Stealth Hacking
If you were a bad guy, and you could easily steal billions of dollars with a tiny possibility of detection and no possibility of consequences even if you were detected, why wouldn't you?
Capital Thinking • Issue #759 • View online
The recent alarming revelations of Russian hacking of 250 US Government agencies, which went undetected by our most sophisticated cybersecurity defenses including the military’s Cyber Command, the National Security Agency, and the Department of Homeland Security must lead us in the marketing business to reevaluate our thinking about ad fraud.
The Inescapable Logic of Ad Fraud
Bob Hoffman | The Ad Contrarian:
The scope of online ad fraud has been argued about for years by computer scientists, software engineers, cybersecurity analysts, advertising media specialists, and independent researchers.
On one side we have advertising and marketing trade organizations, agencies, and their security consultants who tell us that ad fraud is a minor problem that is being well-defended and, in fact, is shrinking annually.
On the other side we have independent researchers who tell us that ad fraud is a massive problem (recently estimated at over $60 billion) that is becoming harder to identify and is growing dangerously.
Both sides provide metrics and data that purport to prove their point.
Who should we believe?
I would like to argue this proposition from a new point of view – from the point of view of those of us who are not computer scientists and cannot interpret the impenetrable computer code that underlies cyber theft, and with the added knowledge of the recent shocking revelations about undetected hacking.
Rather than a mathematical or data driven argument, I will present a theoretical argument. Instead of data, I will provide logic.
Let’s start with indisputable facts:
- The online advertising marketplace trades over $300 billion annually via computer systems.
- Hackers - in particular state sponsored hackers - have recently been shown to have the ability to penetrate some of the most “secure” systems in the world, undetected.
- Every person, business, or government agency that has ever been hacked had authoritative assurances that it was secure – until it turned out it wasn’t.
- There are a multitude of ways that criminal actors have discovered for extracting money from the adtech ecosystem.
- Gaming the programmatic ecosystem (which transacts about 80% of online ad activity) has been shown to be astoundingly simple.
- There is no international governing authority, and consequently there are no cross-border penalties, for committing online ad fraud.
Now some assertions on my part:It is folly to believe that hackers who can penetrate systems protected by the US military’s Cyber Command, the National Security Agency, and the Department of Homeland Security without detection could not easily penetrate adtech systems without detection.
There are governments in the world with both very sophisticated technology operations and economies that would massively benefit from the addition of billions of dollars.
Now some logic:
Photo credit: Nahel Abdul Hadi on Unsplash