response the Interactive Advertising Bureau (IAB) and its Traffic of Good Intent Task Force have released ―Best Practices – Traffic Fraud: Reducing Risk to Exposure‖ to meet this challenge. Entering the public comment phase today, the best practices explain how robotic traffic (aka ―bots‖) can infiltrate legitimate publisher inventory. Accordingly, it provides premium publishers and networks, as well as buyers, with specific recommendations. - 10 - Augustine Fou
  11. 11. LinkedIn Sues John Doe Professional social networking site LinkedIn has filed a federal lawsuit against ten unspecified individuals over the use of bots that stole personal data from the profiles of hundreds of thousands of users. According to the suit, which was filed Monday in the Northern California federal district court, the bots were used to register thousands of fake LinkedIn accounts for the purpose of mining data from legitimate accounts – a process known as scraping, which is prohibited by LinkedIn‘s user agreement. The court documents also claim the fraudulent activity, which began last May, breaks state and federal computer security laws as well as federal copyright law. ―Since May 2013, unknown persons and/or entities employing various automated software programs (often referred to as ‗bots‘) have registered thousands of fake LinkedIn member accounts and have extracted and copied data from many member profile pages,‖ LinkedIn said in its complaint. ―This practice, known as ‗scraping,‘ is explicitly barred by LinkedIn‘s User Agreement, which prohibits access to LinkedIn ‗through scraping, spidering, crawling, or other technology or software used to access data without the express written consent of LinkedIn or its Members.‘‖ LinkedIn Sues ―John Doe‖ Hackers Who Created Fake Accounts to Scrape Member Data Source: BusinessWeek Jan 2014 - 11 - Augustine Fou
  12. 12. Microsoft Kills Zombie PCs Armed with a court order and law enforcement help overseas, the team took steps to cut off communication links to European-based servers considered the mega-brain for an army of zombie computers known as ZeroAccess. Criminals for years had used the ZeroAccess "botnet," which combines the power of more than 2 million hijacked computers—or bots—around the world, to fraudulently bill some $2.7 million a month from online advertisers, company investigators say. Working With Law Enforcement, Microsoft Team Cuts Off Servers for Zombie Computers Source: WSJ Dec 5, 2013 - 12 - Augustine Fou
  13. 13. Spider.io Kills Chameleon Botnet Chameleon Botnet Date of discovery: 28 February, 2013 Known as: Chameleon Botnet Discovered by: spider.io Activity identified: Botnet emulates human visitors on select websites causing billions of display ad impressions to be served to the botnet. Number of host machines: over 120,000 have been discovered so far Geolocation of host machines: US residential IP addresses Reported User Agent of the bots: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0) and Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0) Proportion of traffic that is botnet traffic from IP addresses of host machines: 90% (diluted by gateway IPs) Number of target websites across which the botnet operates: at least 202 Proportion of traffic across the target websites that is botnet traffic: at least 65% Number of ad impressions served to the botnet per month: at least 9 billion Number of distinct ad-exchange cookies associated with the botnet per month: at least 7 million Average click-through rate generated by the botnet: 0.02% Average mouse-movement rate generated by the botnet: 11% Average CPM paid by advertisers for ad impressions served to the botnet: $0.69 CPM Monthly cost to advertisers of ad impressions served to the botnet: at least $6.2 million Spider.io Stops Chameleon Botnet, which ―emulates human visitors on select websites causing billions of display ad impressions to be served.‖ Source: Spider.io March 2013 - 13 - Augustine Fou
  14. 14. What They Do / Detection Vectors - 14 - Augustine Fou
  15. 15. Remote Fraud Detection Advanced technical analysis of HOW fraud is committed via compromised PCs, malware/spyware, browser toolbars, browser daemons, rootkits, javascript agents, etc. - 15 - Augustine Fou
  16. 16. Placement/Viewability Technology platforms to analyze the placement of ads on dimensions like viewability, brand safety, suspicious activity (fraudulent views or clicks). - 16 - Augustine Fou
  17. 17. Non-human Visitors Technology and techniques to detect non-human (bot) visits to a site and loading of ads; solutions to save advertisers money (pay only when it is proven human, don‘t pay when human does not stay to see ad). - 17 - Augustine Fou
  18. 18. Digital Ad Fraud Mitigation Techniques - 18 - Augustine Fou
  19. 19. Blacklisting Sites Value Exclude sites from serving your ads - 19 - Caveat For every site excluded, bad guys put up more (because they don‟t have to play by the rules). Augustine Fou
  20. 20. Enforcing Viewability Value Caveat Only pay for ads which are viewable (i.e. above the-fold) Bad guys can defeat ―viewability‖ by stuffing ads in hidden layers, all ―abovethe-fold” Source: Spider.io May 2, 2013 - 20 - Augustine Fou
  21. 21. Bot Detection Value Caveat Good guys use algorithms to detect unusual behaviors indicative of bots (rather than humans) It‘s an arms race between good and bad; bots are more sophisticated and can fake mouse movements and keep cookies. Source: Spider.io March 2013 - 21 - Augustine Fou
  22. 22. Using CAPTCHAs Value Caveat Captchas deter bots from filling in forms and stealing content and cookies. Some bots can now solve some captchas, most captchas don‘t protect content pages. Source: Solve Media Dec 31 2013 - 22 - ―Startup called Vicarious automatically solves CAPTCHAs.‖ Oct 2013 http://bit.ly/1bFo9lZ Augustine Fou
  23. 23. “The above countermeasures are all good, and advertisers should continue using them. But they are not enough. If the good guys fight the fight individually, there is little chance they can overcome the entire ecosystem of the bad guys. The good guys need to band together into their own ecosystem and put the bad guys on a „digital ad fraud equivalent to the National Sex Offenders Registry‟.” -- Dr. Augustine Fou - 23 - Augustine Fou
  24. 24. Ad Fraud Forensics Process Preliminary Scan Sizing of ad fraud Forensic Analysis Maintenance • Technology Tools • Statistical analysis • Budget shifts • Further optimization Implementation FREE $$$ Preliminary analysis of paid campaigns and analytics to determine magnitude of the ad fraud impacting client. Creating recommended list of changes, including list of sites to exclude in each ad channel. - 24 - $ Subscribe to triangulated, cross-industry database of ―ad fraud offenders‖ to continuously update blacklists and whitelists. Augustine Fou
  25. 25. Prioritizing Actions 30% 40% 30% - 25 - targeting improving optimization delivery viewability bots /not seen by humans waste reduction Augustine Fou
  26. 26. Low Hanging Fruit The most immediate, direct impact on ROI comes from reducing waste 25% On-Target Delivery (Nielsen) 54% Not In View (comScore) 82% Ignored (Harris Interactive) 23% Ad Blocked (PageFair) 24 – 29% confirmed bot (Solve Media) - 26 - Augustine Fou
  27. 27. Dr. Augustine Fou – Digital Forensics “I advise clients on optimizing advertising across all channels. Using advanced technical forensic techniques and custom tchnology tools, we detect and mitigate ad fraud and waste.” FORMER CHIEF DIGITAL OFFICER, HCG (OMNICOM) MCKINSEY CONSULTANT CLIENT SIDE / AGENCY SIDE EXPERIENCE PROFESSOR AND COLUMNIST ENTREPRENEUR / SMALL BUSINESS OWNER PHD MATERIALS SCIENCE (MIT '95) AT AGE 23 ClickZ Articles: http://bit.ly/augustine-fou-clickz Slideshares: http://bit.ly/augustine-fou-slideshares LinkedIn: http://linkd.in/augustinefou - 27 - @acfou Augustine Fou
  28. 28. Related Articles ROI Case for Solving Ad Fraud By: Augustine Fou January 2014 Fake YouTube Videos By: Augustine Fou, December 2013 Digital Ad Fraud Briefing By: Augustine Fou December 2013 Motive and Opportunity for Ad Fraud By: Augustine Fou, February 2014 How Display Fraud Works By: Augustine Fou, May 2013 Fake Facebook Profiles By: Augustine Fou, Dec 2013 How Click Fraud Works By: Augustine Fou, November 2013 Fake Twitter Accounts By: Augustine Fou, August 2013 The Magnitude of Digital Ad Fraud By: Augustine Fou, November 2013 Display Fraud 101 (video) By: Augustine Fou, Feb 2014 - 28 - Augustine Fou

×