Digital Marketing’s vulnerability to ad fraud is intricately linked to the wider web traffic trustworthiness. Consequently, the industry’s level of vulnerability has an inverse relationship to global countermeasure strategies towards cybercrime. As expected, ISPs and Telcos hold an important key to solving the ad fraud problem at the macro level. However, the biggest challenge has always been about how to persuade ISPs and Telcos to join in this war on ad fraud. Recently, with Telcos expanding their business into the media space, could a new paradigm of incentive prompt Telcos to join in the war on ad fraud?
The Routine Activity Theory
Naturally, the uncovering of Methbot by White Ops last year, highlighted the ever threatening presence and commitment of motivated offenders in their pursuit for digital marketing ‘dollars’. Meanwhile, the global cyber-security professionals deal predominantly with online intrusions, privilege-access violations and ransom-wares like the ‘WannaCry’ of recents days that affected part of the NHS’s IT systems. Unfortunately Ad fraud is very often overlooked as just an ongoing marketing problem.
However, Digital Marketing is still an $83bn market (according to eMarketer 2017) and is still a big source of funding for a lot of the free online content that end users enjoy so much today. Previously, ad fraud specialist WhiteOps (White Ops, Inc. Association of National Advertisers , 2014) and other media publications (Mathew Ingram, 2015) reported that up to 60% of online ad traffic are from bad bots. Moreover, according to (FELSON, 1979) this trajectory will continue for as long as these three factors also holds true:
A suitable target
The ISP countermeasure
The uncovering of ‘Methbot’, re-ignites the debate that the offenders are still around, sometimes hiding behind data centers, sometimes hiding behind compromised end-users machines, but always working on how to reverse engineer whatever ad fraud detection solution thrown at them. Unfortunately, most ad fraud countermeasure solutions reside at the data level of the OSI model (below). Despite the fact that the lower down the OSI model, the more effective the defence. E.g Firewalls are at the ‘Transport layer’ of the OSI model and control access to companies internal network. A study by Nevena Vratonjic (2010) showcased how content owners could benefit from working with ISPs to effectively fight bad botnets and the bilateral economical requirements for the successful partnership.
The Network Layer Strategy
Essentially, dealing with the ad fraud problem at the ‘Network layer’ of the OSI model would be ideal to the detection and remediation of suspicious traffic. Nevertheless, an effective ISP led ad fraud countermeasure strategy would need to be at worst cost neutral, or at best cost positive for the ISPs or Telcos to participate. These two factors should motivate ISPs to take on the much needed role of ‘capable guardians’ as defined in the routine activity theory.
Recently, traditional Telcos such as Verizon and Singtel have expanded their business from their network layer into the application layer through a number of business acquisitions. Increasingly, their new economic interest with the application layer will create a new paradigm, one where ‘capable guardians’ can start forming against ad fraud. Presumably, they would give botnet designers a new system filtering layer to overcome, one which is not easily reverse engineered. Inevitably, the decade old M3AAWG (Messaging, Malware and Mobile Anti-Abuse Working Group) will get a lot busier, especially within its members for ABCs for ISPs.
The days of a safer internet, this virtual world utopia with less bad bots presence and flying unicorns will increasingly depend on the users chosen ISP or Telco provider. Even so, concerning cybercrime, shouldn’t more be done by governments around the world – to encourage the engagement of more ISPs and Telcos in the needed role of ‘capable guardians’?
Posted by Kenneth White-Dowe, Ad Technology Manager