Google Opens The (Vaultlike) Door To Its Anti-Fraud Team For The First Time

In Februrary, 2014, Google acquired the small but potent anti-fraud firm spider.io. In 2013, London-based outfit, headed by Douglas de Jager, gained attention for discovering the Chameleon botnet that infected over 120,000 computers and cost advertisers over $6 million a month by serving up over 9 billion of fraudulent ad impressions.

At the time of the acquisition, I wrote that de Jager would now stand to have a much bigger impact on shaping the way the industry as a whole fights fraudulent ad traffic from inside the biggest seller of online advertising. AdAge’s Alex Kantrowitz embeded with the team and, in a great read shares what de Jager and his group of more than 100 in Google’s anti-fraud unit have been up to. It marks the first time Google has opened the doors to its secretive anti-fraud team (other team members quoted in the article declined to give their last names due to safety fears given they’re trying to beat cyber criminals sucking billions out of the industry).

Digital advertising is, as de Jager describes it, the last frontier (until the next thing comes along) for hackers now that security measures in the banking, credit card and bitcoin markets have tightened and made malware much less profitable. “We’re at a point now where malware is being used principally for ad fraud,” de Jager told Kantrowitz. And it’s becoming more and more sophisticated.

The hands-on examples and visualizations the team shares are particularly interesting. The group uses a super-charged computing system dubbed Powerdrill to analyze traffic. Here’s one scenario:

Another member of the team, Phil, slid up to the monitors and opened a Powerdrill screen showing a monster piece of traffic originating almost entirely from four IP addresses and one web server. The traffic, clearly all the work of some central entity, generated 100 million ad clicks on a single Google network over the course of just ten days. “This is real traffic,” Phil explained. “This is using data from three days ago.”

Turns out, however, that this isn’t botnet traffic, it’s coming from an ad verification service, that for whatever reason has chosen to pass itself off as “human”, and it’s still live. “This has potential to be artificially inflating the clickthrough rate of advertising campaigns quite significantly across the board,” Phil noted.

In another first, Kontrowitz adds, the Google team will soon start publishing information on bad traffic, with disclosures on their findings from the type of traffic created by that ad verification company to details on certain botnets. The hope is others will also share their own findings in an industry effort to make malware as unprofitable in digital advertising as it’s become in other sectors.

Check out the full article, Inside Google’s Secret War Against Ad Fraud.