Meet MethBot: Russian Hackers Exposed For "Biggest Ad Fraud Ever"

Tyler Durden's picture

With Facebook admitting to numerous errors in its advertising metrics, news that a group of Russian criminals are making between $3 million and $5 million every day in a brazen attack on the advertising market appears prescient. Amid headlines of "fake news" and censorship, Forbes exposes Methbot - the biggest digital ad fraud ever uncovered and perpetrated by faking clicks on video ads.

As security firm WhiteOps - who discovered the fraud - explains...

Controlled by a single group based in Russia and operating out of data centers in the US and Netherlands, this “bot farm” generates $3 to $5 million in fraudulent revenue per day by targeting the premium video advertising ecosystem.


read more here...

As Forbes' Thomas Fox-Brewster explains, the crew, which White Ops dubbed Ad Fraud Komanda or "AFK13", planned their machinations in meticulous detail.

First, they created more than 6,000 domains and 250,267 distinct URLs within those that appeared to belong to real big-name publishers, from ESPN to Vogue. But all that could be hosted on the page was a video ad.


With faked domain registrations, they were able to trick algorithms that decided where the most profitable ads would go into buying their fraudulent web space. Those algorithms typically make bids for ad space most suitable for the advertisement's intended audience, with the auction complete in milliseconds. But AFK13 were able to game the system so their space was purchased over big-name brands.


AFK13 then invested heavily in a bot farm, taking up space in data centers so they could fire faked traffic from more than 570,000 bots at those ads, thereby driving revenue thanks to the pay per click system they exploited.



As part of what White Ops called the Methbot campaign, those bots "watched" as many as 300 million video ads a day, with an average payout of $13.04 per thousand faked views. And the fraudsters had their bot army replicate the actions of real people, with faked clicks, mouse movements and social network login information.




It's unclear where the Russian link comes from. Eddie Schwartz, chief operating officer at White Ops, told me the company found links between the data centers and the "unique signals" used by the hackers. He couldn't provide more details for fear of revealing too much about White Ops' methods. Nevertheless, he claimed to have "direct attribution" for those behind the crime.


"We have zero doubt this is a group based in Russia, it's a single group. We've actually been working with federal law enforcement for weeks now," Schwartz added.

Finally Fox-Brewster concludes worryingly, the fraud could be even bigger than reported today.

"Because White Ops is only able to analyze data directly observed by White Ops, the total ongoing monetary losses within the greater advertising ecosystem may be exponentially greater," the company wrote in its white paper.


"At this point the Methbot operation has become so embedded in the layers of the advertising ecosystem, the only way to shut it down is to make the details public to help affected parties take action."

Makes one wonder just how 'real' the internet spend metrics are?

Comment viewing options

Select your preferred way to display the comments and click "Save settings" to activate your changes.
USisCorrupt's picture

Rudy Giuliani BLOWS Pizzagate WIDE OPEN today Dec 20th !


Looney's picture

They just keep pushing the "Russian Hacking" lies...

The Libtards are so pissed NOT because they lost the election, but because they didn’t get a… Participation Trophy.

Isn’t it what they’ve been teaching and taught – “Victories don’t matter, it’s the Participation that counts”?  ;-)


flaminratzazz's picture

I heard hillary did get a trophy but broke it throwing it at Podesta

froze25's picture

I think the Giuliani Twitter PizzaGate thing is Bull $hit. Looks like a face twitter account, his legitimate one is Mayor Rudy Giuliani or @RudyGiuliani

Shemp 4 Victory's picture

Hillary campaign donations ended up going to Russian hax0rz?

Best. Election. Ever.

BennyBoy's picture


The only way ZH can be sure that 100% real humans are viewing ZH is if they use an ad blocker. But then no ads are viewed, no revenue (only humans use ad blockers, no ad fraud bots do).

About 25% of ZH viewers use ad blockers. They are all humans.

The other 75% of ZH viewers are 50/50 bots and humans. And the bots are growing at a much, much faster rate than new viewers. This is true for many publishers.


Boris Alatovkrap's picture

First #FakeNews, now is #FakeAdvertising… maybe is just time call whole FaceBook thing what it is, waste of time #Sham.

dirty belly's picture

Fake books give you just what you need to "fake" your own version of a song: lead sheets with melody, lyrics and chords. Hal Leonard has dozens of fake books for all musical genres to ensure you can play the music you want or need to play!

Come on!

Get with it!

Catch Up!

You Are Way Behind!

Head_Shots_Work's picture

So you rename it Fakebook? Really - who cares if Russkies get millions of libtards dollars? After all - where is this money coming from? From Google and Yahoo (and their investors). I never have and will never invest in such useless technology - I prefer something I can put my hands on. Always. Ha hah. No not that, well, that also. 

Mustafa Kemal's picture

We thought of starting Assbook as an alternative to Facebook, but I like Fakebook better.

beemasters's picture

A transfer of wealth from corporations all over the world to Russia. Well, it's a season of giving, after all.

Billy the Poet's picture

The money for ads comes from those who buy the ad space, big guys and little guys both.

Automatic Choke's picture

and who is surprised?    the whole house of cards of net ad $$ comes tumbling down.

myne's picture

I only adblock ZH because of the fucking browser hijacks they refuse to get rid of. I didn't win an iPhone. I don't have a fucking virus and I hate having to hit back 50times.

Get rid of those and I'll unblock. 

Muppet's picture

ZH voting causes: 1. A long-running script pop-up or 2. The webpage restores to its top and you must rescroll back to where you left.   This began with the ZH mobile-friendly change.

skirmish's picture

I use ad blockers at home but not at work where I do my morning ZH'ing. I use Adblocking at the router so it stops malicious vectors penetrating the LAN. with = magic!!!

subversion's picture

Correct. It is not his Twatter account.

USisCorrupt's picture

froze " I think" You don't know FUCK! Prove it wrong " I think " is BULLSHIT.

What are YOU a Prdophile too?

Billy the Poet's picture

The burden of proof is on you. Start with RG's real Twitter feed:

froze25's picture

I got to give it to the "Hackers" they really made some cash and are going to expose how fake the advertising revenues are from Facebook and others.

greenskeeper carl's picture

Ya I couldn't care less about that. Making money ripping off fake as traffic generators who exist data mining us all and invading our property. Fuck them all. They screwed over the very people who, aside from liberals, of course, make the Internet so annoying.

Billy the Poet's picture

If folks who purchase ad space on websites stop doing so then the web will become pay-per-view.

Antifaschistische's picture

My shopping preferences should be MY OWN intellectual property and others should not be able to sell it.   I'd like to see the ACLU tackle this one.   If an individuals preferences have "value", then the individual should benefit from the sale of that information.

Billy the Poet's picture

The free market would take care of this by offering a No Snoop version of websites if there was a free market. But with the CIA's venture capital arm funding start ups like Google and Facebook and building them into behemoths the game is rigged.

dark fiber's picture

When you have a shit business model people will take advantage of it.  You also need people to take advantage of it to justify the eventual inevitable failure of your shit business model.  So play victim and blame the Russians.  The new trend.

Billy the Poet's picture

The Internet advertising business model obviously does work because advertisers buy the space even with the expense of frauds such as this. Extra costs associated with fraud are simply passed onto the consumer just like shoplifting costs are passed on in the brick and mortar world.

scrappy's picture

I would tend to believe this one Looney.

SixIsNinE's picture

and this gives a perfect out for Fakebook faked ad revenue baloney. 

Russkies !  Russkies did it!  Read all about it !

Fakety Fake Fake Fake  - get Washing & Huffing Poo on it


Fiscal.Enema's picture

Zero Hedge?? Are you out there?... Suspend USisCorrupt......

The Wizard's picture

I would like to ask USisCorrupt where he picked up the information and trace it back to who originally posted disinformation. Those who intentionally post disinformation are often complicit in what is being represented as true information. If USisCorrupt is a troll bot trying to do a cover up, dump the account.

nightwish's picture

Anyone read that last paragraph? This is a synechdoche for the system as a whole and the liberal us govt establisment in oarticular. The public must be made aware before problems can be fixed. Que wikileaks.

dietrolldietroll's picture

ummm, no. fake twitter account.

Winston Churchill's picture

Rudy just got his come to Jesus moment and posted an open letter on twitter.

twitter has suspended his account.Now he's an unperson.

VOAT still has screen captures of it.Now what about his involvement in 9-11 ??

Poor Rudy is about to have a fatal accident.

Billy the Poet's picture

Rudy Giuliani BLOWS Pizzagate WIDE OPEN t


Fake account has been suspended which is why the link goes to archive. Here's RG's real Twitter feed:



lew1024's picture

No, that is absolute BS, wasted my time checking.

Unless, of course, they really do have CGI that good, but I would probably know that.  We all would, the videos I see and voices that call me would be indistinguisable from real, and I don't think they ever are, although some were close.

King Tut's picture
King Tut (not verified) 44MagnumPrepper Dec 20, 2016 2:42 PM

Is this how ZH garners big name advertisers like financial companies?

silverer's picture

I'm glad the Russians are doing that. Couldn't happen to a more deserving bunch of elitists. Internet advertising doesn't work because the thought wasn't going into really helping advertisers in the first place. It was set up to generate revenue for the big boys. Set up wrong in the first place, therefore the abuse occurs.

KJWqonfo7's picture

Unleash the lawsuits!!!


and the Kracken

Freddie's picture

I wish the Russians would destroy Facebook and create an honest competitor. Ditto with shitty Google.  Also F Amazon and eBay.

Billy the Poet's picture

Internet advertising doesn't work because the thought wasn't going into really helping advertisers in the first place


The ads come from advertisers large and small who wouldn't continue to buy ads if they didn't generate revenue.

Dilluminati's picture

Laughing.. the media that Hillary thought she was buying for her billion dollars spent on the last election was pissed away on botware!

Hillary Clinton pissed away a billion dollars, blame the bot!


silverer's picture

Oh wait! She PAID the Russians to hack the elections?!? Now it finally makes sense! lol

Ignatius's picture

Just warms the heart to know that and to see how Russians have taken to Western business practices.

gregga777's picture

Blame the evil dumb cunt.