White Ops, a US-based cyber security firm, revealed that a Russian cyber criminal group has been stealing up to US$5 million on a daily basis from American corporations through the utilization of a botnet.
A botnet, also known as a zombie army, is a class of online computers commanded to send spam or viruses to other computers on the internet. Russian hackers is using a specially designed botnet to redirect automated web traffic to a bot signature.
In a period of 12 months, the botnet-based operation of the Russian criminal group grew exponentially in size, essentially forming a bot farm with a series of proxies and IP allocation. Using its resources, the group then directed its pool of online IP addresses and computers to video advertisers to receive compensation from video advertising networks.
The cyber security team behind White Ops described the bot operation as the most profitable cyber crime to date, as the criminals took away millions of dollars in profit per day.
MIchael Tiffany, White Ops co-founder and CEO stated:
“We’ve never seen anything like this. Methbot elevates ad fraud to a whole new level of sophistication and scale.”
A complete report published by White Ops entitled “The Methbot Operation” disclosed the range of Cost per thousand views (CPM) rates obtained by the criminal group, which ranged from US$3.27 to $36.72.
Considering the group’s 200 million to 400 million fraudulent video ad impressions generated per day by its botnet, the group could have made $14.7 million a day with high a CPM rate.
To earn a high CPM rate from a premium advertising platform, the content provider must have high quality content for the advertisers. The CPM rate can range anywhere from below a dollar to $100 depending on the amount of money the advertiser is willing to pay.
Often, advertisers prefer to have their advertisements embedded onto a website that has reputation and is fairly well known. Thus, websites of news companies such as ESPN or Fortune are highly demanded by advertisers.
Understanding the demand for premium domains and well-known companies, the criminal group created fake pages such as espn.com/video or fortune.com/video to deceive its advertisers. Then, the group sent hundreds of millions of fake traffic to the fake pages to be compensated for high quality content.
In a section entitled “Methbot: A Technical Analysis,” the White Ops team explained that the success of the methbot is directly attributable to its characteristics and sophistication, which camouflaged desktop browsers including Chrome and Firefox.
Traffic coming from widely used browsers and operating systems led advertising platforms and service providers to believe that the traffic was legitimate.
“Methbot is able to camouflage itself as any of the major desktop browsers by spoofing their user agent strings. Google’s Chrome is the browser identity of which White Ops detected the highest volume, including minor versions 53 and 54. Firefox 47, Internet Explorer 11 and Safari 9.1 and 9.2 are also represented,” read the report.