Just announced: HUMAN’s Satori Threat Intelligence and Research team has disrupted a cunning mobile advertising fraud campaign dubbed Konfety.

White Ops, Google Dismantle Massive Online Fraud Operation Named ‘3ve’

Department of Justice Arrests Three ‘Bot Kingpins’ from 3ve and Methbot Global Fraud Syndicates, Indicts Five More Involved

NOVEMBER 27, 2018 – NEW YORK – White Ops today announced that it has dismantled one of the most sophisticated ad fraud operations to date in collaboration with Google and other key partners. This complex and ever-shifting global network of malicious bots, named “3ve” (pronounced “Eve”), infected at minimum 1.7 million computers at any given time, counterfeited more than 10,000 websites, and generated between 3 to 12 billion requests per day to sell fake online advertising. Today, the U.S. Attorney’s Office for the Eastern District of New York announced criminal charges associated with perpetrators behind 3ve. Charges were also brought against perpetrators behind Methbot, an operation unveiled by White Ops in 2016.

“Today, we have helped the industry create real consequences for actors behind mass exploitation,” said White Ops CEO Sandeep Swadia. “Fraud operations like 3ve bring distrust and instability to the Internet by compromising everyday people’s computers, stealing from businesses, and robbing content publishers. The dismantling of 3ve, along with law enforcement’s actions to hold the individuals accountable, is an important milestone for the digital advertising ecosystem and for billions of humans who rely on a safe and open Internet.

3ve comprised three complex sub-operations, each designed to evade detection. The operators behind 3ve built an intricate and evasive system by exploiting various techniques, such as infecting everyday users’ computers, remote controlling hidden browsers, stealing corporate IP addresses and counterfeiting websites. 3ve generated revenue by selling ad spaces on counterfeited premium websites and sending fake audiences to real websites.

“3ve was remarkably sophisticated,” added Tamer Hassan, CTO of White Ops. “It showed every indication of a well-organized engineering operation with best practices in software development. It exhibited reliability, resilience and scale, rivaling many state-of-the-art software architectures. To unravel the internal mechanics of such a fraud operation requires a multi-layered approach of real-time detection and prevention.”

To combat 3ve, White Ops and Google formed a broad alliance. This alliance of nearly 20 companies spanning ad tech, security, and internet infrastructure worked together to better understand this threat.  All the while, White Ops deployed countermeasures to protect its customers and worked with the alliance to covertly hunt for 3ve, eventually dismantling it.

“Too often, the fight against fraud seems like a game of whack-a-mole,” added Swadia. “Fraudsters, when discovered but not caught, can go underground, only to pop up across the street later. This time it was different. We are truly grateful to all companies for their spirit of unity and collaboration in this endeavor.”

Today also marked another win in the fight against ad fraud, as law enforcement brought charges against the operators behind Methbot: a major bot farm in operation until White Ops exposed its IP addresses in December 2016. The Methbot crimes were orchestrated by a group of Russia-based operators that defrauded major U.S. media companies and brand advertisers.

For more information on 3ve, including a link to the white paper jointly released by White Ops and Google, please visit https://www.whiteops.com/3ve.

Further information on Methbot can be found by visiting https://www.whiteops.com/methbot.


About White Ops

White Ops is a cybersecurity company that protects the Internet from automated threats and malicious bot activity. White Ops is the platform of choice for some of the world’s largest Internet businesses. For more information, visit www.whiteops.com.