If you were to ask me which area of cybercrime was the most profitable for criminals, you might be surprised by the answer.
It was an unexpected discovery for me and my co-founders almost ten years ago: we were looking for the place where our bot detection ideas would have the greatest impact, and it turned out that the digital advertising ecosystem was rife with bot fraud. Billions of dollars were—and are—stolen each year from brands, publishers, and advertising technology organizations by fraudsters.
Some of these fraudsters simply set up botnet operations to click on tens of millions of fake ads on empty websites they owned, so they could siphon off enough cash to cover their expenses for the weekend. Others were peeling off thousands or millions of dollars every day.
In 2018, we worked with the FBI, Google, Facebook and a host of other organizations to take down one of the largest of these botnet operations - a cybercriminal network called 3ve. The 3ve takedown came on the heels of our work on Methbot, which recently concluded with a guilty verdict for the operation’s ringleader. This was a landmark achievement within cyber defense. More recently, we worked with our friends in The Human Collective, Google, and Roku to disrupt PARETO, the most sophisticated CTV-focused botnet ever uncovered.
But 3ve, Methbot, and PARETO were just a few operations. Even though the people behind 3ve were indicted and several are currently behind bars, there’s always another fraudster ready to step up and try something new.
What we figured out was that in order to really combat bot fraud—and indeed, cybercrime as a whole—we have to change the economics of the whole deal. That means making the costs of carrying out an attack so expensive, or the consequences of getting caught (like prison) so high, that fraudsters won’t even bother trying.
Developing a technological solution to an economic problem, though, is much harder than developing a technological solution to a technological problem.
Safety in numbers
There’s an old anecdote I’ve heard that high school sports coaches like to use. They’d walk into the huddle and ask one player to snap a pencil in half. And the player had no trouble doing that, obviously. Then the coach would hand the same player a whole bundle of pencils and instructed the player to break the whole bundle. And the player couldn’t - the combined strength of the pencils together made it impossible for the outside force to break it.
Our concept of “collective protection” is similar to that bundle of pencils. When a cyber attack on any one of our partners becomes a defense for all of our partners; we form a bundle of partners that grow stronger with each new partner and each new defense that we build.
HUMAN’s unmatched visibility into internet interactions (more than ten trillion verified each week) combined with our multilayered detection methodology offers us a unique perspective on fraud and abuse perpetrated by sophisticated bots. As our community of partners and customers grows and the number of interactions we verify rises, so does our ability to fight fraud and abuse across the entire internet. And our threat intelligence and detection teams make HUMAN the only organization able to go on offense and find new attacks and attackers before they’re able to target our community. It’s a mutual feedback loop of knowledge and insight into bad actors, which leads to new techniques to protect everyone.
Raising the price on cybercrime
This approach disrupts the traditional economics of cybercrime. Collective protection means fraudsters can’t simply move on from one unsuccessful target to another, when the entire ecosystem is protected from that particular attack. When there are fewer and fewer targets available for an attack, that attack becomes less lucrative for the fraudsters. And when so much of the ecosystem is being overseen by a collective protection framework, the amount of time an attack has to monetize between deployment and discovery shrinks dramatically. Adding dramatic consequences—like prison—puts even more risk into the equation for fraudsters.
There’s simply less money on the table for fraudsters to snatch at, because their attacks will be identified and blocked faster than ever before. And when an operation is shut down, fraudsters are either put in jail or have to start from scratch by finding new ways to try and exploit the systems in place to grab a piece of the pie.
When all of the “easy” attack vectors are covered, the attacks that follow get increasingly contrived and complex. And the more complex an attack, the harder it is for the fraudsters behind it to have found and actually built the mechanism behind it.
And then all of the partners find it and block it so the whole cycle starts over, but now with yet another vector protected from fraud.
That’s how the economics of cybercrime is disrupted: it becomes more expensive and time-consuming for attackers to develop ever more complex mechanisms to go after their targets, and the window of opportunity continues to shrink with more partners joining . At some point, the see-saw flips and it’s no longer worth it for the attackers to continue to try.
Going on offense
While the partners are protected, they shouldn’t sit back and invite the attack. We can expedite that inflection point by playing some offense of our own. When you’ve got a group of partners large enough, the protectors find themselves in a unique position: they’re able to begin running counter offensives to root out the attackers and develop defenses even before the attackers are able to deploy a new mechanism.
In the context of cybersecurity, that can take the form of disinformation campaigns on the part of the defenders, leading attackers to believe that attacks have been successful or undetected, while in fact gathering information to reverse-engineer and identify the culprits. It can mean finding attackers’ hiding spots and learning about operations yet to be deployed and building plugs for those holes in the wall to send attackers back to square one before they’ve made a dime off their work. And it can mean shifting the weights on that see-saw further in the opposite direction to flip it sooner than it might have.
It changes the game.
Yes, there will always be fraudsters out there, trying to capture what they can. But the more partners involved working together in a collectively protected ecosystem—at a scale of trillions of verified interactions—the faster those attackers will be stopped or get caught, and the less damage they’ll be able to do.
Cybercrime is an economic problem as much as it is a technological one. But we have the capacity to solve it with technology and collaboration, and it only requires everyone to combine knowledge and leverage resources through collective protection. If we do that right, we will win.