New Tactics Punch Holes in Big Tech's Ad-Fraud Defenses

Date : 01/07/2020 @ 6:11PM
Source : Dow Jones News
Stock : Facebook Inc (FB)
Quote : 188.12  -1.63 (-0.86%) @ 4:35PM

New Tactics Punch Holes in Big Tech's Ad-Fraud Defenses

Facebook (NASDAQ:FB)
Historical Stock Chart

2 Months : From Dec 2019 to Feb 2020

Click Here for more Facebook Charts.
By Parmy Olson 

Tech giants such as Google and Inc. are deploying artificial intelligence to ferret out fraud on their platforms, but some cybercriminals are outfoxing Silicon Valley with software that is getting better at mimicking human behavior.

One group of developers running a Russian website advertises a $100-a-month subscription to a browser called Linken Sphere. Customers have used the software to get around fraud-detection tools employed by Alphabet Inc.'s Google, Amazon and Facebook Inc., according to researchers and users of the tools. The browser allows users to harness hundreds of stolen online accounts, purchased on the dark web, to generate fake ad traffic or to boost online search rankings and shopping reviews, those people say.

Another popular tool, AntiDetect, also costs $100 a month for a subscription, and offers a $2,990 professional version. Its creator charges an extra $100 a month for personal technical support, servers and free configurations. A tool called Multilogin, created by an Estonian-based company, can control up to 100 different profiles. It charges 99 euros, about $110, a month. Customers can pay more to have those profiles automated to behave in special ways.

All these tools can be used for legitimate purposes, according to researchers. They can be used by tech firms to look for vulnerabilities and test their own defenses, for instance. But they are also being used to evade fraud-detection defense for illegitimate purposes, according to researchers and users.

Linken Sphere's creators didn't respond to several requests for comment. On their website they say Linken Sphere can be used for legitimate purposes. A spokesman for Antidetect said it was unfortunate such programs were used by attackers, "but this should not be regarded as the developer's fault."

Donat Voronin, chief executive of Multilogin Software Ltd., based in Tallinn, Estonia, said his company's browser was primarily used for research by companies, nongovernmental organizations and universities but that, like any software service, there were "nonmainstream use cases."

Fraudsters have typically relied on complex computing software, known as virtual machines, that allows them to anonymously direct fake traffic to sites or ads, to then artificially boost product ratings or reviews. Another long-used trick: Large networks of hacked computers, known as botnets, can send fake traffic at these targets.

Many big tech companies have come up with defenses to identify these and other techniques, by looking more closely at the accounts and using artificial intelligence to determine whether they are active or not. If they aren't, that is a red flag and a sign of possible fraud.

The new tools, however, can evade some of these AI-enabled defenses. The tools essentially act like browsers -- alternatives to Microsoft Corp.'s Internet Explorer or Apple Inc.'s Safari -- that allow for the creation of hundreds of fake personas quickly and cheaply, according to users of the tools, researchers and discussion forums about them.

The browsers help carry out one of the most popular types of online fraud -- spoofing traffic to online ads or social media profile pages, thus increasing the value of those pages by making them look more effective than they really are. Marketers are expected to lose around $5.8 billion on ad fraud this year, according to a report by the U.S. Association of National Advertisers.

A spokesman for Facebook said the company was getting better at spotting fake accounts, and that its detection technology helps block millions of attempts to create fake accounts every day. A Google spokesman said it has been researching anti-detection tools, and that the company blocks most invalid traffic before it affects advertisers. Amazon didn't respond to requests for comment.

Linken Sphere first emerged in 2017, according to researchers at Recorded Future, a cybersecurity consulting firm based near Boston. The developers behind the Russian-language site, who call themselves the Tenebris Team, say on the site that it can be used for legitimate purposes such as testing the defenses of websites.

Linken Sphere's developers describe themselves online as security engineers, but a YouTube ad for the product says the service can "successfully bypass anti-fraud systems." Members of the development team behind Linken Sphere give technical advice on a dedicated chat channel anyone can join, with close to 6,000 members, on encrypted mobile messaging app Telegram. They discourage discussion on that channel about how the software is used, observations of the discussions show.

Fraudsters, though, can use the software to mimic the online browsing and shopping habits of real people. For example, they can send fake personas to visit different websites, click on various links and ads, and leave five-star reviews. Such actions could help boost the popularity of an ad or product, leading to increased clicks and sales.

"It's like the wardrobe for someone who wants to do impersonations," said Staffan Truve, Recorded Future's chief technology officer. "You can pick the clothes and the mustache, and which behavior you want to have."

Write to Parmy Olson at


(END) Dow Jones Newswires

January 07, 2020 12:56 ET (17:56 GMT)

Copyright (c) 2020 Dow Jones & Company, Inc.

Latest FB Messages

{{bbMessage.M_Alias}} {{bbMessage.MSG_Date}} {{bbMessage.HowLongAgo}} {{bbMessage.MSG_ID}} {{bbMessage.MSG_Subject}}

Loading Messages....

No posts yet, be the first! No {{symbol}} Message Board. Create One! See More Posts on {{symbol}} Message Board See More Message Board Posts

Your Recent History
Gulf Keyst..
FTSE 100
UK Sterlin..
Stocks you've viewed will appear in this box, letting you easily return to quotes you've seen previously.

Register now to create your own custom streaming stock watchlist.

NYSE, AMEX, and ASX quotes are delayed by at least 20 minutes.
All other quotes are delayed by at least 15 minutes unless otherwise stated.