A Nickel Tour of the Ad Fraud Ecosystem

ShmooCon XIII - 2017

Presented by: Ryan Castellucci
Date: Sunday January 15, 2017
Time: 10:00 - 10:50
Location: Main Room
Track: Bring It On

US spending on digital advertising was estimated at $72 billion for 2016. With all this money comes a wealth of opportunities for those with “get rich quick” aspirations. The plethora of middlemen and perverse incentives mean there’s little risk of getting caught and minimal consequences if one does. Many people have heard of “click fraud,” but there are many other models for defrauding advertisers. There’s “impression fraud,” “cookie stuffing,” “traffic laundering,” and “ad injection” just to name a few. The industry–both legitimate and not-so-legitimate–is much more complex and interesting than many people realize.

This talk will go over the ad-tech ecosystem in general, attempts to defraud it, and methods of defense. You’ll learn an alphabet soup of industry acronyms, the basics of how a bot is built, how attackers cash out, and a few techniques for detecting bots.

Ryan Castellucci

Ryan Castellucci (@ryancdotorg) really just wants to spend all day doing stupid crypto tricks but has learned to love his day job at White Ops fighting against those who commit large scale fraud against the advertising industry with a veritable horde of compromised systems. He’s previously spoken at DEF CON and HOPE about Bitcoin and how to exploit stupid things people do with it.


KhanFu - Mobile schedules for INFOSEC conferences.
Mobile interface | Alternate Formats