Over the course of many years in the marketing agency business we have seen our clients experiencing a negative phenomenon known as click fraud. This practice leads to exasperation and sighs. Often our clients, just shrug their shoulders and chalk it up to ‘cost of doing’ business, or ‘what can I do about it.’While Google and other Ad Networks are working hard to stop fraud, it still is a massive problem. But who are the perpetrators of this crime? And what do they gain by this infuriating practice?
Malware kingpin Vladimir Tsastin, 35, an Estonian national, has been sentenced to serve more than seven years in prison after pleading guilty in July 2015 to running a massive click-fraud scheme that earned $14 million in profits via more than 4 million victims across 100 countries.
According to multiple sources ,Tsastin did not operate alone and had begun his operation as far back as 2006. In turns out that the operation was ‘relatively simple”. This story, adds credence to the article we published previously in “Alliance of Advertisers and Publishers With Google” “Due to the revenue system in place for both ad networks and publishing outlets, there is a conflict of interest.”
It is this ‘small’ crack in the alliance that criminals exploit. Tsastin and his crew set up online publishing companies, entered into agreements with advertising brokers to receive money for each click. Once they had those arrangements in place, the scheme was set to take off. In addition, Tsastin and his team created custom-built “DNSChanger” malware to change the domain name system settings on infected computers, allowing them to generate fake clicks and “plant DNS changer malware onto user systems and redirect queries for popular domains to malicious servers,” according to a blog post from Trend Micro.
“This allowed the attackers to redirect the traffic aimed at these domains and carry out hard-to-detect but profitable attacks like hijacking search results and replacing website advertising.” Without a doubt, the scheme was lucrative. “By falsely collecting advertising fees for every ‘click’ their victims made, Tsastsin and his co-conspirators collected over $14 million,” U.S. Attorney Preet Bharara said in a statement.
The gang carried out its activities, in part, by using “approximately 50 rogue DNS servers located in New York City and additional ones at a data center in Chicago,” according to the Justice Department. “Each of the rogue servers contained approximately two hard drives; the larger hard drives received as many as 3,000 fraudulent ‘clicks,’ or DNS resolution requests
The FBI started their investigation in 2009, and by 2011, working with Estonian police, was able to disrupt the criminal activities. Three years later, Vladimir Tsastin was extradited to the United States to stand trial.