US spending on digital advertising was estimated at $72 billion for 2016. With all this money comes a wealth of opportunities for those with “get rich quick” aspirations. The plethora of middlemen and perverse incentives mean there’s little risk of getting caught and minimal consequences if one does. Many people have heard of “click fraud,” but there are many other models for defrauding advertisers. There’s “impression fraud,” “cookie stuffing,” “traffic laundering,” and “ad injection” just to name a few. The industry–both legitimate and not-so-legitimate–is much more complex and interesting than many people realize.
This talk will go over the ad-tech ecosystem in general, attempts to defraud it, and methods of defense. You’ll learn an alphabet soup of industry acronyms, the basics of how a bot is built, how attackers cash out, and a few techniques for detecting bots.
Ryan Castellucci (@ryancdotorg) really just wants to spend all day doing stupid crypto tricks but has learned to love his day job at White Ops fighting against those who commit large scale fraud against the advertising industry with a veritable horde of compromised systems. He’s previously spoken at DEF CON and HOPE about Bitcoin and how to exploit stupid things people do with it.