A journalist’s investigation into click fraud has unearthed a proliferation of automated click fraud by “botnets,” and the alleged involvement of organized crime and terrorist groups.
Jim Hedger, a search marketing journalist and founder of Markland Media, made his findings known on his Internet radio show The Alternatives, broadcast on Webmaster Radio from the floor of Search Engine Strategies in Chicago on Wednesday afternoon.
He said that he began an investigation into click fraud following the recent $90 million settlement by Google, and he soon found evidence of widespread botnets, or networks of computers unknowingly running “clickbot” applications that produce fraudulent clicks on pay-per-click ads, like those on Google’s AdWords and other networks.
A Google spokesperson said the company is well aware of botnets, and has security measures in place to stop them from being used to commit click fraud. “We design our systems to catch bot-related attacks independent of specific methods, as a significant amount of malicious traffic is automated and, as a result of our efforts to filter suspicious clicks and terminate publishers who benefit, advertisers are protected,” spokesperson Barry Schnitt told ClickZ.
Hedger’s broadcast included allegations that some of these botnets were being run by terrorist organizations, but even Hedger says that is not the main focus of his story.
“I think the story is found in bots, scraped and parked domains. Daron [Babin, founder and CEO of Webmaster Radio] and I only said the word ‘terrorist’ once in the press conference, but with a word as politically and emotionally charged as that, once is enough,” Hedger wrote in a post on ThreadWatch.
“For me, it’s the botnets. The fact that terrorist organizations are using them is like organized crime using them. We know it’s happening,” Hedger told ClickZ.
According to Hedger, he has proof of the clickbot activity supplied by one of the litigants in the Lane’s Gifts v. Google case, Clarence Briggs, CEO of hosting company AIT Corp. Briggs alleges that Google was allowing a large number of off-shore clicks on one of AIT’s AdWords campaigns, when AIT had requested a U.S. and Canada-only campaign. Many of those off-shore clicks came from botnets, he said.
Further research by Hedger revealed alleged links to Hezbollah, Hamas and Al Qaeda groups, some of whom had set up sites on Google’s Orkut social networking service. A screen shot of one Orkut group that appears to be sympathetic to Osama Bin Laden shows Google’s ads alongside. However, those ads would not generate any income for the group itself, since the ads are on a page belonging to Google. Besides that, the ads in question appear to be ads for charity groups, which do not pay for clicks. Google will often run such public service ads when the content appears to be objectionable or cannot be properly categorized.
According to Schnitt, Google has not seen any evidence that any organized crime or terrorist groups have ever made any money via click fraud on the AdSense network. Sites involved in illegal activities are prohibited by Google’s terms of service, and Google regularly checks sites for suspicious content or association with a known illegal organization, he said.
Any clicks found to be fraudulent are filtered out of an advertiser’s account, and the AdSense partner’s account is suspended or terminated.
A more significant allegation by Hedger is his contention that he has spoken with someone in Fallujah, Iraq, who set up blog networks serving Google AdSense advertisements to benefit Iraqi insurgency groups. Hedger declined to provide details, but said he will be releasing more information in the coming weeks on his WebMasterRadio show.
Because the botnets are distributed across hundreds or thousands of individual computers, each with a different IP address, it can be difficult to identify the clicks that are generated by them as fraudulent. When they are written well, these clickbots are able to mimic human click behavior, Hedger said.
The botnets are directed to click on ads owned by an individual or group that has set up a “front” account, with a company and bank account that is not directly related with the terror organization. Google charges advertisers for these ad clicks, and shares the revenue with the site owner. Sophisticated botnet operators can make it nearly impossible to track their activities, by shifting company names, bank accounts, and IP addresses multiple times, Hedger said. Hedger described some of his research into botnets in an article at SiteProNews.
While botnets are a more sophisticated tactic, Google’s methods are designed to catch such automated attacks, Schnitt said.
“The principle difference between a botnet and a regular bot-based attack is that the attack is spread across multiple computers, and IP addresses. However, IP address is only one of hundreds of signals we examine. Merely varying IP addresses and spreading traffic across machines does not allow someone to accurately spoof all of our signals,” he said.
Google has long maintained it is doing everything possible to combat click fraud, and that it filters out more invalid clicks proactively, before they are billed to an advertiser, than it receives complaints about after billing. As part of the class-action settlement, Google submitted to an independent investigation, which determined that its efforts to prevent click fraud were “reasonable.”
Concern over click fraud continues to grow, with several companies reporting that it is more widespread than Google would have the world believe. Google itself issued a report in August dismissing those audits based on faulty measurement methods. SEMPO, the Search Engine Marketers Professional Organization, has teamed up with Fair Isaac Corp. to conduct an industry-wide study. Results from that study are expected in early 2007.
Google has attempted to share more information with advertisers on the number of invalid clicks it detects, recently adding metrics to advertiser accounts to track invalid clicks more closely.