Here’s a case of huge inventory fraud that ads.txt could vanquish

A recently discovered inventory fraud is a massive lesson in why publishers should adopt the Interactive Advertising Bureau’s (IAB) ads.txt. initiative.

Recently, Adform published a white paper describing how it discovered this “domain spoofing” fraud, which it called “one of the largest botnets to ever hit digital advertising” — about three or four times larger than the famous Methbot fraud discovered 11 months ago by White Ops.

At the end of September, Copenhagen-based ad tech firm Adform began notifying a variety of ad exchanges of a large ad fraud operation that may have been generating at least half a million dollars a day. The FBI and the UK’s Metropolitan Police were also informed.

Adform says that the operation, which it dubbed Hyphbot, has apparently been active at least since August, utilizing a network of data centers. It created over 34,000 domain names and URLs so it could pretend to represent inventory for a variety of publishers, including such premium brands as the Economist, the Financial Times, CNN and The Wall Street Journal.

Advertisers bought space to show their ads on what they thought were those publishers’ sites, working through at least 14 different exchanges and SSPs that issued as many as 1.5 billion requests daily to ad buyers for bids on the fake sites. Hyphbot then employed bots from more than half a million IP addresses — obtained through hijacked personal computers — to generate impressions and video plays of the ads and thus generate income for the “publishers.”

While Hyphbot is still active, Adform says there has been a drop in its traffic. But the real killer could be the IAB’s ads.text effort, which is specifically designed to combat this kind of inventory-based fraud.

Publishers can post on their sites an ads.txt file showing the names and identifiers of the only exchanges or other entities authorized to offer their inventory. This assumes, of course, that the exchanges/SSPs only present inventory from the actual publishers and do not knowingly or unknowingly offer fakes.

Adform Chief Strategy Officer Jochen Schlosser told me that 100 percent adoption by publishers of ads.txt and exchanges could solve the problem of massive domain spoofing like Hyphbot.

But one problem, he pointed out, is that adoption has been slow since ads.txt was introduced about six months ago. In a blog post at the end of October, he wrote:

With the help of our BI team we have run through some major markets and verified the availability of ads.txt sites on the biggest 1,000 websites — the result clearly shows a low adoption rate. Even in the US, the leading programmatic market in the world, where we are expecting (rightfully as you can see) the highest adoption rate, we are still below 50% overall. This means that only allowing buying from ads.txt verified sites would decrease your access to inventory significantly. Looking across other selected countries and regions shows that the challenge exists globally. However, the growth rates are strong and we will continue to monitor this as part of regular blog posts.

Plus, he noted, the implementation of ads.txt has been spotty.

Some publishers, for instance, post an ads.txt file that has not been updated to show all currently verified partners.

Or the identification codes for some partners are incorrect. Or the demand side platforms (DSPs) used by advertisers may not have correctly deployed a crawler to track each publisher’s verified partners.

But, Schlosser acknowledged, if all publishers — or at least all reputable publishers — properly used and implemented ads.txt, massive fraud like Hyphbot “would go away.”