piracy and ad fraud - bad guys rip off studios twice

April 2017 / marketing.scienceconsulting group, inc.

linkedin.com/in/augustinefou

Bad Guys Rip Off Studios -- TWICE

April 2017Augustine Fou, PhD.acfou [at] mktsci.com



Did “at-scale” piracy win?

Source: http://gizmodo.com/the-new-plan-to-stop-internet-piracy-is-just-the-old-on-1792795228

“Copyright Alert System was shutdown for good last month.”

Source: https://www.engadget.com/2017/01/28/internet-providers-stop-copyright-alerts/

“ISPs and media groups have dropped the alert system with an admission that it isn't up to the job.”

“CAS was optimistic: it assumed that most pirates didn't even realize they were violating copyright.”



How are piracy and ad fraud related?

“Cybercriminals (not teens or moms) steal content at-scale and make money from it through digital ads …”

“ … the best way to reduce piracy at-scale is to cut off their money supply (from digital ads).”

How they’re related

How to fight it



Bad Guys Steal from Movie Studios - Twice

Piracy Ad Fraud

They steal your content

They steal your ad dollars

• Display ads• Video ads• Mobile ads+



Studio ads fund piracy sites. How? Digital Ads

• Known piracy sites are not accepted into mainstream ad networks like Doubleclick• Piracy sites make revenues by serving display/video ads; they do not charge users• Piracy sites are also paid for each successful malware install on real human users• They want to earn higher, premium CPMs

Motive

• Big brand advertisers still pay on CPM (cost per thousand) impressions basis• They just need to cause the ad impressions to load

Opportunity

• Iframe ads (or entire pages) from other sites that already belong to premium ad networks; side deal to get a revenue share on premium CPM for driving traffic/imps.

Means

Piracy Site

• Iframe of an ad (or entire webpage) from another site that is already part of an ad network.

• May use additional laundering or obfuscation techniques to hide true origin of the ad load



How piracy sites amplify their ad revenues

Piracy Site

Stack hundreds of ad iframes on top of each other so each pageload causes hundreds of ad impressions.

Ad Stacking

A single ad call can invoke hundreds or thousands of single-pixel ad impressions – e.g. 1x1 pixels or 0x0 (hidden).

Pixel Stuffing

By causing an entire webpage to load within an iframe (visible or hidden) bad guys create fake traffic for sites that carry ads.

iFraming Entire Webpages

Load hundreds of ads on a page, constantly refresh the page or ad calls; auto-refresh/auto-play

High Ad Load



Why anti-fraud solutions haven’t detected this• Many big brands’ agencies still buy digital ads on “reach and frequency” basis

and want as many ad impressions as possible, for lower average costDidn’t Look

• Anti-fraud solutions that ride along with the ad (ad tag) cannot see outside its own iframe

Can’t See

• There are many services that help to obfuscate or “launder” the real origin of the ad impressions

Obfuscated

• Bad guys don’t play by any rules so they stack hundreds of ads so all of them are “above the fold” and trick viewability measurement tools

Viewable

• The ad impressions may even appear to be seen by a human because technologies that measure the user environment (e.g. browser version, screen resolution, OS) will detect actual human user

Human

AD



Ad Fraud Background



Digital ad fraud is profitable and scalable

Source: https://hbr.org/2015/10/why-fraudulent-ad-networks-continue-to-thrive

“the profit margin is 99% … [especially with pay-for-use cloud services ]…”

“highly lucrative, and profitable… with margins from 80% to 94%…”

“why stop at 10 ads on the page; why

not load 13,000 ads on the page”

131 ads on pageX

100 iframes=

13,100 ads /page

Source: Digital Citizens Alliance Study, Feb 2014

https://hbr.org/2015/10/why-fraudulent-ad-networks-continue-to-thrive

https://media.gractions.com/314A5A5A9ABBBBC5E3BD824CF47C46EF4B9D3A76/4af7db7f-03e7-49cb-aeb8-ad0671a4e1c7.pdf



Example – 92% of impressions cleaned

Increased CPM prices by 800%

Decreased impression volume by 92%

Source: http://adexchanger.com/ad-exchange-news/6-months-after-fraud-cleanup-appnexus-shares-effect-on-its-exchange/

260 billion

20 billion

> $1.60

< 20 cents



Methbot stayed hidden for years

Source: Dec 2016 WhiteOps Discloses Methbot Research

“the largest ad fraud discovered to date, a single botnet, Methbot, steals $3 - $5 million per day, $2 billion annualized.”

1. Targets video ad inventory$13 average CPM, 10X higher than display ads

2. Disguised as good publishersPretending to be good publishers to cover tracks

3. Simulated human actionsActively faked clicks, mouse movements, page scrolling

4. Obfuscated data center originsData center bots pretended to be from residential IP addresses

http://www.whiteops.com/METHBOT







About the Author



Dr. Augustine Fou – Independent Ad Fraud Researcher2013

2014

Follow me on LinkedIn (click) and on Twitter @acfou (click)

Further reading:http://www.slideshare.net/augustinefou/presentationshttps://www.linkedin.com/today/author/augustinefou

2016

2015

http://www.linkedin.com/today/author/augustinefou

http://twitter.com/acfou

http://twitter.com/acfou

http://www.slideshare.net/augustinefou/presentations

https://www.linkedin.com/today/author/augustinefou



Harvard Business Review – October 2015

Excerpt:

Hunting the Bots

Fou, a prodigy who earned a Ph.D. from MIT at 23, belongs to the generation that witnessed the rise of digital marketers, having crafted his trade at American Express, one of the most successful American consumer brands, and at Omnicom, one of the largest global advertising agencies. Eventually stepping away from corporate life, Fou started his own practice, focusing on digital marketing fraud investigation.

Fou’s experiment proved that fake traffic is unproductive traffic. The fake visitors inflated the traffic statistics but contributed nothing to conversions, which stayed steady even after the traffic plummeted (bottom chart). Fake traffic is generated by “bad-guy bots.” A bot is computer code that runs automated tasks.

piracy and ad fraud - bad guys rip off studios twice

Internet