Why Marketers Have a Stake in Staunching Cybercrime

Sarah Steimer
Current average rating    
Key Takeaways

​​What​? Companies can lose significant amounts of ad spend to bot-related ad fraud.

So what? Marketers, as stewards of company advertising commitments, must not leave the responsbility for cybersecurity to other departments or third-party operators. 

Now what? There needs to be an elevated awareness of cybersecurity, with companies taking an end-to-end look across marketing processes to determine if they’re secure, according to CMO and cybersecurity expert Marie Hattar. 

March 1, 2017

The Methbot shook up marketers who once believed they were unaffected by cybercrime. Experts say  industry-wide transparency and education can defeat the attackers

Marketers had a rude awakening to the effects of cyberattacks at the end of 2016 with the discovery of Russian hacking operation Methbot.

The fraudulent activity had been costing them between $3 million and $5 million per day at its peak, unbeknownst to them. 

The attack strayed from better-known threats, malware and identity fraud. It’s likely to cause a fundamental shift in how marketers consider their role in preventing such losses. It will also probably change how they interact with their IT departments, according to Marie Hattar, CMO at Ixia.

“Marketing traditionally has not collaborated with IT from a cybersecurity standpoint,” Hattar says. “IT has been someone to help them employ their tools and make sure they do a lot of the back-end stuff.” 

What comes next will be a combination of transparency by all parties in the online ad realm and increased education of marketers so they can act with more awareness and accountability, experts say. 

Understanding Methbot

The Methbot managed to avoid detection through an array of infrastructure, versus more traditional malware structures. Methbot operators used a distributed network based on a custom browser engine running out of data centers on IP addresses that were acquired with forged registration data.

The operation used its servers, located in the U.S. and the Netherlands, to create nonhuman traffic directed to load webpages featuring video ads from major advertisers, mostly ones based in the U.S. Fake webpages were designed to trick advertisers into believing their ads were appearing on major websites, such as ESPN, CBS Sports and The Wall Street Journal. 

Digital advertising security firm White Ops first noticed the bot in September 2015 and responded with a quarantine and monitoring effort. The fraudulent activity became what is now known as the Methbot in October 2016 when it began to aggressively scale and adapt. With the release of its report in December 2016 , White Ops provided known Methbot IP addresses to advertisers, agencies and technology providers so they could block them and prevent their ads from appearing on Methbot inventory, effectively killing the Methbot’s fraudulent activity.

“When we released the details of all of the IT space the Methbot was using, we actually coordinated the biggest industry-wide shutdown of a fraudulent operation ever,” says White Ops CEO and co-founder Michael Tiffany. “Within 24 hours the Methbot IT space was routed off the internet.”

Tiffany doesn’t discount the possibility of seeing a similar or copycat threat. He says what caught his company’s attention and motivated it to get the bot shut down was when Methbot started specifically working in digital video. There was evidence of automotive lead gen scams much earlier, and Tiffany says it’s reasonable to think that this is a group that’s been iterating through a number of different models. 

“We might not see them pop up again in digital video targeting brand advertisers,” Tiffany says. “They might pivot to some other form of ad fraud.”

Security Via Transparency

The Methbot report from White Ops provided recommendations for avoiding similar problems in the future. Tiffany says marketers can make the crime unprofitable.

“One thing that is becoming increasingly clear is this is a fight that takes diligence, but it is actually a winnable fight,” Tiffany says. “The way we win is by raising the costs to the bad guys and decreasing the profits. 

If we keep doing that, then at a certain point, ad fraud might be still technically possible, but if it’s no longer incredibly profitable, then it’s just not going to be attractive.” 

The Methbot takedown demonstrated one of the ways to do so, which is to take away the key assets. Methbot operators had the market value of millions of dollars; now they absolutely cannot use those assets for their crimes. In terms of decreasing profit, marketers must ensure a high level of transparency and quality control across every channel that they spend in. 

“We started several years ago in a place where transparency and third-party validation of whether marketers got what they were paying for was very nascent,” Tiffany says. “Now you can tell the world moved quite a bit because fraud went from something no one wanted to talk about—people were in active denial—to a place where some platforms and publishers are actually building quality guarantees into their sales pitch.” 

According to Tiffany, adding those quality guarantees means enough marketers have been putting momentum behind this issue that there’s competition for quality when it comes to marketing automation, programmatic advertising and other platforms. Independent validation may help hold everyone to the same standards of quality. 

“I think we’re headed to a very counterintuitive place where big platforms with major engineering talents and data science capabilities are actually able to invest a lot in the security and protections of their platforms as long as there’s an economic incentive, which means that in so doing, they’ll make more money or win more market share,” Tiffany says. “Because that’s starting to happen, now there are automated programmatic platforms you can buy from where you’re basically safer than a media plan that’s based on a wide number of direct buys.” 

White Ops research has shown that direct buys are not immune to fraud, Tiffany says. In fact, a lot of bot traffic makes its way into direct buys either because of unsafe third-party traffic sourcing or because of unsafe audience extensions. As programmatic players compete on quality and take a zero-tolerance approach, there may be a higher level of assurance that marketers get what they pay for because traffic-sourcing and audience extensions scams that affect direct buys won’t work.

Proactive, Involved Marketers

Hattar says marketers need to seek verification that they’re receiving the services they signed up for from service platforms. 

“Marketers should do a sweep across the board of all the different channels that they use, whether it’s social media, marketing automation or their advertising,” Hattar says. “They should actually reach out to a security professional in their IT organization and check whether they have enough measures in place and what themes or concepts to look for. I think most marketers are not that proactive.”

Hattar says that until something like the Methbot surfaced, marketers didn’t know to be concerned. They believed programmatic numbers were accurate. She says programmatic advertising involves a lot of proprietary algorithms that were traditionally not disclosed to marketers, keeping them in the dark on how they derive impression counts and other methodology.

“A lot more marketers want to know exactly where their advertising is showing up,” Hattar says. “The advertising piece gets a lot of attention because, typically, most marketing budgets spend a significant amount on it—anywhere from 20% to 50%, depending on market segment.”

There needs to be an elevated awareness of cybersecurity, Hattar says, with companies taking an end-to-end look across marketing processes to determine if they’re secure. Hattar says she aims to understand her company’s security policy across the board, whether for the website, marketing automation or the programmatic aspects. 

“Raising that level of education is very important,” Hattar says. “For those areas that could be exploited, the more transparent they are in terms of the results or algorithms, what they’re doing, how they’re accounting for their impressions, the better and the less likely the data is incorrect or fraudulent.” 

Recommended For You:
Four Things Middle Market Companies Must Do to Improve Cybersecurity Study Estimates That Ad Fraud Will Cost Marketers More Than $7 Billion Globally in 2016 Gain a Global Perspective at AMA Events

Four Things Middle Market Companies Must Do to Improve Cybersecurity

Study Estimates That Ad Fraud Will Cost Marketers More Than $7 Billion Globally in 2016

Gain a Global Perspective at AMA Events


 Sign Up For Marketing News Weekly

Get the best marketing thought leadership delivered directly to your inbox!


Author Bio:

Sarah Steimer
Sarah Steimer is a staff writer for the AMA's magazines and e-newsletters. She may be reached at ssteimer@ama.org or on Twitter at @sarah_steimer.
Add A Comment :

Displaying 1 Comments
Nathan Kallen
March 14, 2017

This article is very interesting because it shows hows Marketing, and a problem that occurred within our field, was exposed through the Methbot hack that Russia used during the US election cycle. While the act itself is relating to cyber crime and security, if more is not done from the marketing side to ensure that these hacking possibilities are minimized, we are not working to our fullest potential as marketers. The Methbot was utilized by faking web traffic to fake news websites to strengthen some false views on various candidates whether they were positive or false reports. This had a major impact on the results of the US election in which Donald Trump one the largely white, uneducated part of the population. This is the core group that is most vulnerable to fake news sites that were being streamlined to them through marketing firms that had been infected with the Methbot virus. Before this attack had happened, the marketing sector was relatively unaware that there was even the possibility of a hack or threat that would directly impact their industry. The fact that the software allowed the Russians to have access to so much both private and marketing information allowed them to create the perfect links and news ads for those most vulnerable with the most information gained from these private firms. The overarching problem that needs to be addressed is that currently the public is having trouble deciphering false news coverage from what is real. This is furthered by having a president who will both make false statements and create "alternative facts" going against truths.

Become a Member
Access our innovative members-only resources and tools to further your marketing practice.