About three-quarters of U.S. fraudulent advertising traffic is “sophisticated” invalid traffic, according to data released Tuesday.
Looking at IP and blacklists no longer works, said Guy Tytunovich, CHEQ founder-CEO, and a former Israeli military intelligence officer.
Tytunovich called ad fraud the second-largest organized-crime scheme globally, in terms of revenue generated, including narcotics.
“The industry needs to understand that for the last 10 years, vendors have been talking about different methods for detecting fraud through probabilistic and simplistic approaches,” he said. “At the end of the day, which I learned working for the defense intelligence in Israel, it’s a cat-and-mouse game. These methods no longer work.”
CHEQ, whose scientists continue to build out a military-grade ad-verification service, analyzed 4.1 billion ad requests made in the United States across 1.2 million websites between October 2018 and February 2019 -- up about 20% from the prior year. About 18% of the online ad traffic was fraudulent.
Of this fraudulent traffic, 77% was classified as “sophisticated invalid traffic” (SIVT), which relies on far more advanced malicious methods to defraud the advertising ecosystem than basic forms such as “general invalid traffic” (GIVT).
While GIVT can be detected by simplistic methods, such as IP and user-agent blacklists. SIVT prevention requires sophisticated capabilities, such as OS and device fingerprinting, dynamic honeypots or bot traps, and network behavior analysis.
CHEQ found 570 million SIVT attacks, each using a triple-lock of interwoven frauds that combines sophisticated domain-masking, invalid-referrals and viewability fraud in a coordinated attempt to evade detection.
Other techniques included domain spoofing, in which scammers create hidden iframes on web pages to run ads that consumers never see, and various means used by scammers to manipulate and falsify location data.
In total, CHEQ found and blocked 743 million instances of combined GIVT and SIVT ad requests before they were ever served.
Ad fraud is just one element; brands are losing between $20 billion and $50 billion per year, he said.
“Now there’s a thing called ‘fake news,’ and I’m not even talking about fact-checking Trump,” he said. “I’m talking about Russian or Chinese hackers trying to influence elections in Democratic countries using cyber-security hacking methods to distribute fake or false news. This didn’t exist 20 years ago before the information highway made it available for rouge countries to behave that way.”
Today, a report from The Wall Street Journal explains that Chinese hackers targeted more than two dozen universities worldwide as part of an elaborate scheme to steal research about maritime technology being developed for the military.
The world needs to take ad fraud and cyber threats more seriously. As society heads into a reality of autonomous vehicles, he said, cyber threats will become “mind boggling.” Fifteen years ago, society was concerned that Al-Qaeda would get their hands on nuclear devices or chemical weapons.
Today, the biggest threat is the ability to hack autonomous platforms.
Tytunovich started CHEQ to help sustain the free internet. Publishers make part of their revenue from advertising. "If we can't help sustain digital advertising by blocking these fraudsters, then we can't help sustain the beautiful concept called the free internet," he said.