The Drum Awards Festival - Extended Deadline

-d -h -min -sec

Ad Fraud Technology Transparency

Federal Law Enforcement to probe ‘methbot’ claims as the media industry drills down on fraud


By Ronan Shields, Digital Editor

January 4, 2017 | 7 min read

The Methbot report claiming advertisers were being defrauded by up to $5m each day published last month is now in the hands of US Federal Law Enforcement, with a potential investigation a distinct possibility in the future, according to report authors White Ops.

White Ops claims its report contains hard evidence

White Ops claims the report contains hard evidence

The study sent shockwaves throughout the entire industry with the staggering fees helping cyber security firm White Ops generate international coverage in mainstream media outlets as the anti-fraud unit and Trustworthy Action Group (TAG) assembled 170 of its adtech members for a debrief on the findings on in Washington D.C. on Tuesday (December 20).

Also present were representatives of US Federal Law Enforcement, thought to be the FBI, who are now looking into the claims made in the report, which listed up to 500,000 IP addresses allegedly involved in the fraud, with some present in the US. At said meeting TAG members were briefed on the findings, including recommendations to remediate the problems highlighted in the study (such as blacklisting certain sites, etc).

Those at the meeting were told how the fraudsters, dubbed Ad Fraud Komanda or “AFK13” faked registrations for more than 6,000 domains, more than 250,000 of which appeared to belong to big publishers such as ESPN and Vogue. With these fake domains, the criminals duped the algorithms used to sort where the most profitable ads will appear into buying their fraudulent web space.

A White Ops spokesperson told The Drum: “White Ops has shared relevant and specific intelligence with both Federal Law Enforcement and with TAG to ensure the industry can take action as a group to eradicate Methbot but they really cannot comment further as it’s an ongoing investigation.”

The Drum attempted to contact the FBI for comment on the Methbot claim, but it had not responded by time of publication. However, Michael Tiffany, chief executive at White Ops, said: “We are collaborating with Federal Law Enforcement … This is not like suspicions, this is hard actual intelligence, we have the hard IOCs (indicators of compromise).”

The report details what is potentially the biggest case of ad fraud to date, with White Ops claiming a Russian criminal group is taking up to $5m in ad spend per day by tricking ad exchanges with fake URLs and using bots farms to deliver fake video views.

Tiffany went on describe the report as a call-to-action, and not just a study of “what happened in the past”, with the report containing descriptions of some of the tools and tactics employed by such fraudsters.

He added: “Some of the servers used to do this were based in Dallas [Texas] and Amsterdam [in the Netherlands] but they made the IP addresses look as though they were spread across Middle America, so they could make their bot network look like a series of home computers, instead of a server-based bot farm. That was radically original.”

Tiffany later went on to say the tactics discussed in the study were “the kind of thing we’ve seen in hardcore IT security, not the the kind we’ve seen in the past with ad fraud … nobody had seen this kind of hackery before."

Not long after the study was announced some industry observers branded the report a hyperbole, questioning the methodology behind what they deemed inflated figures and asking why it wasn’t a matter for law enforcement.

Mike Zaneis, chief executive at TAG, said: “We spoke to all our members, told them what we saw, there were very few that disagreed."

The fraudsters imitated over 6,000 premium domains, from global newsbrands the New York Times, the Wall Street Journal and CNN, magazine brands Vogue, Cosmopolitan and GQ, major content platforms like Facebook, Google and Yahoo, broadcasters Channel 4, ESPN and ITV, as well as a number of brand websites ranging from airlines, retail and gaming. In short, no online industry was left untouched. The majority of sites targeted were US-based, but the full list of imitated sites render the fraud a global pandemic.

A number of news brands affected by the fraud refused to comment, except to say they are monitoring the progress of the investigation. What little the newsbrands could say hints that the global-scale of the fraud in turn diminishes their individual responsibility in taking action on what could be million of pounds of lost ad revenue.

An ESPN spokesperson contacted by The Drum added: “We’ve long believed in the importance of trusted relationships and the value of a clean, well-lighted and transparent environment for advertising. This only serves to underline that belief.”

The responsibility, it seems, lies in the hands of the advertising bodies, government, and the industry-at-large to enforce stricter regulation and monitoring of ‘low risk’ hacking techniques, which are currently virtually untraceable.

From a marketer point of view, the Association of National Advertisers already estimates that ad fraud will cost its members $7.2bn this year alone and Methbot is unlikely to allay brand fears. However, the industry in the US is already starting to work together, via initiatives such as the TAG, to combat ad fraud.

Wayne Blodwell, founder and chief executive of The Programmatic Advisory, said: "This new information should act as a wake-up call for marketers who currently don’t have a stringent enough brand safety setup. Marketers should be taking greater responsibility for the thresholds they are willing to put in place for their brands and they should be enforcing that on to their buyers (across all mediums)."

His advice is that a blacklist approach is the most basic measure but that really brands should be aiming for a combination of whitelists, negative keyword/category targeting, device targeting (i.e exclude old devices that have low penetration) and post-buy ad blocking via a third party partner.

“My recommendation is for marketers to work with their buyers to build a centralised brand safety framework that meets their desired thresholds and that they can refer to internally within their organization. No solution will ever be 100% fool proof as fraud is so dynamic, but with the right setup and processes in place marketers can expect a 99.99% safety threshold and can confidently continue to increase their investment into programmatic and see positive returns from doing so,” he added.

This particular report looks at the US but ad fraud is a global issue. In 2015, the IAB's Steve Chester admitted that a more collaborative approach to the issue needed to come from the industry in the UK or click fraud would continue to thrive. The Drum contacted the IAB UK for an update on the UK efforts in this regard but had not heard back at the time of publication.

Additional reporting by media reporter Jess Goodfellow and Asia editor Charlotte McEleny.

Ad Fraud Technology Transparency

More from Ad Fraud

View all


Industry insights

View all
Add your own content +