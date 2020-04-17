White Ops, a cybersecurity company and bot detection platform, has discovered a massive online fraudulent operation that, for a few months now, has been mimicking smart TVs to trick online advertisers and to make untapped profits from online ads. .

White Ops has dubbed it the ICEBUCKET operation, and described it as “the most important case of SSAI forgery” so far.

According to a report released today and shared with ZDNet, the ICEBUCKET group was abusing Server Side Side Insertion (SSAI) technology.

Online advertisers use SSAI servers as an intermediary between their ad platforms and end users. SSAI servers work by sending ads to applications that run on consumer devices. These devices can be computers, smartphones, tablets, smart TVs, play boxes and devices like Chromecast.

SSAI servers are popular today because they do not hamper application code and allow advertisers to control which ads are displayed on real-time consumer devices.

Image: White Ops

But White Ops researchers say the ICEBUCKET group has discovered weaknesses in the SSAI server’s communications mechanism.

For the past few months, the gang has been using this weakness to connect to SSAI servers and solicit ads for display on non-existing devices.

Because the CPM (cost per 1000 impressions) fees paid for ads on smart TVs and other connected TV devices are higher than others, the ICEBUCKET group concentrated most of its efforts on these two types of devices.

White Ops says ICEBUCKET mainly causes spiked CTV (Connected TV) devices, such as Roku playback units, Samsung Tizen Samsung TVs, the now-defunct GoogleTV, and Android-based streaming devices.

Image: White Ops

White Ops says ICEBUCKET provided more than 1,000 different device types (user agents) with more than 2 million IP addresses located in more than 30 countries. Most of the bad traffic came from smart TVs located in the United States, the company said.

White Ops peaked in January, according to the ICEBUCKET band, which generated around 1.9 billion ad requests to SSAI servers a day.

The operation was so huge that nearly two-thirds of CTV’s SSAI ad traffic in January 2020 came from non-existent devices that were created by the ICEBUCKET crew.

It is not clear who is behind ICEBUCKET

In addition, the ICEBUCKET band used more than 300 application IDs to request ad traffic on behalf of non-existent devices. These application identifiers are the applications and financial mechanisms through which the group collected its ill-earned advertising profits.

However, at the time of writing, research on the ICEBUCKET gang is still ongoing.

White Ops says it has not yet been able to tell if the ICEBUCKET gang operated the 300 application IDs alone or if the gang only operated a small number and sent fake ad traffic to other applications to hide their tracks.

There is also a second possibility that ICEBUCKET is running a Fraud-as-a-Service platform, which allows application developers to order fake “ad samples” for their applications for a profit.

“At this time, we cannot make a conclusive determination between these two possibilities. There is a possibility that both options may be at stake, depending on the particular subset of the.

the traffic in question, “said the White Ops team.

In the future, White Ops experts believe that campaigns similar to ICEBUCKET will be multiplied. The main reasons are that SSAI is widely used throughout the industry, opening the door to widespread abuse and because of the high CPM rates paid by smart TV users it will likely also attract ICEBUCKET playback copies.