Industry Actions Against

Digital Ad Fraud
Dr. Augustine Fou
http://linkd.in/augustinefou
acfou @mktsci .com
February 2014...
Microsoft Kills Zombie PCs
Armed with a court order and law enforcement help overseas, the team
took steps to cut off comm...
LinkedIn Sues John Doe
Professional social networking site LinkedIn has filed a federal lawsuit against ten unspecified
in...
Spider.io Kills Chameleon Botnet
Chameleon Botnet
Date of discovery: 28 February, 2013
Known as: Chameleon Botnet
Discover...
Ad Fraud Motive
and Opportunity
-5-

Augustine Fou
Motive
“Highly Lucrative, Profitable
The aggregate ad revenue for the
sample of 596 sites was an
estimated $56.7 million f...
Opportunity
As a greater proportion
of ads are bought and
sold automatically and
by algorithm through ad
exchanges, it has...
Ad Fraud Detection
and Mitigation
-8-

Augustine Fou
Blacklisting Sites
Value
Exclude sites from
serving your ads

-9-

Caveat
For every site excluded,
bad guys put up more
(b...
Enforcing Viewability
Value

Caveat

Only pay for ads which
are viewable (i.e. above
the-fold)

Bad guys can defeat
―viewa...
Bot Detection
Value

Caveat

Good guys use algorithms
to detect unusual
behaviors indicative of
bots (rather than humans)
...
Using CAPTCHAs
Value

Caveat

Captchas deter bots from
filling in forms and stealing
content and cookies.

Some bots can n...
“The above countermeasures are all good, and
advertisers should continue using them. But they are
not enough. If the good ...
Ad Fraud Forensics Process
Preliminary Scan
Sizing of
ad fraud

Forensic Analysis

Maintenance

• Technology Tools
• Stati...
Dr. Augustine Fou – Digital Forensics
“I advise clients on optimizing
advertising across all channels. Using
advanced tech...
Related Articles
Digital Ad Fraud Briefing
By: Augustine Fou December 2013

Fake YouTube Videos
By: Augustine Fou, Decembe...
Upcoming SlideShare
Loading in...5
×

Industry Actions Against Digital Ad Fraud Reported by Augustine Fou

142,725

Published on

Certain high profile cases have been reported in 2013 and 2014 about big companies taking action against organized crime, committing digital ad fraud in both display advertising and search ads.

Published in: Marketing
0 Comments
2 Likes
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total Views
142,725
On Slideshare
0
From Embeds
0
Number of Embeds
1
Actions
Shares
0
Downloads
0
Comments
0
Likes
2
Embeds 0
No embeds

No notes for slide

Transcript of "Industry Actions Against Digital Ad Fraud Reported by Augustine Fou"

  1. 1. Industry Actions Against Digital Ad Fraud Dr. Augustine Fou http://linkd.in/augustinefou acfou @mktsci .com February 2014 -1- Augustine Fou
  2. 2. Microsoft Kills Zombie PCs Armed with a court order and law enforcement help overseas, the team took steps to cut off communication links to European-based servers considered the mega-brain for an army of zombie computers known as ZeroAccess. Criminals for years had used the ZeroAccess "botnet," which combines the power of more than 2 million hijacked computers—or bots—around the world, to fraudulently bill some $2.7 million a month from online advertisers, company investigators say. Working With Law Enforcement, Microsoft Team Cuts Off Servers for Zombie Computers Source: WSJ Dec 5, 2013 -2- Augustine Fou
  3. 3. LinkedIn Sues John Doe Professional social networking site LinkedIn has filed a federal lawsuit against ten unspecified individuals over the use of bots that stole personal data from the profiles of hundreds of thousands of users. According to the suit, which was filed Monday in the Northern California federal district court, the bots were used to register thousands of fake LinkedIn accounts for the purpose of mining data from legitimate accounts – a process known as scraping, which is prohibited by LinkedIn‘s user agreement. The court documents also claim the fraudulent activity, which began last May, breaks state and federal computer security laws as well as federal copyright law. ―Since May 2013, unknown persons and/or entities employing various automated software programs (often referred to as ‗bots‘) have registered thousands of fake LinkedIn member accounts and have extracted and copied data from many member profile pages,‖ LinkedIn said in its complaint. ―This practice, known as ‗scraping,‘ is explicitly barred by LinkedIn‘s User Agreement, which prohibits access to LinkedIn ‗through scraping, spidering, crawling, or other technology or software used to access data without the express written consent of LinkedIn or its Members.‘‖ LinkedIn Sues ―John Doe‖ Hackers Who Created Fake Accounts to Scrape Member Data Source: BusinessWeek Jan 2014 -3- Augustine Fou
  4. 4. Spider.io Kills Chameleon Botnet Chameleon Botnet Date of discovery: 28 February, 2013 Known as: Chameleon Botnet Discovered by: spider.io Activity identified: Botnet emulates human visitors on select websites causing billions of display ad impressions to be served to the botnet. Number of host machines: over 120,000 have been discovered so far Geolocation of host machines: US residential IP addresses Reported User Agent of the bots: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0) and Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0) Proportion of traffic that is botnet traffic from IP addresses of host machines: 90% (diluted by gateway IPs) Number of target websites across which the botnet operates: at least 202 Proportion of traffic across the target websites that is botnet traffic: at least 65% Number of ad impressions served to the botnet per month: at least 9 billion Number of distinct ad-exchange cookies associated with the botnet per month: at least 7 million Average click-through rate generated by the botnet: 0.02% Average mouse-movement rate generated by the botnet: 11% Average CPM paid by advertisers for ad impressions served to the botnet: $0.69 CPM Monthly cost to advertisers of ad impressions served to the botnet: at least $6.2 million Spider.io Stops Chameleon Botnet, which ―emulates human visitors on select websites causing billions of display ad impressions to be served.‖ Source: Spider.io March 2013 -4- Augustine Fou
  5. 5. Ad Fraud Motive and Opportunity -5- Augustine Fou
  6. 6. Motive “Highly Lucrative, Profitable The aggregate ad revenue for the sample of 596 sites was an estimated $56.7 million for Q3 of 2013, projecting out to $226.7 million dollars annually, with average profit margins of 83%, ranging from 80% to as high as 94%.‖ Source: Digital Citizens Alliance Study, Feb 2014 -6- Augustine Fou
  7. 7. Opportunity As a greater proportion of ads are bought and sold automatically and by algorithm through ad exchanges, it has become far easier for bad guys to ―sell‖ fake traffic and impression inventory to unsuspecting, mainstrea m brand advertisers. Source: Digital Citizens Alliance Study, Feb 2014 -7- Augustine Fou
  8. 8. Ad Fraud Detection and Mitigation -8- Augustine Fou
  9. 9. Blacklisting Sites Value Exclude sites from serving your ads -9- Caveat For every site excluded, bad guys put up more (because they don‟t have to play by the rules). Augustine Fou
  10. 10. Enforcing Viewability Value Caveat Only pay for ads which are viewable (i.e. above the-fold) Bad guys can defeat ―viewability‖ by stuffing ads in hidden layers, all ―abovethe-fold” Source: Spider.io May 2, 2013 - 10 - Augustine Fou
  11. 11. Bot Detection Value Caveat Good guys use algorithms to detect unusual behaviors indicative of bots (rather than humans) It‘s an arms race between good and bad; bots are more sophisticated and can fake mouse movements and keep cookies. Source: Spider.io March 2013 - 11 - Augustine Fou
  12. 12. Using CAPTCHAs Value Caveat Captchas deter bots from filling in forms and stealing content and cookies. Some bots can now solve some captchas, most captchas don‘t protect content pages. Source: Solve Media Dec 31 2013 - 12 - ―Startup called Vicarious automatically solves CAPTCHAs.‖ Oct 2013 http://bit.ly/1bFo9lZ Augustine Fou
  13. 13. “The above countermeasures are all good, and advertisers should continue using them. But they are not enough. If the good guys fight the fight individually, there is little chance they can overcome the entire ecosystem of the bad guys. The good guys need to band together into their own ecosystem and put the bad guys on a „digital ad fraud equivalent to the National Sex Offenders Registry‟.” -- Dr. Augustine Fou - 13 - Augustine Fou
  14. 14. Ad Fraud Forensics Process Preliminary Scan Sizing of ad fraud Forensic Analysis Maintenance • Technology Tools • Statistical analysis • Budget shifts • Further optimization Implementation FREE $$$ Preliminary analysis of paid campaigns and analytics to determine magnitude of the ad fraud impacting client. Creating recommended list of changes, including list of sites to exclude in each ad channel. - 14 - $ Subscribe to triangulated, cross-industry database of ―ad fraud offenders‖ to continuously update blacklists and whitelists. Augustine Fou
  15. 15. Dr. Augustine Fou – Digital Forensics “I advise clients on optimizing advertising across all channels. Using advanced technical forensic techniques and custom tchnology tools, we detect and mitigate ad fraud and waste.” FORMER CHIEF DIGITAL OFFICER, HCG (OMNICOM) MCKINSEY CONSULTANT CLIENT SIDE / AGENCY SIDE EXPERIENCE PROFESSOR AND COLUMNIST ENTREPRENEUR / SMALL BUSINESS OWNER PHD MATERIALS SCIENCE (MIT '95) AT AGE 23 ClickZ Articles: http://bit.ly/augustine-fou-clickz Slideshares: http://bit.ly/augustine-fou-slideshares LinkedIn: http://linkd.in/augustinefou - 15 - @acfou Augustine Fou
  16. 16. Related Articles Digital Ad Fraud Briefing By: Augustine Fou December 2013 Fake YouTube Videos By: Augustine Fou, December 2013 How Display Fraud Works By: Augustine Fou, May 2013 Motive and Opportunity for Ad Fraud By: Augustine Fou, February 2014 How Click Fraud Works By: Augustine Fou, November 2013 Fake Facebook Profiles By: Augustine Fou, Dec 2013 The Magnitude of Digital Ad Fraud By: Augustine Fou, November 2013 Fake Twitter Accounts By: Augustine Fou, August 2013 ROI Case for Solving Ad Fraud By: Augustine Fou January 2014 Display Fraud 101 (video) By: Augustine Fou, Feb 2014 - 16 - Augustine Fou

×