The FBI in collaboration with more than 15 technology companies and security agencies from different countries dismantled two international cybercriminal rings called 3ve and Methbot. They used digital advertising to commit fraud.
The 3ve is considered one of the largest and most sophisticated ad fraud networks detected so far. It used malware to infect machines and then create a botnet-based scheme.
According to the government, the groups stole more than USD 35 million using "sophisticated computer programming and infrastructure around the world to exploit the digital advertising industry through fraud".
The Department of Justice unsealed a 13-count indictment against eight men, from Russia, Kazakhstan and Ukraine. The charges include money laundering, wire fraud, aggravated identity theft, and computer intrusion.
3ve: a botnet-based scam
The 3ve used a global botnet network. The criminals infected computers with malware and then used them without the victims knowing. It’s estimated that 3ve has infected about 1.7 million PCs with malware in the United States and elsewhere in the world between December 2015 and October 2018.
Once they had access to the computers, the fraudsters used hidden browsers to load ads onto fake webpages created by themselves. The indictment alleges that the scheme caused a loss of USD 29 million to companies that never had their ads seen by real users.
Methbot: a datacenter-based scam
The Methbot acted a little differently. Criminals had commercial agreements with companies to receive payments in return for placing ad tags on websites. But, instead of putting the tags on real websites, they rented more than 1,900 computer servers and loaded the tags into fake ones.
To make the fraud looks real, the fraudsters programmed the computers to simulate human activities, such as moving the mouse around and scrolling down a page. The government claims that the falsification has caused financial losses of USD 7 million between September 2014 and December 2016.