Profile picture
Craig Silverman @CraigSilverman
, 16 tweets, 6 min read Read on Twitter
Let’s talk about an insane, criminal problem in digital media that gets no real media scrutiny: ad fraud. $19 BILLION will be stolen this year. Not wasted on ads that didn't work — straight up stolen by crooks!

My latest investigation, and a thread: buzzfeednews.com/article/craigs…
Background: tons of digital ads are bought using automatic or tech-faciliated placements, aka programmatically. The process includes a glut of middlemen & players who take their cut. This opacity breeds confusion, which is perfect for criminals. Example:
Let’s break down one part of the scheme I exposed with help from @PixalateInc, Protected Media, @Malwarebytes. It starts with an email to a developer who built the Emoji Switcher Android app. This person says they want to buy his app. They agree to pay up front in bitcoin. Done.
This happened over and over again to developers. I spoke to 5 of them. Once acquired, the apps are listed as being owned by different shell companies in the Google Play store. Here’s a company called Atoses Digital. Most of the employees on its site use stock images for pics.
They also have fake customer testimonials, like this one for a company called TapTap Video that claimed to help monetize three of the apps in the scheme. they stole the pic from a real woman.
Shell companies help you distribute your risk. If you get caught using fake traffic to inflate your ad revenue then it's the shell company & its specific publisher account that get banned. Just wait a few months, set up a newco, get new ad network account, and boom you’re back.
In this case, once an app was acquired, the fraudsters secretly tracked the behavior of human users. Then they programmed an army of bots to mimic the same behaviors. Creepy, yes. Here’s the flow to explain it. The key is making fake traffic indistinguishable from actual humans.
My investigation led me to identify +125 Android apps and websites linked to the scheme. They were spread out among like a dozen shell companies in Malta, Bulgaria, British Virgin Islands, Cyprus. etc.
Google investigated after I contacted them, and found the scheme had accounts with *88 different ad exchanges*. One insider claimed they stole hundreds of millions of $$. But by spreading it all out via different apps, websites, and companies, nobody saw the big picture.
The fraudsters were smart. They created high quality fake traffic. They spread the money around to avoid attracting attention. But they were also sloppy.
Along identifying their fake employees and customers, I was able to connect all these apps, sites, and companies via corporate registrations, domain ownership and DNS data, Play store listings, and other publicly available info. (#OSINT FTW)

Let’s look at one app.
It’s called Surprise Eggs - Kids Game. In the Play store and on the app’s site it says it's owned by a company called Visont. But the whois for its site says Quaret Digital. So right away we have one app, two companies.
Both of their corporate sites were recently removed after I started making inquiries. Quaret also had an employee on LinkedIn with a photo stolen from actor Sarah Ellen @Sarah3llen.
Those two companies link it to other apps. But even more important is that the app’s website was registered with the email lorentsen@yandex.ru. It was used to register a whole bunch of other websites for apps and companies that turned out to be in the scheme:
The site for Surprise Eggs - Kids Game also used the same SSL certificate and IP address as a whole bunch of other companies and apps in the scheme. So with just one app, we now have so many leads and connections. (And then the traffic analysis found common fake traffic.)
I followed the trail all the way to identify the key beneficiaries of the scheme. Read the story to meet them. And let's think about how much better off media would be if $19 BILLION went to real companies with real audience — instead of criminals /end

buzzfeednews.com/article/craigs…
Missing some Tweet in this thread?
You can try to force a refresh.

Like this thread? Get email updates or save it to PDF!

Subscribe to Craig Silverman
Profile picture

Get real-time email alerts when new unrolls are available from this author!

This content may be removed anytime!

Twitter may remove this content at anytime, convert it as a PDF, save and print for later use!

Try unrolling a thread yourself!

how to unroll video

1) Follow Thread Reader App on Twitter so you can easily mention us!

2) Go to a Twitter thread (series of Tweets by the same owner) and mention us with a keyword "unroll" @threadreaderapp unroll

You can practice here first or read more on our help page!

Did Thread Reader help you today?

Support us! We are indie developers!


This site is made by just three indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member and get exclusive features!

Premium member ($30.00/year)

Too expensive? Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal Become our Patreon

Thank you for your support!