ADOTAS – Deep within the Shanghai Technology Institute and other Chinese technical universities, criminal plots were brewing. On Chinese social media sites, students were sharing information and colluding to establish a click-fraud ring, the size of which the interactive advertising industry had never witnessed.
However, after a thorough investigation, Anchor Intelligence pulled down the lever and shut off the revenue stream to tens of thousands of false publishers in a crackdown on DormRing1, the largest click-fraud ring ever discovered. Bogus clicks were generated by more than 200,000 tainted IP addresses on the ads of 2,000 advertisers across numerous ad exchanges. Anchor Intelligence, which monitors click activity for suspicious behavior, estimates the ring could have cost advertisers more than $3 million dollars over the course of a year.
The click-fraud ring gained its moniker as it was believed to be mostly composed of students in Shanghai. After noting suspicious activity, an ad network investigator who spoke Mandarin Chinese went undercover on various Chinese social media sites and bulletin boards to gather information. After gaining the trust of several ring participants through performing favors, the agent was able to discover the massive scope of the operation.
Once Anchor Intelligence pulled links from various duplicitous publishers and felt confident it had the right targets, it told its networks to yank ads and kick publishers off of exchanges. Emails, IP addresses and URLs were blacklisted — since the raid, many of these have been abandoned and remain dormant.
In addition, Anchor worked with the Federal Bureau of Investigation’s San Francisco branch and the National Cyber-Forensics & Training Alliance (NCFTA), a coordinated effort between law enforcement, academics and industry representatives aimed at stemming the spread of cyber crime.
“We’ve worked with the Anchor team on several occasions to better understand the tactics used by online perpetrators,” says Ron Plesco, president and CEO of the NCFTA. “Anchor Intelligence’s innovative and instructive work in the area of click-fraud detection and ad traffic monitoring has been extremely valuable in our collaborations to investigate cyber criminals.”
However, while Anchor eagerly shares information with law enforcement officials, Richard Sim, vice president of product management and marketing for Anchor, said that actually prosecuting the perpetrators of click-fraud crimes is quite difficult. Instead the information is often used to bolster charges of credit card and identity theft as the criminals usually have their fingers in many pots.
Though there are cyber crime prevention initiatives that cross borders, rings such as DormRing1 tend to flourish in developing countries as more susceptible network infrastructure makes it easier to compromise IP addresses and networks. Anchor noted that similar rings have popped up in Southeast Asia and India, while the United Arab Emirates is also a hotbed. The size of DormRing1 was an anomaly — most of these rings involve anywhere from a few dozen fake publishers to thousands of them.
While a Wall Street Journal article recently tied the rise in fraud-clickers with the economic downturn, Sim cited growing sophistication and coordination among ring participants and the expansion of ad exchanges as playing large roles in the increase of fraud activity.
“Ad exchanges bring efficiencies, but opening up the ecosystem leaves it more exposed for criminal activity,” he said. Ad exchanges represent layers of networks and publishers; trying to seal up the fissures is akin to “plugging holes in a well.”
That’s where companies like Anchor Intelligence as well as DoubleVerify and AdXPose come into play. Using sophisticated models that gauge every possible permutation, Anchor can detect inordinate clicking from a suspect IP or odd facets of a collection of publishers. With the downturn, advertisers have been flocking to these services to determine if their ads are actually generating results.
The irony, Sim pointed out, is that monitoring for fraud has also helped predict behavioral trends, offering new outlets for companies such as Anchor.
“We’ve transitioned beyond just looking for fraud and are now helping companies understand traffic by using models on the fraud side to predict conversion rates,” he said. “When you’re trying to identify fraud, you’re basically trying to predict user intent.”