Let’s talk about an insane, criminal problem in digital media that gets no real media scrutiny: ad fraud. $19 BILLION will be stolen this year. Not wasted on ads that didn't work — straight up stolen by crooks! My latest investigation, and a thread:https://www.buzzfeednews.com/article/craigsilverman/how-a-massive-ad-fraud-scheme-exploited-android-phones-to …
-
-
My investigation led me to identify +125 Android apps and websites linked to the scheme. They were spread out among like a dozen shell companies in Malta, Bulgaria, British Virgin Islands, Cyprus. etc.
Show this thread -
Google investigated after I contacted them, and found the scheme had accounts with *88 different ad exchanges*. One insider claimed they stole hundreds of millions of $$. But by spreading it all out via different apps, websites, and companies, nobody saw the big picture.
Show this thread -
The fraudsters were smart. They created high quality fake traffic. They spread the money around to avoid attracting attention. But they were also sloppy.
Show this thread -
Along identifying their fake employees and customers, I was able to connect all these apps, sites, and companies via corporate registrations, domain ownership and DNS data, Play store listings, and other publicly available info. (
#OSINT FTW) Let’s look at one app.Show this thread -
It’s called Surprise Eggs - Kids Game. In the Play store and on the app’s site it says it's owned by a company called Visont. But the whois for its site says Quaret Digital. So right away we have one app, two companies.pic.twitter.com/M7rT9GMTWH
Show this thread -
Both of their corporate sites were recently removed after I started making inquiries. Quaret also had an employee on LinkedIn with a photo stolen from actor Sarah Ellen
@Sarah3llen.pic.twitter.com/cZEm1Zg50s
Show this thread -
Those two companies link it to other apps. But even more important is that the app’s website was registered with the email lorentsen@yandex.ru. It was used to register a whole bunch of other websites for apps and companies that turned out to be in the scheme:pic.twitter.com/e5QoD3IWKI
Show this thread -
The site for Surprise Eggs - Kids Game also used the same SSL certificate and IP address as a whole bunch of other companies and apps in the scheme. So with just one app, we now have so many leads and connections. (And then the traffic analysis found common fake traffic.)pic.twitter.com/5le8P5DV5D
Show this thread -
I followed the trail all the way to identify the key beneficiaries of the scheme. Read the story to meet them. And let's think about how much better off media would be if $19 BILLION went to real companies with real audience — instead of criminals /endhttps://www.buzzfeednews.com/article/craigsilverman/how-a-massive-ad-fraud-scheme-exploited-android-phones-to …
Show this thread
End of conversation
New conversation -
-
-
Hi, your infographic character looks too much like
@nodebots and that's not ok. Please update your assets, or legal steps will be taken.pic.twitter.com/NHnCoUQoJ3
-
Seriously Rick, it's a rounded rectangle with knobs. And it doesn't even look that similar.
- Show replies
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.