A Botnet Has Been Stealing Billions Through Digital Ads Aimed at Fake Audiences
The risk of advertising moving online is that the ad is no longer a physical object. Instead it is a bunch of ones and zeros, and it is therefore much more vulnerable to thieves and hackers. Well duh. But it still hasn't really sunk in just how great a risk digital advertising actually could be.
Until now. According to a recent report from ad-fraud prevention firm Pixalate, a sophisticated botnet has been leeching money from digital advertisers by serving up real ads to faked, highly-prized audiences. The botnet, nicknamed Xindi after some Star Trek bad guys, has, by Pixalate's calculations, rung up something like 78 billion ad impressions so far. According to George Slefo of Adweek, Xindi "could cost advertisers nearly $3 billion by the end of 2016."
The ingenious thing about the Xindi botnet is who it targeted. The infection was aimed at Fortune 500 companies, university computer networks, and other groups whose users are usually very sought-after by advertisers. Because the advertisers thought that they were reaching such a valuable audience, they were willing to pay much more, $200 per thousand impressions for some, which compounded the cost of the fraud and made things much more lucrative for the fraudsters.
The botnet also uses some sophisticated techniques to trick the protocols that normally check for ad fraud (see image below) and cover its tracks.
According to Slefo, up to 8 million computers in over 5,000 networks have been infected. This includes hundreds of governmental organizations, thousands of universities, and one-tenth of the Fortune 500. While countermeasures against such fraud can be implemented, because the botnet is so widespread it will likely continue to steal from digital advertisers long into 2016 before it is completely dealt with.
And this will likely not be the last time a problem like this crops up. As we move further and further into the digital era and more of our lives are digitally and electronically controlled, so do more and more parts of our lives that were previously invincible to such schemes become dangerously vulnerable, like our cars getting hacked, or infiltrators getting data on us through the products we buy every day.
As the Xindi botnet shows, we have to be careful and vigilant, or it will cost us.