Researchers have uncovered the biggest connected-TV (CTV) ad fraud operation theyve ever seen, fueled with fake ad views seen by bogus eyeballs that actually belonged to a bot network they named ICEBUCKET.
Bot-mitigation security firm White Ops said on Thursday that at its peak January 2020 the ICEBUCKET bot operation impersonated more than 2 million people in over 30 countries.
ICEBUCKET also cooked up 300 publishers out of thin air, then stole advertising dollars by tricking advertisers into thinking there were real people on the other side of the screen. Those were no humans: they were all bots, working to exploit the limited transparency of whats known as the server-side ad insertion (SSAI) platform for measuring video ad impressions.
With SSAI, ads are stitched into the fabric of video content so there are no delays or hiccups caused by launching an ad player. Its commonly used for advertising on several edge devices, such as CTVs, smart phones, gaming consoles and set-top boxes like Roku.
Besides the reduction in latency, advertisers benefit from the ability to target-market. Like plenty of Internet of Things (IoT) gadgets, TV streamed through the internet brings the ability to discern quite a lot about whos viewing it, enabling advertisers to target exactly the type of viewer they think is likely to buy whatever it is theyre selling.
But as White Ops tells it, SSAI is still in its infancy. The firm can see the fraudsters as they discover holes in the system and worm their way through. In the case of ICEBUCKET, theyve done it by spoofing edge devices to make them look like SSAI services.
Theyre sending out ad requests from data centers for those spoofed edge devices. Requests coming from data centers arent remarkable: thats how real SSAI providers do it. But rather than show ads to live humans, the fraudsters are simply calling the reporting APIs to indicate that the ad has been shown.
Theres not a lot of information available to advertisers in an SSAI environment. Its often limited to the device user-agent and IP address. Falsifying information in the HTTP headers is relatively simple, White Ops says. But what makes ICEBUCKET a sophisticated bot attack is the nuance of how its faking those headers.
The end result: advertisers are paying good money for humans to view their ads and, mind you, those are pricey ads to buy, given that targeted marketing going to very specific demographics of humans fetches premium ad dollars but theyre actually playing to home theaters devoid of actual audiences, White Ops says:
The ads that are served either never see the light of day or are never viewed by a human. An audience of sophisticated bots is really just an empty audience.
Using custom code and including standard HTTP headers, ICEBUCKET presented its traffic as coming from a legitimate SSAI provider for a variety of devices and apps. ICEBUCKET assembled requests for ads to be inserted into video content for viewers using CTV and mobile devices, but none of those devices or viewersactually exist. The operation largely used obsolete devices to pose as user-agents: ones that arent used much anymore or that never even existed in the first place.
White Ops says that the IP addresses look to have been algorithmically generated to mimic desirable audiences in other words, the audiences that advertisers pay top dollar to target ads at.
White Ops says that ICEBUCKET is the biggest SSAI spoofing operation thats ever been discovered. Near its peak in January, it accounted for nearly 28% of all programmatic CTV traffic that the firm could see. That translates to around 1.9 billion ad requests per day for the month of January, just from this one botnet.
Most of the programmatic traffic the firm saw going through the SSAI platform 66% was coming from the scheme, while 15% of the mobile ad programming came from ICEBUCKET. Besides mobile devices, the botnet was also working through set-top devices including Roku.
At 46%, Roku was the top device spoofed by ICEBUCKET. Others included Samsung Tizen Smart TV, Google TV (which Google discontinued in 2014) and Android. Roku, for one, confirmed that the impressions were spoofed. After White Ops informed the company about the scheme, Roku checked its internal systems and found that it wasnt showing any ICEBUCKET activity at all on its platform.
What makes ICEBUCKET unique and difficult to stop is that some of its traffic is being generated to benefit app publishers. In some cases, White Ops has seen publishers mix organic and ICEBUCKET traffic. Why? The firm has two hunches: it could be a way to hide the operation by creating obfuscating noise that makes it tough to identify the bogus traffic, with a subset of traffic not benefitting the operation directly, or it could point to fraud-as-a-service.
If it is fraud-as-a-service, the botnet operators are getting paid to generate traffic on behalf of the app publishers. The mix of fraudulent plus legit activity not only makes it harder to detect; it also generates more money for the scheme.
It could be that both of those options are in play, depending on what subset of the traffic youre looking at. But while White Ops cant conclusively determine what the point is of the mixed traffic, it knows one thing for sure: this operation is still going strong.
ICEBUCKET is anongoing operation. The volumes shown in [our illustrations] have not gone down to zero. The fraudsters are still out there, but we are able to execute our bot mitigation and bot prevention techniques to detect them and protect against their attacks; were disclosing this discovery now so others can do the same.
- Voice recordings from domestic violence alerting app exposed on the internet - Security Boulevard - June 30th, 2020
- The lack of women in cybersecurity puts us all at greater risk - The Next Web - June 30th, 2020
- Cascading Security Through the Internet of Things Supply Chain - Lawfare - June 30th, 2020
- How to Build the Right Security Assessment - Security Boulevard - June 30th, 2020
- Apple may have just changed a key part of how the internet works - TechRadar - June 30th, 2020
- Indians most concerned about identity theft - Fortune India - June 30th, 2020
- Deeper Connect Mini: Decentralized, Private and Secure Internet for the People, launching June 30th on Indiegogo. - Yahoo Finance - June 30th, 2020
- Internet of Things (IoT) Security: Technologies and Global Markets - Yahoo Finance - June 30th, 2020
- Could Donald Trump claim a national security threat to shut down the internet? - Brookings Institution - June 30th, 2020
- Internet of Things Security Market Strategic Insights 2020 with analysis of Leading players: Check Point Security Software Technologies, Cisco... - June 30th, 2020
- Global IT Security Market is accounted for xx USD million in 2019 and is expected to reach xx USD million by 2025 growing at a CAGR of xx% : Blue... - June 30th, 2020
- Internet of Things (IoT) Security Market Size, Share, Growth, Revenue, Global Industry Analysis and Future Demand |Globalmarketers.biz - Cole of Duty - June 30th, 2020
- Surge in encrypted malware prompts warning about detection strategies - SecurityBrief Europe - June 30th, 2020
- NexTech AR to supply its video conferencing and virtual events platform to Dallas Independent School District - Proactive Investors UK - June 30th, 2020
- Dutch people are least concerned about safety, survey reveals - IamExpat in the Netherlands - June 30th, 2020
- Only 31% of Americans concerned with data security, despite 400% rise in cyberattacks - TechRepublic - June 24th, 2020
- WatchGuard Technologies Report Finds Two-Thirds of Malware is Encrypted, Invisible Without HTTPS Inspection - GlobeNewswire - June 24th, 2020
- How To Turn Off Firewall In Windows And Mac - Ubergizmo - June 24th, 2020
- OTF's Work Is Vital for a Free and Open Internet - EFF - June 24th, 2020
- Microsoft acquires CyberX to bolster Azure IoT security - Internet of Things News - IoT Tech News - June 24th, 2020
- Partner Content: ESET and Spire Technology on why you need a Password Manager - PCR-online.biz - June 24th, 2020
- Internet of Things (IoT) Security Market to Witness Robust Expansion Throughout the Forecast Period 2020 2025 - 3rd Watch News - June 24th, 2020
- Google is on a mission to stop you from reusing passwords - The Verge - June 24th, 2020
- Marking the 30th Anniversary of the Internet and Cybersecurity Treaty - CircleID - June 24th, 2020
- The Cyberlaw Podcast: Using the Internet to Cause Emotional Distress is a Felony? - Lawfare - June 24th, 2020
- DDoS Protection Market 2020 | How The Industry Will Witness Substantial Growth In The Upcoming Years | Exclusive Report By MRE - Cole of Duty - June 24th, 2020
- Julian Assange Extradition and the Freedom of Bitcoin Bitcoin... - Bitcoin Magazine - June 24th, 2020
- How to become a web developer? - The Tribune - June 24th, 2020
- Frost & Sullivan Report Finds BlackBerry Solutions Address 96% of the Enterprise Threat Landscape - PRNewswire - June 24th, 2020
- EAC to evaluate testing and certification of non-voting equipment - Politico - June 24th, 2020
- Global IT Security Spending Market Projected to Reach USD XX.XX billion by 2025- Check Point Software Technologies, Cisco Systems, EMC, Fortinet,... - June 24th, 2020
- OPAQ Webinar to Share Lessons Learned and Best Practices from Zero Trust Migration Project with TTX Company - Business Wire - June 24th, 2020
- Global Internet of Things (IoT) Security Technology Market 2020 Analysis, Types, Applications, Forecast and COVID-19 Impact Analysis 2025 - NJ MMA... - June 24th, 2020
- Put Your Risk on Mute: Using PKI to Simplify Remote Workforce Security - Hashed Out by The SSL Store - Hashed Out by The SSL Store - June 24th, 2020
- NetNumber Expands Industry Recognized Signaling Firewall to Protect SIP Connections - GlobeNewswire - June 24th, 2020
- How to fight back against Covid-19 scams - Global Banking And Finance Review - June 24th, 2020
- What Will The Crypto Market Look Like In A Post COVID-19 Economy? | Coin Insider - Coin Insider - June 24th, 2020
- US: Congress Should Back Open Technology Fund - Human Rights Watch - June 21st, 2020
- David Pratt: Will the next global pandemic take place online? - The National - June 21st, 2020
- Global Internet of Things (IoT) Security Industry Market Insights, Opportunity, Analysis, Market Shares & Forecast 2020 2027 - 3rd Watch News - June 21st, 2020
- Facial recognition to play key role in travel reopening as biometrics industry weighs social responsibility - Biometric Update - June 21st, 2020
- 'IT Act does not protect freedom of speech' - The Sunday Guardian - June 21st, 2020
- In Depth Analysis and Survey of COVID-19 Pandemic Impact on Global Distributed Denial Of Service (DDoS) Protection Market 2020 Key Players A10... - June 21st, 2020
- Cyber Liability Insurance Market (USD 4.6 Billion) Will Grow At A CAGR of 11.12% During Forecast Period 2020-2025 (Impact Analysis of COVID-19) - 3rd... - June 21st, 2020
- Internet of Things Security Market research report presents a thorough study on the overall market by Application Forecast To 2020 - Surfacing... - June 21st, 2020
- Global Internet of Things (IoT) Security Product Market 2020 SWOT Analysis & Key Business Strategies by Leading Industry Players and Forecast 2025... - June 21st, 2020
- Knoxville still quiet on ransomware attack and what's being done to fix it - Knoxville News Sentinel - June 21st, 2020
- Indias digital workforce needs secure software. Testing, not banning apps, is the answer - ThePrint - June 21st, 2020
- Bolton book can be released, but conduct 'raises grave national security concerns' - ABC News - June 21st, 2020
- Broadband Connection Disconnected: Things You Can Do To Fix It - TelecomTalk - June 21st, 2020
- Former Google CEO Eric Schmidt says there's 'no question' Huawei routed data to Beijing - CNBC - June 21st, 2020
- Dating Apps Exposed 845 GB of Explicit Photos, Chats, and More - WIRED - June 21st, 2020
- Internet Security Software Market: Qualitative Analysis of the Leading Players - News by aeresearch - June 11th, 2020
- Global Internet Security Market 2020 by Manufacturers, Size, Development Analysis, Applications and Forecast to 2025 - Cole of Duty - June 11th, 2020
- Internet Security Software Market 2019 Break Down by Top Companies, Countries, Applications, Challenges, Opportunities and Forecast 2026 - Cole of... - June 11th, 2020
- Internet Security Software Market Impact Of Covid-19 And Benchmarking. - Personal Injury Bureau UK - June 11th, 2020
- Drivers is Responsible to for Increasing Internet Security Software Market Share, Forecast 2027 - Cole of Duty - June 11th, 2020
- Webroot Internet Security with Antivirus Protection Software | 3 Device | 1 Year Subscription | PC Download - The Report - June 11th, 2020
- Endpoint Security Market to Cross US$ 10,026 MN by 2026, Growing Adoption of Work from Home Services to Favor Growth: Fortune Business Insights -... - June 11th, 2020
- Internet of Things (IoT) Security Market 2019 Break Down by Top Companies, Countries, Applications, Challenges, Opportunities and Forecast 2026 - Cole... - June 11th, 2020
- Yukon's Gurdeep Pandher tries to spread some joy on social media - Lindsay Advocate - June 11th, 2020
- Microsoft Windows users in UAE advised to install security updates - Khaleej Times - June 11th, 2020
- Clear guidelines for remote work will boost security and control access - TechRepublic - June 5th, 2020
- Mozilla Funds Meething to Help Fix the Internet - GlobeNewswire - June 5th, 2020
- The Internet of Bodies is here. This is how it will change our lives - World Economic Forum - June 5th, 2020
- Crowdstrike CEO explains how the future of remote work and security will look - CNBC - June 5th, 2020
- Mocana Recognized as Industry Leader in Cybersecurity and the Industrial Internet of Things - GlobeNewswire - June 5th, 2020
- SC Awards Europe 2020 - CISO/CSO of the Year - SC Magazine UK - June 5th, 2020
- Spike in cryptojacking attempts on devices here, says cyber-security firm - The Straits Times - June 5th, 2020
- The impact of spycraft on how we secure our data - ComputerWeekly.com - June 5th, 2020
- 4 Common Online Frauds That You Need to Know - Techjaja - June 5th, 2020
- This $350 "Anti-5G" Device Is Apparently Just a USB Stick - WIRED - June 5th, 2020
- Cloud DDoS Mitigation Software Market Potential Growth, Share, Demand And Analysis Of Key Players- Analysis Forecasts To 2026 - Cole of Duty - June 5th, 2020
- India wants to be a 'partner of the global economy' in its manufacturing push, minister says - CNBC - June 5th, 2020
- Amid the COVID-19 crisis and the looming economic recession, the Web Content Filtering market worldwide will grow by a projected US$3 Billion, during... - June 5th, 2020
- Mozilla VP of IT: How to stay secure while remote working - BusinessCloud - June 5th, 2020
- 6 ways to delete yourself from the internet - CNET - June 5th, 2020
- Is COVID-19 Making the Internet Sick? - Government Technology - May 27th, 2020
- Thanks to Physics, This Chocolate Is Iridescentand Safe to Eat - Smithsonian.com - May 27th, 2020
- $100 million in bounties paid by HackerOne to ethical hackers - BleepingComputer - May 27th, 2020