Technology

Russian Cyber Criminals Steal Millions a Day From US Media Sites

Paul Ausick

Published: December 21, 2016 12:45 pm

Last Updated: January 12, 2020 4:32 pm

Long before we found out that Russian hackers were working for the government, they were piling up profits from a variety of hacking schemes. The latest discovery is the so-called Methbot that fakes ad impressions and has been described as the largest and most profitable online ad fraud operation in history by the researchers who discovered it.

A group of Russian cyber criminals dubbed “AFK13” have been stealing from $3 million to $5 million a day from some 6,000 U.S. media sites, including the Huffington Post, Fortune, ESPN, CBS Sports and Fox News. Researchers at cybersecurity firm White Ops say that AFK13 has been operating for three years.

The hacking scheme is more sophisticated than, say, a typical malware or spyware infection. The criminals have written their own internal botnet infrastructure that automates the click-fraud scheme. The Methbot network basically spoofs video and other ad impressions using an automated network of web browsers at half a million unique web addresses that use fake IP registrations to pose as large carriers such as Verizon, AT&T or Comcast.

According to the White Ops white paper on Methbot, the cyber criminals used these methods to circumvent typical data center detection methods. This botnet represents “an innovation that transcends beyond traditional botnets, allowing Methbot to scale beyond anything the industry has seen before and placing it in a new class of bot fraud.”

The botnet generates up to 300 million phony ad impressions daily and bills 6,111 internet domains posing as actual ad inventory on popular websites. When ad companies pay the bill, they are paying for phony impressions. The average cost-per-thousand impressions on the Methbot network was $13.04.

Read the full White Ops report for more details.