{"id":48461,"date":"2013-02-18T00:00:00","date_gmt":"2013-02-18T00:00:00","guid":{"rendered":"https:\/\/www.techopedia.com\/raiding-the-headquarters-of-click-fraud-operations\/"},"modified":"2013-02-18T09:10:24","modified_gmt":"2013-02-18T09:10:24","slug":"raiding-the-headquarters-of-click-fraud-operations","status":"publish","type":"post","link":"https:\/\/www.techopedia.com\/2\/29231\/security\/raiding-the-headquarters-of-click-fraud-operations","title":{"rendered":"Raiding the ‘Headquarters’ of Click Fraud Operations"},"content":{"rendered":"
New efforts to bring cybercriminals to justice are reading more like hard-boiled fiction than the sort of paper pushing enforcement we often imagine applies to white-collar crime. In early February 2013, law enforcement officials, including U.S. marshals, entered server facilities in New Jersey and Virginia to confiscate hardware in a move called "Operation b58," which was initiated as a response to a legal claim by big tech companies Microsoft and Symantec. <\/p>\n
The legal complaint<\/a>, filed in Virginia, identified 18 "John Does" believed to be engaged in a worldwide, million-dollar scheme to profit from hacking large numbers of personal computers. In fact, Microsoft and Symantec staffers rode along on the bust, as part of what Microsoft is calling a "legal and technical action" to disrupt an operation known as the "Bamital botnet," where a number of operators control global systems that use malware<\/a> to hijack users’ search results. And that, of course, affected major search engines and browsers, include those run by Microsoft, Yahoo and Google.<\/p>\n Fans of contemporary U.S. crime television might wonder exactly why law enforcement was knocking on doors up and down the East Coast – after all, there are no dead bodies. It all has to do with something called click fraud<\/a>, a specific kind of virtual hacking that allows for a small number of people to control a whole lot of Internet user activity – and in terms of its business ramifications, it’s a pretty serious crime.<\/p>\n The most simple explanation of click fraud is that hackers redirect Web users to controlled destinations, and away from the organic results<\/a> that would normally be generated by search engine technology. However, there are multiple ways to do this kind of hacking. Click fraud operators can trick search engines into sending users to the wrong place, but another, potentially easier, way to achieve click fraud is to infect a PC with a piece of malware that does the work on its own. Part of the Microsoft legal complaint against Bamital, filed on January 31, 2013, gives a visual depiction of how botnet<\/a> operators change DNS settings<\/a> on computers through malware installation, thereby creating botnets, or large networks of automatically redirected browsers. A command-and-control tier consisting of purchased hosting services controls an infected tier of individual computers.<\/p>\n To many people, click fraud might seem like something relatively harmless, not something you\u2019d bring out a task force for. In reality, this form of hacking is effectively robbing businesses of millions of dollars, and cheating consumers in a variety of ways. For example, the Bamital botnet often redirected users from the website they intended to go to to one that served malware, which included dangerous tracking and spying software. And, by monkeying with the advertising platform that allows much of the Internet to be free for users, click fraud also negatively affects the companies that serve ads as well as the companies that pay for ad space. <\/span>That\u2019s why this kind of elusive cybercrime is actually getting shut down. <\/p>\n A Microsoft blog post on the issue shows that the Bamital take-down was the sixth time that the company has been involved in these kinds of operations. Other examples also show the scale of click fraud rings. A 2011 InformationWeek story<\/a>, for example, details an FBI action involving both Estonian and Dutch law enforcement, and raids on facilities in Chicago and New York. In this case, an operation called DNS Changer botnet was estimated to have netted its operators $14 million by infecting more than half a million computers in America from 2007 to 2011. The victims? The advertisers who lost the clicks, business and revenue they would have received had customers not been sent elsewhere, as well as the customers themselves, whose computers were infected with malware that essentially made them complicit in the scam. (Read about other threats users face in The 5 Scariest Threats in Tech<\/a>.)<\/p>\n As you\u2019d expect, any crime involving ringleaders in countries around the world can be hard to police, and in looking at law enforcement responses, there are some good questions about jurisdiction and venue. In the Bamital case, Microsoft\u2019s legal complaint specifies the legal basis for U.S. raids, specifically in the state of Virginia, explaining the choice of venue by claiming that "defendants \u2026have utilized instrumentalities located in Virginia and the Eastern District of Virginia to carry out the acts complained of herein." The legal document also names ISPs<\/a> that were used by the ring, which are located in Virginia, and shows how many personal computers in the state were targeted for infection.<\/p>\n An even thornier issue with click fraud involves businesses charging larger tech companies with lax security standards around online marketing results, or even with deception in their contractual marketing agreements. One of the most high-profile scenarios is outlined in an August 2012 Forbes Magazine story, where a company called Limited Run pulled the plug on its Facebook campaign due to concerns that many of the clicks generated could have been instances of click fraud. In addition to these kinds of "trust issues," the social media giant has also faced lawsuits,<\/a> although it\u2019s generally hard for plaintiffs to claim that "hosts" or online venues are legally responsible for fraudulent results. Other big tech firms like Google have faced similar challenges<\/a>. Because it could be argued that these companies also benefit from click fraud, it all becomes a very sticky issue.<\/p>\n In its response to customer complaints, Facebook has detailed its use of member-based sign-ons and verification technologies like CAPTCHA<\/a>, which can foil some bots, and has also recommended that companies monitor the traffic around their marketing campaigns closely to determine if click fraud is going on. For consumers, help may come in the form of additional redirects on the Web. For example, after Bamital\u2019s servers were recently brought down, many users found that their search engines were "broken," at least when accessed through their infected computers. In response, Microsoft and Symantec put up a destination site routing users toward tools to eliminate the malware that originally caused the problem. Up-to-date anit-virus<\/a> and malware protection software can also help protect users’ computers from botnet infection.<\/p>\nWhat Is Click Fraud?<\/span><\/h2>\n
Busting the Botnet Operators<\/span><\/h2>\n
What Can Companies, and Consumers, Do?<\/span><\/h2>\n