The internet changed and the world changed with it.  

In the past, the web was a place of freedom and anonymity.  Today, almost all of our activity takes place on centralized platforms that operate massive data gathering operations.  Every website we visit, every product we buy, every video we watch.  When we look at the web today, the web looks back.

What do they do with this data?  What advantages or upper hand does it grant to the businesses who collect it?  And most significantly, what does it mean for the competitive landscape when it can be gathered clandestinely by third parties - or even adversaries?

At best, it is a market made cutthroat, with corporate espionage no longer an edge but now a necessary part of doing business.  At worst, it is a world at war, where mercenary security firms are pitted against criminal enterprise operating at previously unseen levels.  It is bridge hacks and ad fraud, stagecoaches and train robberies for the 21st Century.  The lawless frontier of our own Wild West.

In the past, we've defined this new period of weaponized web data as the age of data wars.  We've pointed to ways that companies can thrive with its tools, scraping prices from each others’ websites or scraping inventory numbers and striking during moments of weakness.  But not all data wars are created equal: some represent healthy competition between legitimate businesses, while others involve predatory actors and premeditated malice.

Today, for the first time, we’ll explore this side of the internet.  Our topic is advertising, the lifeblood of the digital age: how it functions normally, how it is targeted by cybercriminals who manipulate it for unimaginable profit, and how residential proxy networks - a medium for cloaked anonymity on the web - can be used by advertisers to deliver themselves from exploitation.  We now present a gentle introduction to the world of ad fraud and the ways that Grass can combat it. 

These are the data wars, and this is its underbelly.

Online Advertising

To understand the story, you need to understand ad tech.  

First, think of the things you do on the internet every day of your life.  You read articles, watch YouTube videos, listen to podcasts, check social media.  To us, these things are second nature - like public resources that everyone partakes in.

But all of these activities have one thing in common: you’re consuming material that somebody else had to create.  What was their motivation?  While you’re logging on to enjoy the content, they’re likely producing it for their own reasons: to gain a following and eventually monetize.  But where does that money come from?  If we’re not paying for this stuff, who is?

Enter the world of digital advertising.  It involves a number of connected parties and the pipeline follows a consistent pattern: 

1. Companies launch a product 
2. Ad agencies produce an ad 
3. Ad networks connect them with a seller (publisher)
4. Publishers create content and build an audience
5. Audiences view content and buy the product

This seems intuitive enough, but if you read closely, one part doesn’t make sense.  Why did we call the publisher the seller in Point 3?  If Company A is launching a product, aren’t they the one doing the selling?  

Here we can glean some insight into the nature of the ad market, because in order to understand it, we need to change the way we think. 

Like any market, it takes a resource and connects buyers and sellers.  In this case, though, the resource is attention.  You probably assumed, like a normal person, that the audience are the consumers and the content is the product.  In fact, it’s the other way around: the ad agency is the buyer, and the viewers are the product.  What is for sale here, simply put, is you.

Under the cost-per-click model (CPC) of digital advertising, content publishers build an audience and advertisers pay for impressions.  This means that every time an ad produces a conversion - when a view becomes a click - the platform is “selling” your time to the advertiser.  Remember that next time you click an Instagram ad - consider saying, “You’re welcome.”

Okay, so where do ad networks fit into this?  

If ad agencies and content platforms are counterparties in these transactions, ad networks are the market makers.  It takes a huge amount of effort and insight to match advertisers to an audience that matches their product, and networks act as this intermediary - often by buying ad space in bulk and reselling it to companies on their own.  So their job isn’t just to connect buyers and sellers, it’s to find a home for each ad that will maximize its impact.  

This is where the story gets interesting.  If advertising networks are buying impressions in bulk and selling them on their own, it means the buyers never actually interact directly with the platforms or audience.  How much oversight is there on what’s actually happening behind the scenes?  In other words, if one party could control the publishers, the viewers, and the networks themselves, what would stop them from artificially generating as many clicks as they wanted and charging advertisers whatever they pleased?

As it turns out, we don’t have to wonder.  One man spent the 27 months between September 2014 and December 2016 answering that question, and the criminal organization he created earned up to $5 million a day doing it.  As the world would learn five years later, his name was Aleksandr Zhukov.

Methbot

This is how things would work in a normal world:

Aleksandr Zhukov is a Russian national with a background in computer science and a passion for digital advertising.  He decides to dedicate his life to finding high quality businesses and helping them present their products to curious internet users.  To that end, he founds a company called Media Methane and sets up shop in Russia and Bulgaria. 

Media Methane, like most ad networks, has one job: form relationships with apps and websites and sell ad placements for the products that best align with their audiences.  Through their access to comprehensive behavioral data, Media Methane excels at delivering the right ads to the right people, and customers receive a healthy amount of conversions from an interested public.  Sales skyrocket and everyone is overjoyed.  Aleksandr gets rich.

Now, it may shock you to hear this, but that’s not what happened.

Media Methane did make deals with businesses and other ad networks, and they did receive millions of dollars selling ad placements to them.  But for all of the impressions they offered advertisers, absolutely none of them were real.  Media Methane’s entire network was fabricated and the people viewing its ads were actually bots. The network’s name was Methbot.

At the time, Methbot was the most ambitious case of click fraud ever attempted.  Here’s how it worked:

First they needed publishers, so they built the websites.  Over 6,000 different domains designed to look exactly like famous brands.  Make a clone of WSJ.com, but call it TheWallStreetJournal.com.  Copy Nike.com exactly, but host it at NikeAthletics.com.  Anything to trick advertisers into thinking you represent a multi-billion dollar company.

Next they needed an audience, so they rented the servers.  They built out the infrastructure for Methbot using data centers in Dallas and Amsterdam, ultimately working through 1,000 nodes and commanding an incredible 500,000 IP addresses - all registered to appear as individual American internet users.

Finally, code was developed so that servers in the data centers would open browsers, visit websites, simulate mouse movement, and - most important of all - click on ads.  At its peak, the bots hosted on Methbots servers viewed 300 million daily videos, generating $0.013 for each view and pulling in $3 to $5 million every single day.  

Media Methane then engaged with advertisers to sell tons and tons of ad space on these fake sites.  To the companies, it looked as though they were engaging with a legitimate business.  They would pay good money to advertise their products on high-profile websites, and Media Methane would come back with blockbuster engagement numbers.  But all along, sales were flat.  There was no corresponding increase in business, because no actual consumers were viewing their ads.  They were paying millions for absolutely nothing.  Methbot was just robbing them blind.

Ultimately, Methbot’s activity caught the attention of a private security firm called WhiteOps, who gathered evidence and contacted the FBI.  It was Zhukov’s own arrogance that sunk the operation in the end - after a deal with a customer went wrong, he spammed their ads with millions of fraudulent views to retaliate.  Through this, they were able to connect the IP addresses and locate one of the data centers.  Zhukov was sentenced to 10 years in November of 2021, and justice was finally served.

Solutions

So is that the end of the story?  It’s great that futuristic bands of vigilantes are tracking down Russian crime syndicates and bringing them to justice, but it’s limited comfort to existing ad companies.  You have to imagine they’d be looking for ways to stop ad fraud before losing millions of dollars.  

Well, it just so happens there’s a tool for that.  You may know it as a residential proxy network. 

In order to avoid being duped by botnet schemes like Methbot, it’s very important that advertisers and ad networks carry out a rigorous process called ad verification.  This means that after an ad goes live on a specific publisher’s platform, they continue to monitor the campaign to make sure it meets the terms of the agreement - that the site is correct, the link goes to the right URL, and the proper content is showing based on audience and geolocation.  

For a variety of reasons, this process is best done using residential proxies.  For one thing, ad campaigns are frequently targeted towards specific geolocations.  Say Ford makes pickup trucks in Detroit, but they want to show ads in Alabama.  It’s not enough to verify how the ad looks from a computer in Detroit - they would want to check the web from an Alabama IP address.  Bam - residential proxies to the rescue.

The thing is, these problems tend to scale with size.  If you launched an ad campaign in every major city in America, it’s altogether possible that a fraudster could sell you legitimate ad space, but pad their numbers by running fake ads that only appear in Cleveland.  To prevent this, you really need to do ad verification in every market at once.  Impossible from a single IP address, but proxy networks allow an unlimited number of concurrent requests, which means companies can monitor ad campaigns in an unlimited number of markets at one time.

Finally, fraudsters know all about the ad verification process and actually take steps to circumvent it.  When companies attempt to view fraudulent ads from a data center, malicious websites will block their IP addresses to prevent them from performing ad verification!  This is one more reason why residential proxy networks are an absolute necessity when performing verification - companies can check their ads all over the world from millions of unique IP addresses, ensuring beyond a shadow of a doubt that fraudsters cannot go unseen.

As the world of online commerce continues to grow more sophisticated, new types of data wars appear between economic actors in nearly every industry.  One consequence of this is that, in ways that were unimaginable a few years ago, remote criminals on the other side of the world can bilk everyday businesses for massive sums of money.  Countermeasures and precautions become necessary, and again and again, we see that there is no tool more invaluable for fighting back than residential proxy networks.  

So keep that in mind whenever you log on to check the dashboard and view your own progress.  By powering the Grass network with your internet connection, you’re not just earning rewards - you are providing the resources for ordinary people to fight back against the digital underworld. 

Authored by Yield Aggregator (for Frogs Anon) & Wynd Network Team