Google, White Ops Uncover Massive Digital Ad-Fraud Scheme

The U.S. Department of Justice on Tuesday announced the indictment of two people from Kazakhstan and six Russian nationals for alleged involvement in a digital advertising fraud scheme worth millions.

In one scheme that occurred between December 2015 and October 2018, defendants allegedly used malware-infected computers to run automated ad-fraud schemes without users’ knowledge or consent. The malware hit more than 1.7 million computers and resulted in $29 million in payments for fake digital ads.

The 13-count indictment was unsealed Tuesday in a Brooklyn federal court as part of a multi-year investigation into two international cybercriminal rings partly focused on counterfeit ad inventory that led to charges of wire fraud, computer intrusion, aggravated identity theft and money laundering.

The defendants created more than 250,000 web pages across more than 5,000 domains associated with online publishers, including the domains of thousands of businesses in the United States and multiple businesses in the Eastern District of New York.

“This case sends a powerful message that this Office, together with our law enforcement partners, will use all our available resources to target and dismantle these costly schemes and bring their perpetrators to justice, wherever they are,” stated United States Attorney Richard Donoghue. 

The ad fraud operation included more than 3 billion daily bid requests, 1 million compromised IP addresses and 700,000 active infected devices.

In early 2017, Google began seeing indications of a botnet -- nothing surprising or unusual, according to one source. Then it noticed another botnet, which was semi-connected to the first, so Google reached out to White Ops, a cybersecurity company, to help it sort through the details.

Google turned the information over to law enforcement and involved the Federal Bureau of Investigation (FBI) after noticing the scale of the operation.

On Tuesday the indictment was announced, along with a published white paper detailing how Google worked with White Ops and the FBI to identify the ad-fraud program and how it worked to protect clients from being affected.

Since identifying the schemes, Google began pushing the adoption of Ads.txt, which helped to curb the impact to some extent.

In December 2017, Google also changed the way it handles refunds for invalid traffic with third-party exchanges in Display & Video 360.

5 comments about "Google, White Ops Uncover Massive Digital Ad-Fraud Scheme".
Check to receive email when comments are posted.
  1. Chuck Lantz from, network, November 28, 2018 at 11:47 a.m.

    Do the indictments for the two people from Kazakhstan and six Russian nationals carry any actual weight?  

  2. Craig Mcdaniel from Sweepstakes Today LLC, November 28, 2018 at 3:56 p.m.

    Laurie, thanks for the story. I have written in the comments several times about what sounds closely to what I was saying. I mentioned that I found that these bad guys were buying worthless domain names from a American domain name registar with privacy set up through an Panama attorney.  The reason I found out this was the bad guys had their domains set with search engine visiblity (SEV). I recommended that I would give the search engines like Google, Bing and Yahoo working with ICANN to turn off SEV on any domain name owner and any domain if they see a problem if their is fake contents.  

  3. John Grono from GAP Research, November 28, 2018 at 4:47 p.m.

    A lot of effort for just $17 per computer.   It just increases my loathing of them.

  4. Craig Mcdaniel from Sweepstakes Today LLC, November 28, 2018 at 5:25 p.m.

    John, while it might be $17 per computer, the problem is much larger than that. The bad guys also are hijacking address books and also hiding malware into website's at the domain level. So it is highly possible that one infected computer could generate many more times the amount and expand the total number of infected computers by hundreds or thousands of times. Need proof? I have "disavowed" over 2,100 bad URL link in Google Search Console for my domain and this is barely touching the surface. Another way to look at this is a giant Russian pyramid scheme that grows and grows.

  5. John Grono from GAP Research, November 28, 2018 at 6:44 p.m.

    Agreed Craig - this is even less than the tip of the iceberg.   My comment relating to that they hack and screw up millions upon millions or computers for $17 that probably cost $100 to clean-out.

Next story loading loading..