In 2020, it was revealed that Russia had hacked 250 U.S. Government agencies. These hacks went undetected by our most sophisticated cybersecurity defenses including the military’s Cyber Command, the National Security Agency, and the Department of Homeland Security. This alarming development must lead us to reevaluate everything we think we know about ad fraud.
The revelations about undetected hacking of government agencies must lead us to reevaluate the likelihood of undiscovered ad fraud. Let’s remember, the objective of fraud is to go undetected. Only the bad fraudsters are found. The good ones stay hidden. Let’s start with some indisputable facts:
- The online advertising marketplace trades over $600 billion annually
- State sponsored hackers have been shown to have the ability to penetrate some of the most “secure” systems in the world, undetected.
- Every person, business, or government agency that has ever been hacked had received the usual assurances that their money or data was safe and secure - until it turned out it wasn’t.
- Criminal actors have discovered a multitude of ways to extract money from the adtech ecosystem.
- Gaming the programmatic advertising ecosystem has been shown to be alarmingly simple.
- There is no international governing authority and, consequently, there are no cross-border regulations or penalties for committing online ad fraud.
Now some assertions on my part:
- It is folly to believe that hackers who can penetrate systems protected by the U.S. military’s Cyber Command, the National Security Agency, and the Department of Homeland Security without detection cannot penetrate adtech systems.
- There are governments in the world with both very sophisticated technology operations, and economies that would massively benefit from the addition of billions of dollars.
Now some logic:
- If the Cyber Command, the NSA, and the Department of Homeland Security can be fooled, I don’t think it’s a stretch to assume that fraud detection software can also be fooled. Consequently, if state-sponsored hackers are fiddling the adtech ecosystem, it’s likely that no one is detecting it.
- It would be amazing if state-sponsored cyber criminals didn’t view the adtech marketplace as ridiculously easy pickings and even more delicious since there are no consequences for being caught.
Some conclusions:
- If state-sponsored penetration of adtech systems exists, the fraud detection companies should be considered seriously overmatched. And, of course, the bold assertions of trade organizations, agencies or marketers are no more reliable than those of the fraud detection companies they employ.
-While we know that criminals and criminal organizations are active in stealing money from the adtech systems, we don’t know if governments are. In light of recent revelations, however, it seems highly likely that state- sponsored cyber operations would be powerfully attracted to the hundreds of billions of dollars the adtech ecosystem is unwittingly dangling in front of them. If so, ad fraud is probably a lot harder to detect and a lot larger than anyone thinks it is.