November 9th 2021
To the Court:
I am writing to you regarding the sentencing hearing on Wednesday, November 10th, 2021, for Aleksandr Zhukov in the “Methbot” advertising fraud case.
Advertising fraud (ad fraud) is the scourge of the global digital economy. Bank robbers used to steal from banks “because that was where the money was”, but as the business world transitioned from brick and mortar to an electronic base of operations, cybercriminal rings formed to exploit new vulnerabilities. This new breed of criminal focused primarily on the financial services industry and their customers through cyberattacks aimed at stealing people’s identities in order to transact billions of dollars in fraudulent activity. Today, these same criminal organizations now focus their efforts on impersonating real people in order to steal billions of dollars in advertising spend. Their efforts are just as nefarious and economically damaging as the bank robbers of old and modern-day identity thieves. We urge the court to treat this case with the same gravity as past fraud cases and to issue a sentence that matches the severity of the crime.
By way of background, The Trustworthy Accountability Group (TAG) is the leading global initiative fighting criminal activity and increasing trust in the digital advertising industry. TAG advances its mission of eliminating fraudulent traffic, facilitating the sharing of threat intelligence, and promoting brand safety by connecting industry leaders, analyzing threats, and sharing best practices worldwide. The 700+ member TAG community includes the world's largest and most influential brands, agencies, publishers, and ad tech providers.
Many of our members were directly harmed by Methbot. However, the harm caused by Mr. Zhukov extends to entire digital advertising industry. This was evident when TAG partnered with WhiteOps/HUMAN to expose Methbot more broadly. As law enforcement concluded their evidence gathering, we called a briefing of our membership, and with just 36 hours-notice we had over 200 participants.
Digital ad fraud has been a persistent brand safety challenge for the industry. While advertisers expect their content will be viewed by legitimate consumers with the potential to buy their products and services, criminal organizations have attacked the digital ad ecosystem and defrauded legitimate participants in the supply chain. As a result, advertisers may end up paying a material portion of their campaign dollars to criminals who generate ad impressions that are never seen by legitimate consumers. The 2019 ANA/White Ops Bot Fraud study estimated that advertisers lost $5.8 billion that year globally to bot-generated, invalid traffic (IVT).[1] This type of research measures just the direct economic losses due to ad fraud, but the secondary harms are just as impactful. If marketers do not trust that they are getting what they pay for, they will direct their advertising spend to other markets, such as TV, Out-of-home, and print, or perhaps simply decrease their spending.
Furthermore, the digital advertising industry is being forced to expend vast resources to combat ad fraud. Threats posed by Methbot and other attacks have heightened the digital advertising industry’s awareness and subsequent investment in cybersecurity. While it is too early to measure these costs, we can expect to see similar investments as the financial services industry, where companies spend an average of .3% of revenue on cybersecurity. It is estimated that the average cost of cybercrime per financial services company is $18.5 million annually. [2] These threats are clear and present, as indicated by TAG’s designation by the U.S. Department of Homeland Security as the industry’s first Information and Sharing Analysis Organization (ISAO).
It is not just the investments in cybersecurity that impact the industry. It is now commonplace for agencies, ad technology companies, and web publishers to invest in anti-fraud detection services. These services are usually provided by independent “Measurement Services” and can cost millions of dollars per company annually. While we do not know exactly how much is spent on such valuable services, several measurement services companies have recently been valued in the billions of dollars (DoubleVerify and Integral Ad Science each went public this year with a market value of $4 billion and $3.3 billion respectively). These costs are the direct result of attacks like Methbot.
Lastly, American citizens are directly impacted by ad fraud. Economics 101 classes teach us that when the costs of goods sold goes up, those costs are passed along to the consumer. Marketers are losing billions of dollars in ad spend. Advertising is treated as an ordinary business expense under the U.S. Tax Code, thus increasing the cost of each good sold by marketers. As outlined above, the digital advertising industry is investing millions of dollars into preventing ad fraud. This further increases the cost of advertising. So just as bank customers must absorb the cost of the security guard at the entrance and surveillance cameras behind the glass partitions; just as the online investor must absorb the cost of the 2-factored log in system and supporting cybersecurity team; so too must the average, everyday consumer absorb the cost of more expensive advertising and massive investments in anti-fraud services that increases the price of everything from toothpaste to automobiles.
Thank you for taking TAG’s perspective into consideration in this important sentencing process.
Mike Zaneis
CEO, Trustworthy Accountability Group
[1] https://www.ana.net/content/show/id/54065
[2] https://bricata.com/blog/financial-services-cybersecurity-statistics/