The project, known as "3ve" (pronounced "Eve"), was described by the dismantling team as a "very complex and ever-changing maze". What began as a small botnet operation, discovered for the first time in 2016, has grown to scale up, using Boaxxe and Kovter malware packages to infect PCs. Both were spread by trapped emails and reader downloads, hijacking devices that would generate fake clicks on ads and give its operators large sums of money from tricked ad networks. Attackers would create huge systems of fake websites that would receive ad agency offers and then send infected computers to sites to collect advertising revenue.
"3ve operated on a large scale: at its peak, he controlled more than a million IP addresses from home botnet infections and IP business spaces, mainly in North America and Europe (for comparison, this figure exceeds the number of broadband subscriptions in Ireland)., "Google said in its summary of the operation this week.
"It had several unique sub-operations, each of which was a sophisticated system of advertising fraud, and soon after we started to identify the massive infrastructure (including thousands of servers spread across many data centers) used to Hosting 3ve's operations found a similar activity on a network of home computers infected with malware. "
According to Google, "the size and complexity of 3ve represented a significant risk, not only for advertisers and publishers, but also for the entire ecosystem of advertising". In fact, the global digital ad industry is estimated at about $ 250 billion, but advertising fraud is one of the most profitable and least risky crimes. According to the World Federation of Advertisers, advertising fraud should be surpassed only by the illicit drug trade in terms of annual revenue – it is estimated that $ 19 billion was stolen this year only by fraudsters.
"We had to stop the operation permanently, which required larger and more computed measurements," said Google. "To that end, it was essential that we play the game long, trying to have a more permanent and powerful impact against this operation and future advertising fraud operations." Google then formed a working group of 16 organizations that included security vendors and law enforcement officials, including the US Department of Homeland Security and the Crime Complaints Center. on the Internet from the FBI. After several months of observation of the operation, the group launched a full stop that blocked 3Ve traffic in the space of only 18 hours.
Advertising fraud is low risk and potentially lucrative, but it is unusual for perpetrators to face criminal charges or significant consequences. The charges brought today by the Department of Justice clearly indicate that it recognizes advertising fraud as a serious crime. As Richard P. Donoghue, US Attorney for the Eastern District of New York, commented, "This case sends a powerful message: our office, as well as our law enforcement partners, will use all of our available resources to target and dismantle these costly schemes and bring them to justice wherever they are. "