Bots Disguised as IoT Devices Make Fake TV Ad Traffic

If you had written 20 years ago about a ‘smart’ refrigerator watching a television then people would have assumed it was a skit for a sci-fi comedy show. Welcome to the future, where your household devices can be exploited for a traffic pumping scam designed to rip off television advertisers! Per a press release from media measurement software business DoubleVerify (DV):

…DV Fraud Lab has discovered a new variant of the Connected TV (CTV) advertising fraud scheme, LeoTerra – which it first identified in July 2020. The new variant spoofs IoT (Internet of Things) devices, including smart refrigerators and smart watches, in an attempt to hide fraudulent behavior. DV estimates that LeoTerra’s latest variant has cost unprotected advertisers up to $10 million this year alone.

The core scam is to drive up the apparent number of viewers of television adverts by getting software on a device connected to the internet to behave like a real person watching television streamed over the internet. A basic control to detect such fraud relies on the fact that even the worst couch potato will change channel or switch off eventually, whilst a machine can, and will, watch on and on without ever taking a break. Fraudsters have responded to the slight improvement in controls by spoofing multiple real devices, thus making it appear as if a single machine is many different internet-connected devices that have independently been used to watch TV. However, the fraudsters were not that careful about ensuring the simulated devices would really have been capable of displaying a TV stream…

To spoof large numbers of devices, fraudsters often use online device information sources, where they download lists of devices and incorporate the device information inside their falsified ad requests. This makes it appear as if their fraudulent traffic is coming from millions of different devices.

In some cases, online device lists also include unique or invalid device information. The fraudsters behind LeoTerra downloaded an entire list of CTV and mobile devices from one of the popular online device information providers. This list, however, included more than just CTV and mobile devices – it also included IoT devices. Through the unique and invalid devices, DV accurately identified the fraudsters’ source for extracting their spoofed device data, catching the new variant and continuing to block its impact for customers.

The communications industry can exhibit peculiar double standards when assessing the risk of bogus traffic. Nobody suggested the 185 respondents to the 2021 RAG RAFMCS Survey were exaggerating when they reported global annual losses due to artificial inflation of traffic worth USD1.6bn. But when Twitter repeatedly reassured advertisers (and the rest of us) that bots represented less 5 percent of their accounts they were largely taken at their word despite only being able to outline limited and crude methods of distinguishing automation from real users. The explosive whistleblowing revelations of Twitter’s former security chief may finally prompt investors to be less complacent about management teams who have effectively been incentivized to play along with traffic inflation.

Netflix previously took a laissez faire attitude to password sharing but now needs to rapidly improve their competence at distinguishing wanted from unwanted traffic as they prepare to offer free ad-driven services for the first time. Identifying and disconnecting machines that simulate human users is set to become one of the top challenges for all forms of electronic communication. This will be crucial to preventing financial chicanery, combatting disinformation and even to protecting the planet, as pseudo-human traffic threatens to hog bandwidth and waste energy on an unprecedented scale. To win this battle, we will need more than slick technology and sophisticated controls. The reward packages for executives working in the comms sector must motivate them to tackle fraud like never before.

Eric Priezkalns
Eric Priezkalns
Eric is the Editor of Commsrisk. Look here for more about the history of Commsrisk and the role played by Eric.

Eric is also the Chief Executive of the Risk & Assurance Group (RAG), a global association of professionals working in risk management and business assurance for communications providers.

Previously Eric was Director of Risk Management for Qatar Telecom and he has worked with Cable & Wireless, T‑Mobile, Sky, Worldcom and other telcos. He was lead author of Revenue Assurance: Expert Opinions for Communications Providers, published by CRC Press. He is a qualified chartered accountant, with degrees in information systems, and in mathematics and philosophy.