Tamer Hassan is the Bot Hunter

How one man protects advertisers from digital fraud in a billion-dollar black market

“If you steal money from a bank, someone will look for you. That’s one reason digital fraud is moving to other areas. When we started White Ops in 2012, my cofounders and I entered a heavy research mode, and we discovered something interesting. We realized that while online financial fraud was becoming more difficult to get away with, fraud in online advertising was running rampant. We built our company to respond with the best prevention and real-time blocking solutions.

There’s a lot on the line. Advertisers stand to watch $6.3 billion disappear to digital fraud in 2015. Why is the industry such a target? It’s because advertising is a recurring fraud revenue model. There’s a lot of money moving, and companies are competing. Fraud is difficult to detect, and, unlike in banking, not as many people are chasing the bad guys.

$55B

Estimated domestic digital advertising revenue for 2015, based on data from the Interactive Advertising Bureau

$18.5B

Estimated cost to the advertising industry annually due to ad fraud, according to a report released by Distil Networks

1 in 4

Dollars spent on digital advertising are being sucked up by ad fraud

37%

Advertisers surveyed by Distil who said they’d be willing to pay a premium of 11% or more for certified, human web traffic

But a lot of what’s driving this is the use of bots, or bits of code that mimic human behavior online to direct traffic to certain websites and generate ad clicks. At any time, more than half of all Internet traffic can come from these bots, and when they click on ads thousands of times, advertisers pay for that activity, giving away precious ad dollars even though no human eye has actually viewed their content.

Our solutions detect when a browser has been automated or remotely controlled on every web request. Every time a page load happens, we can detect automation. We can detect, block, and filter bot activity, ad injection, and other fraudulent online activity across all kinds of online ad campaigns. This is huge for advertisers and publishers because it can literally save them millions, if not billions, of dollars per year by increasing the effectiveness of their online campaigns.

When we started in 2012, we were just starting to realize how big of a problem this is. We had only three people, and we started seeing an explosion in the results of our code. A few short years later, we’ve grown to more than forty employees. That’s because there is so much activity to protect against. A web browser is one of the few environments in the world that has arbitrary code execution. That means a hacker can use whatever command he wants to make the target machine behave in any way. It would never work to try to embed this in hardware, but there is so much going on behind the scenes when you browse the Internet that the vulnerabilities are deep. There are clicks, and downloads, and links, and everything else. Maybe you have an old version of software, or no protection programs. If you have any way for the attacker to get in, he can find it and set up an automated machine to exploit it.

Criminals can make a few million dollars a month by setting up a blank webpage with a bunch of ads and use bots to drive automated traffic and generate fake interactions using a script. Bot traffic most often comes from infected residential computers. In The Bot Baseline Study, lead by White Ops and the Association of National Advertisers, we found that nearly 70 percent of all bot traffic came from home computers controlled by bot traffickers to generate fraudulent revenues. They hijack your browsers to seamlessly blend in with real users. They might trick you with an infected toolbar that looks like part of the website you’re visiting, or they might inject fake ads into the content you want to view. Huge publishers spend a lot of money to deliver great content online, and ad injection like this is a way for hackers to monetize other peoples’ content. Bots and malware are spreading in the industry, but our browser tests detect them, and we are strong enough to withstand reverse engineering. As we take away targets, we’ll make these activities less profitable for the criminals, and ad agency cybercrime will decrease dramatically.

“When bots click on ads thousands of times, advertisers pay for that activity, giving away precious ad dollars even though no human eye has actually viewed their content.”

We do a lot of the heavy lifting, but we’re also very open about adopting new technologies to help us defeat the bad guys. The amount of data we collect is always growing, so we are looking to the best companies to help us solve real-time data challenges, and VoltDB is a classic one. Companies like VoltDB are at the forefront of modernizing how we approach real-time data. There are revolutionary principles in transactional consistency and scale that VoltDB has brought to the market that didn’t exist before. These capabilities are all about scaling without losing the traditional features of a database, like consistency and availability. We process billions of web requests a day in real time on a relatively small cluster with VoltDB. Capabilities like this didn’t used to exist, and these technologies are important for building the next generation of data platforms; it’s important for technology decision makers to embrace and understand these capabilities.

The only way to stay one step ahead is to hire the experts, and that’s what we’ve done to combat this advanced game in a multimillion-dollar black market. Our CEO has deep cyber and national defense experience. Our chief scientist is a noted security expert and literally one of just a few people in the world with DNS recovery keys in case of an Internet crisis. I bring engineering and military experience to this new mission-oriented objective.

We’ve managed to turn the game the hackers are using back on them. You can defend 1,000 attacks with a wall, but when one gets in, the wall crumbles. We’re not playing defense; we’re playing offense. We know how to interrogate and study a bot machine in over a million different ways, and the moment it slips up, we catch it. There’s actually a lot of overlap here with my military background. I’ve always been around extremely talented people in well-trained groups running real missions against real opponents. That’s what we’re doing here at White Ops. And we’re built to win.”