The following post was inspired by the book Dark Territory: The Secret History of Cyber War and the stories of how we have already transitioned from espionage and information warfare involving communications, technologies, and operations in the physical world to those very same things in the cyber world.
If we consider terrorism to be actions undertaken by foreign states, groups, or individuals that entail varied, coordinated and sophisticated acts that disrupt economic and financial systems for ideological, monetary or religious motives. Then we should consider digital ad fraud in these terms. Not only are billions of ad dollars stolen from the largest corporations — disrupting their advertising and billions in ad revenues are diverted away from the largest publishers; other economic disruptions such as mass identify theft and credit card fraud cost the largest financial institutions billions in losses. What would you call this other than economic terrorism at scale?
Let’s borrow keywords from spycraft to illustrate. For a handy glossary of terms: http://www.spymuseum.org/education-programs/news-books-briefings/language-of-espionage/
Bots are the agents of ad fraud and ad tech
Malware infiltrates personal computers to create bots that are used to generate fake ad impressions by visiting websites. These bots also lurk in the background of millions of civilians’ devices collecting personal information like passwords, browsing histories, files, and other data, which they eventually exfiltrate for use in ad targeting or other unsavory ways. Ted McConnell, long time ad tech expert, added “Don’t forget honeypots — in human terms, a hot girl (or guy) who will get you to talk; in cyber crime, a site you get sucked into that will plant malware and get data out of you.” Bots are the assets that do the fieldwork of generating traffic and ad impressions.
Further, just as cobblers make false IDs and passports in the physical world, fraudbots clone or collect cookies to disguise themselves as humans; the search and browsing histories of real humans are the cover that make the bots particularly attractive to advertisers, who then pay a premium to retarget them. These advanced bots, or hard targets, thus continue to “exfil” more dollars more efficiently from the digital ad ecosystem until they are caught. As soon as these agents can no longer perform their duty — to make money — they are burned. Bots (cookies) and websites (domains) that end up on blacklists are immediately scrubbed, no bleach required, so their handlers remain clean.
Middlemen in the ad tech supply chain could be double agents
Digital ad fraud persists because some middlemen in the ad tech supply chain are a double agents; they supposedly work for one party but secretly have other incentives that prevent them from taking more aggressive action against fraud — i.e. they lose revenue when fraudulent impressions and traffic are reduced or eliminated. Media agencies, ad networks, ad tech firms, and even the fraud detection firms all make more money the higher volume of impressions that move through the system and as long as fraud persists. And there is no blowback whatsoever for just standing by and maintaining the status quo.
Furthermore, some middlemen deliberately withhold the detailed analytics that may expose illicit activities, making them eyes only or classified; so the good guys and the authorities often have very little good intel to use to discover the criminal activities. Ad fraud hides easily in rolled-up numbers so this kind of large scale fraud operations doesn’t even need to be clandestine; it can be done in plain sight.
Consumers fight back with ad blocking counter-surveillance
The civilian casualties in the ongoing cyberwar far outnumber actual wet works in the physical world, because this kind of collateral damage consists of the hundreds of millions individuals whose personal information is being bought and sold without their knowledge or consent and the tens of millions of identities stolen, bank accounts drained, and credit cards used for fraudulent transactions.
Every website that runs social media buttons, analytics packages, and ad tracking tags are bugged to the hilt; they are littered with covert listening and recording devices. And every human that visits these sites is being surveilled. As more internet users become aware of the mass surveillance that is taking place under the cover of programmatic ad tech, they are fighting back by installing ad blockers. These technologies are a form of counter surveillance that not only blocks ads but also reduces security vulnerabilities and data leakage, including personal information and preferences.
Advanced cyber criminals remain in deep cover for years
Cyber criminals use the collected personal information and additional social engineering techniques to gather enough data to compromise online bank accounts and credit cards — think of bad guys resetting your password using your pet’s name, high school mascot, sorority name, etc. Advanced cyber criminals use the millions of credit cards thus compromised to covertly place tens of millions of tiny transactions that do not raise suspicion or warrant action — how many consumers would spend time disputing $1.99 charges, or even recognize them to be fraudulent in the first place. Only amatuer bad guys go out and buy HDTVs with stolen credit cards, resulting in the cards being cancelled.
Further, sophisticated criminals will also not likely cause catastrophic disruptions to critical infrastructure; they play the long game and remain embedded for years, like sleeper cells, continuously making money and gathering ELINT (electronic intelligence) and HUMINT (human intelligence). The widely publicized breaches of recent years where tens of millions of identities and credit cards were stolen didn’t just happen; those systems had been compromised for years and the reported events simply corresponded to when the good guys found out about it.
How good guys can bang and burn digital ad fraud for good
Despite years of talk and study, the topics of viewability and ad blocking have been more like chicken feed, plausible issues for the industry, but ones that have taken the attention of the good guys away from the much more nefarious issue of fraud. It has also given them a false sense of having taken action, while the bad guys continued stealing ad dollars, to the tune of billions per year.
The good guys appear to be finally getting around to fighting ad fraud aggressively; but this seems to have been precipitated by the emergency condition created by a critical mass of consumers using ad blocking and fundamentally shifting the balance of power. In fact, the users’ collective actions may force an entirely new business model for digital advertising and ad-supported content. But in the meantime, the soft targets are simply detecting bot activity and mitigating its harmful effects, including the negative impact on measurement and analytics ( read more: http://adexchanger.com/data-driven-thinking/ad-fraud-wreaks-havoc-on-measurement ).
The good guys also need to mount cyber offensives, rather than just play defense. Perhaps a 4D framework for direct action should also be used here — 1), deter ad fraud by changing the economic incentives and ROI goals, 2) detect first hand data with enough details to see illicit activities, 3) deflect bot activity and other forms of surveillance and data leakage, and 4) destroy any remaining agents of fraud, like the advanced bots that continue to slip through. (see more: https://www.linkedin.com/pulse/4d-cybersecurity-framework-fighting-bots-fraud-dr-augustine-fou-). Once these executive actions start in earnest, hopefully we create enough positive momentum and a cascade of wins that helps the good guys bang and burn digital ad fraud for good.
If you consider digital ad fraud economic terrorism, what counterterrorism measures would you deploy?
About the Author: “I advise advertisers, publishers, and agencies on the technical aspects of fighting digital ad fraud and improving the effectiveness of digital advertising. Using forensic technologies and techniques I help to assess the threat and recommend countermeasures to combat fraud and improve ROI.”
Further reading: http://www.slideshare.net/augustinefou/presentations