2016 introduced us to the lethal weaponry of DDoS attacks on a scale unseen in previous years. A favorite entry tactic was the use of IoT devices like malware botnet called Mirai. The hitlist included AirBnB, Amazon, GitHub, Spotify, Tumblr, Twitter, and Xbox. More recently Lloyds Bank was attacked with new versions of the Mirai malware botnet. We are seeing malware morph as seen in adtech by the HummingWhale.
Adtech cyber crimes continue HARDER, FASTER, BETTER, and STRONGER. Most recently an adtech botnet called MethBot generated millions of dollars per day with 6,000 domains, 250,000 URLS, and 500,000 IP addresses. The MethBot was clouded in two different locations with a custom browser and random mouse movements to mimic humans. This will morph into a newer version in 2017.
This is the tip of the iceberg of what’s going on in the adtech eco-system. Fraud is running rampant in adtech creating major conflicts of interest seen with the Criteo and Steel House lawsuit.
Fake adtech estimates are from $7B to $18B per year. The size of the ad fraud iceberg is closer to $100B+ per year…
Malware is on the rise and will continue. Wherever there is money to be made, fraudsters will be there. Ad fraud affects the entire eco-system of ad tech from the advertisers, publishers, exchanges, and the adtech systems used. The survivors will be the ones creating value for their clients with ROI.
With fake news so abundant, it makes you wonder and question. Who am I? Does that question start popping into your head? This is a question that Joe Dirt and Derek Zoolander asked throughout their fake lives. Although fake news is fake, a deeper level of fakeness must be asked when looking at fake AdTech analytics. An old saying comes to mind, “Garbage in is garbage out.”
We are now seeing proof of how much fake news and media is coming out of major publishers. Google ($GOOG) and Facebook ($FB) released news that they are going to censor fake news. This seems like a surprise to them considering all their fake news prior to the announcement was fine. One must ask, how long has Google and Facebook known about their fake news and media? What else are they hiding? If you’re willing to jeopardize the cornerstone of your business model, there must be more secrets.
Well, as we found out, Facebook has another “Glitch”. Similar to the movie Money Monster with George Clooney and the high frequency trading “Glitch”. The last “Glitch” Facebook had was in September. Their new “Glitch” in November shows Facebook fake metrics miscalculated analytics to their marketing clients again. This can also be seen as fake AdTech analytics. Again, they are proving how fake they are to their clients and their money mongering mindset.
Because of their continued conduct of fakeness, a bullshit detector plugin has appeared for Google Chrome. Publishers haven’t learned any lessons with ad blockers and now we see bull shit detector plugins which will block their fake news and media.
We are now living in a world of fake news, media, and AdTech. To eliminate this problem, it’s now suggested to have 3rd party vendors verifying ad traffic. The trust of these behemoths is forever lost.
AdTech is undergoing massive changes lately. One of the biggest casualties of this disruption are digital publishers. We recently saw Yahoo sell for $4.6B to Verizon ($VZ) which in 2008 was offered $44B from Microsoft ($MSFT). Disruption can also create winners. It creates opportunities for value seen only by visionaries. AdTech is still advancing with changes in this early market structure.
- Market efficiencies are still needed in this defragmented market.
- Fraud continues to be a major part of the ecosystem.
- Inefficient players will be wiped out.
- Ad blockers are a sign of a broken system.
- Lack of transparency is a problem.
- Decreasing CPM.
Innovation and creating value in the ecosystem is a must for survival. The players that continue to lack value will be purged from the ecosystem. This can be seen very clearly with the Yahoo sale. This market is ready for massive disruption. It happened on Wall St and it will happen in AdTech. Message me if you want to learn more.
I hope everyone enjoyed the long 4th of July weekend!! While you were watching fireworks, bot fraud was also exploding. Check out the Chinese ad agency Yingmob and their new mobile botnet “HummingBad” similar to “BreakingBad” raking in $300k in revenue per month by clicking ads. I wonder what Heisenberg would think of this? As mentioned last month, in “Who’s Your Daddy”, you better know your fraud bots and who they are coming from.
Also, I wanted to invite you to a new Ad group I organize. If you want to meet other Ad Professionals and throw back some cocktails like Mad Men/Women please join LA Ad Pros here.
A long time ago on a distant network before clouds with Sun servers and Cisco routers, there arose a search engine war. Players such as Altavista, Excite, Lycos, Yahoo, and Google fought for dominance. As the battle waged on, the internet bubble kept expanding like it’s own galaxy. At the apex, social networks were born as well as cyber security user threats.
The first of this new species would be named Friendster. A few years later, MySpace was spawned and would quickly dwarf it’s predecessor with an astonishing 360 million users. Like all battles, champions fall. What was once the mighty empire of Friendster, would soon become ancient ruins. Excavators recently stumbled upon these ruins of Friendster. We also see tomb raiders known as hackers selling the hieroglyphic writings of the MySpace walls (username/passwords) for 10 Bitcoins (BTC). What’s next? Will GeoCities or Netzero be offered in some online version of the Antiques Roadshow?
How much will your data fetch? When the man who created the most powerful social network empire is unable keep his own accounts safe, how long until your data is up for sale? This was a small automated program logging into Zuckerberg’s account, basic Hacker 101 from the LinkedIn hack. This shows no matter how big you think you are, you’re always vulnerable to bot attacks. Get with the program and establish better user authentication.
With all these automated bot attacks and ad click blockers, we are seeing how to make money with bots in the Ad Tech world. Major advertisers are getting hacked out of double digit billions per year. A new report from The Dhar Method came out called “Mystery Shopping Inside the Ad Fraud Verification Bubble” and audio version here. An inside look at creating a fake publisher with cheap ad flow to make revenue from digital ads. For the secret test, a few of the major ad fraud detection technologies and a few unheard of up and coming ad fraud detection companies were used. All but one failed! Who’s your Daddy?
This Father’s Day keep custody of your data in a bot battle. Keep your accounts safe and secure with BioChronometrics.
The Rubicon will be crossed in the advertising market with television and digital sometime in 2017. The special thing about this crossing is the advent of ad blockers and ad fraud as noted in the Economist titled Invisible Ads, Phantom Reader.
There are four parties involved here which are infected:
- Consumers which are overwhelmed with ads so they put ad blockers on.
- Advertisers trying to sell their products.
- Publishers that make money from ads for their free content.
- Exchanges that turn their shoulders on ad fraud.
The ecosystem is so polluted with ad fraud that the 4 parties are striving to create a balance of what works best for each party except all strategies have failed. One thing is clear, ad fraud needs to be eliminated. Contact me today if you have bots attacking your ads. We can fix those bots with Secure Ad.
Beware, spoilers for 2016.
- Anonymous Twitter account will get hacked and goes underground.
- Digital ad market will finally eliminate ad fraud saving advertisers $200 billion per year in fraud. This saved money will be given back to consumers with issued checks, coupons, and less ads.
- The “Ultimate Password” will go mainstream with the start of the “Ultimate Email”.
- CAPTCHA’s and reCAPTCHA’s will become extinct. Passive authentication NoMoreCaptchas will replace it.
- NoMoreCaptchas will break the world record for the Turing Test a second time.
- Homeland security ads (literally) LinkedIn, Instagram, SnapChat, Tinder, and Grindr for background checks and digital advertising.
- Another Bitcoin exchange goes poof. Bitcoin goes to $10,000 again.
- Pirate Bay floats away into the sunset never to be seen.
- Man in middle gets caught in the middle via eDNA.
- The IRS gets hacked by AnonyTax. They will permanently reduce taxes for all Americans.
Have a good New Years everyone!!!
With cyber security breaches occurring daily, financial firms need to be prepared. The SEC has already had several cyber security initiatives for broker dealers and registered investment advisors (RIA’s) for future examinations. Although cyber security breaches are unpredictable, there are some simple measures to follow.
The easiest to prepare for but most vulnerable risk are employees. It’s very important to have annual cyber security safety precaution meetings and cyber security trainings. People forget how vulnerable they can be with cyber security. Employees should be cautious with strange emails, opening files, downloading files, clicking on strange site links, accessing public WiFi’s, and losing mobile devices. With proper training, employees can be the first line of defense against initial cyber attacks. Employees should also notify the IT team with these initial early warning signs of security threats.
Secure Socket Layer (SSL) should be used anytime a client is accessing brokerage account details or sensitive information. When a SSL is used, data is encrypted and sent to the intended server. The data becomes unreadable to any other server other than the original destination server. This makes it so that there are only two known parties sending information to each other. This also helps eliminate man in the middle information leakage.
Another added precaution is using anti bot technology such as NoMoreCaptchas at the user login. This makes it so that bots are instantly detected and unable to log in. Most cyber attaches come from automated program bots. There is a 6 month Free trial if you message me.
Limit log in attempts on your site. This helps prevent manual log ins from randomly guessing your username and password. It usually locks them out of the site for a set period of time. Even if they guess your username and password, it would fail to log in properly once the lock out period starts.
A further security step is to use eDNA which eliminates multifactor authentication (MFA). eDNA is unhackable and unspoofable user login with an encrypted non-deterministic 16 million character password. It is said to be “The Ultimate Password”.
The financial industry is to be the fastest growing cyber security market that is non-government estimated at $77B in 2015 to 2020 cumulative revenues. The SEC and banking regulatory bodies will be keeping a watchful eye on broker dealer and RIA security measures.
So far, this winter has been a wonderland of bot scams! Bot elves are mining at warp speed to steal your holiday cookies. Don’t let these sneaky thieves steal your Christmas cheers or profits!
These latest holiday hijinks are spoofing everyone from Wall Street to Main Street. The Xindi botnet will generate $3 billion from advertisers by the end of December. Xindi’s pockets will be jingling with all those impression pennies. There are roughly 6-8 million corporate computers infected with this Grinch. The fix? A list of IP addresses to not advertise on. That is not a solution.
If CAPTCHA was a headache, iCAPTCHA is a migrane. Instead of the world typing 200M CAPTCHA’s a day, iCAPTCHA requires the user to authenticate twice, using an illegible word and choosing 1 of 2 “language learning” answers. Avoid the headache altogether with NoMoreCaptchas.
If Chipotle didn’t have enough issues with e-coli, check out the Chipotle human resources in-denial of security article. HR at Chipotle was using an email domain as a response called firstname.lastname@example.org a domain owned by IT guy Michael Kohlman. Realizing what a threat this was, Kohlman offered to donate the domain to Chipotle. Sadly they were as interested in protecting sensitive personal data as they are the quality of their food. They rejected his offer stating they didn’t see it as a threat.
A round of holiday cheers to Rohit Dua from LinkedIn India for fixing a cross site script (XSS) vulnerability within the LinkedIn help forums!
Beware if you are looking to make merry with a Tinderoni, the Tinder of China called TanTan recently reported a “man in the middle” gathering private user information such as password, location, preferences, and personal data.
If you don’t want to be loaded down with coal in your holiday stocking, or find out a bot Grinch has stolen your Christmas cookies, protect yourself with NoMoreCaptchas or Secure Ad using BioChronometrics.
Wishing you all a safe and bot-free holiday season 🙂