Endpoint
10/1/2013
04:17 PM
Dark Reading
Dark Reading
Products and Releases
Connect Directly
RSS
E-Mail
50%
50%
Repost This

Bots Beware: White Ops Launches New Technology To Distinguish Computers Used By Actual Humans From Those Taken Over By "Bots" Defrauding Advertisers

Solution introduces "Cost per Human," the real cost of reaching humans who will ultimately buy products or services

NEW YORK, Oct. 1, 2013 /PRNewswire/ -- Most people's email just isn't that interesting, but hackers compromise millions of computers a month in homes and offices nonetheless. So what are hackers really after? By putting "bots"--automation software, pretending to be human--on these millions of compromised computers, the bad guys are able to generate billions of fake ad views, resulting in staggeringly large cash payouts without detection or consequence. That is about to change. White Ops, a company launched by leaders in cyber-security and digital marketing, introduces today the first systematic solution for accurately isolating and eliminating bot-infected traffic from advertising campaigns.

(Logo: http://photos.prnewswire.com/prnh/20131001/NY88450LOGO )

"We have spent over a year tracking the bad guys attacking advertising," says White Ops CEO, Michael Tiffany. "This code started out robbing online banks--but apparently, it's easier, safer, and more profitable to steal from the $36 billion spent yearly on online advertising."

Dan Kaminsky, Chief Scientist of White Ops and the well-known security researcher who led the all-time largest synchronized fix to the Internet, adds, "Ad fraud has become the primary cash out point for Internet fraudsters. This is what is getting average people's computers broken into, compromising their privacy and undermining the very foundations of Internet safety. Something must be done, and we're doing it."

Kaminsky continues: "Some people assume fraud is just a 'cost of doing business,' and is evenly distributed at some affordable single digit rate. What we are actually finding is wide variability--some sites are remarkably clean, with less than a percentage point of fraud. Others have fraud rates exceeding 90%." Tiffany concludes: "It's not merely the 'dregs of the Internet' that get infested. Major properties are getting raided. They often don't know. We're helping them find out and stop paying these thieves."

The fundamental consequence is that anyone who pays for advertising on the Internet is likely paying for ad impressions that never actually occur, rending the traditional advertising metric of CPM (cost per thousand impressions) meaningless.

The White Ops solution introduces the fundamental metric that matters: "Cost per Human," the real cost of reaching humans that will ultimately buy products or services--not bots, which do nothing but falsely inflate metrics.

By applying the techniques of Side Channel Analysis (the practice of looking at specific characteristics of a signal to determine the nature of the signal

itself) to review several thousand variables in signals leaked during individual user sessions, White Ops is able to accurately differentiate, in real time, between a human and machine-driven ad request, regardless of the sophistication of the bot programmer. This approach varies from the methods generally employed by current fraud detection services, which rely on statistical and predictive analysis to detect impression fraud. While that type of anomaly detection has its strengths, it is usually dependent upon a large body of historical, static data that, at most, uncovers simple, unsophisticated methods of fraud. This makes it difficult to detect the more advanced bot types that incorporate randomness and change in their behavior models.

White Ops has leveraged an array of techniques, culled from the world of computer security, to develop what the company refers to as "botprints," for the full spectrum of impression and click fraud techniques. This real-time detection algorithm determines, with a high level of confidence, whether the browser was under the control of a bot during the time of the ad or page request.

White Ops is a member of the Internet Advertising Board (IAB) and works closely with the advertising industry as partners and allies in the fight against fraud and for better content on the Internet. Chairman of White Ops, Jon Bond,

comments: "Bots have created a crisis of confidence in the online world that is threatening the entire ecosystem. We can't keep sweeping it under the rug. If clients knew the facts, they wouldn't stand for it."

White Ops is made up of an elite team of scientists and engineers from outside the ad industry, with a deep and significant background in cyber defense and

security:

-- CEO Michael Tiffany was Chief Software Architect at Mission Assurance

Corporation, a pioneer in space-based computing and Big Data, and is a

co-founder and lifetime Research Fellow of a DARPA-funded security lab.

-- Chief Scientist Dan Kaminsky "saved the internet" (WIRED) by secretly

convening every major vendor affected by what is now known as the

Kaminsky Bug in DNS and coordinating a cooperative fix.

-- CTO Tamer Hassan worked in Big Data analytics for advertising and white

shoe law firms, and is also a combat Search and Rescue helicopter pilot

in the U.S. Air Force.

-- General Counsel Ash Kalb is a former Skadden, Arps M&A lawyer with

experience providing legal expertise to a variety of companies in the

tech industry. He is also the founder of Singularity & Co.

-- Chairman Jon Bond is the co-founder of Kirshenbaum Bond + Partners, a

New York City advertising agency that pioneered guerilla marketing

techniques and is credited with being the first "modern" integrated ad

agency. Jon is currently the "Chief Tomorroist" at Tomorro LLC, a

company that provides financial and strategic advice for new and growing

companies of high potential value. Using his vast range of expertise and

experience, Jon advises White Ops on all aspects of the ad industry.

The White Ops team has pursued criminals across a variety of enterprises, from Defense projects to digital bank robbery, and is now focused on attacking ad fraud with its proprietary technology and methodology. White Ops works with brands and publishers to rank their advertising channels in terms of Cost per Human, allowing for more cost-efficient investment in digital advertising and dramatically improved results. White Ops allows clients to determine exactly how many humans are looking at their ads, and make informed decisions about how to avoid criminals and design the most impactful ad buys. A shadowy network of criminal programmers created bots to steal billions of advertising dollars.

White Ops gives honest agents the capability and tools to fight back.

About White Ops

White Ops is a pioneer in the detection of and systematic defense against ad fraud cyber criminals to provide advertisers with greater effectiveness in their online digital advertising spend. With the goal of making ad fraud unprofitable and unsustainable, White Ops employs its world-class expertise in cyber defense and security to attack the covert ecosystem of automated bots, disguised as human interaction, that fraudulently interacts with online advertisements to illegally divert advertiser revenue to cyber criminals. White Ops' leading edge technology combats criminal activity in a significantly different and more comprehensive way, differentiating between bot and human interaction to reduce the number of fraudulent clicks an advertiser pays for and increase their conversion rate. White Ops delivers the only ad impression metric that matters:

Cost per Human.

Comment  | 
Print  | 
More Insights
Register for Dark Reading Newsletters
White Papers
Flash Poll
Current Issue
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2011-0460
Published: 2014-04-16
The init script in kbd, possibly 1.14.1 and earlier, allows local users to overwrite arbitrary files via a symlink attack on /dev/shm/defkeymap.map.

CVE-2011-0993
Published: 2014-04-16
SUSE Lifecycle Management Server before 1.1 uses world readable postgres credentials, which allows local users to obtain sensitive information via unspecified vectors.

CVE-2011-3180
Published: 2014-04-16
kiwi before 4.98.08, as used in SUSE Studio Onsite 1.2 before 1.2.1 and SUSE Studio Extension for System z 1.2 before 1.2.1, allows attackers to execute arbitrary commands via shell metacharacters in the path of an overlay file, related to chown.

CVE-2011-4089
Published: 2014-04-16
The bzexe command in bzip2 1.0.5 and earlier generates compressed executables that do not properly handle temporary files during extraction, which allows local users to execute arbitrary code by precreating a temporary directory.

CVE-2011-4192
Published: 2014-04-16
kiwi before 4.85.1, as used in SUSE Studio Onsite 1.2 before 1.2.1 and SUSE Studio Extension for System z 1.2 before 1.2.1, allows attackers to execute arbitrary commands as demonstrated by "double quotes in kiwi_oemtitle of .profile."

Best of the Web