Denial of Service attack on the victim’s source of ad revenue, Google AdSense

    We expect services to protect themselves from fraudulent activity. Automated services tend to be particularly tempting to unscrupulous individuals that seem to think that they can pull one over on an unmanned operation. So it makes plenty of sense for Google AdSense to be constantly vigilant for any bot activity trying to extract artificial ad views to collect on the bounty of ad revenue. But what if our fences become cages?

    Security researcher Brian Krebs details a new extortion scheme that recently targeted one of his readers involving a Denial of Service attack on the victim’s source of ad revenue, Google AdSense. The attacker threatens the victim with the loss of revenue by flooding the victim’s website with traffic that is indicative of fraudulent activity. It seems obvious how a criminal mind would use fraudu-

lent activity to create false views to draw upon the stone of advertising wealth, but the effort of keeping up with defensive algorithms might just not be worth the trouble if shaking down the customer is easier. Why break into the ATM when you can threaten the card holder?

    The extortion note sent to the victim details how there will be an increase in fraudulent traffic that will trigger an investigation by Google. This might increase ad revenue for a short while, but they’ll maintain the attack if they don’t pay up. The attacker then claims that Google will award a permanent ban if the attack persists. All this will go away if the victim simply pays up a five thousand dollar fee in the form of Bitcoin. Or at least, that’s what they claim. The attacks are situated best against victims who have significant traffic on their site already meaning that they most likely rely on that ad revenue for income and would be more inconvenienced by paying than they would be bankrupted otherwise the attacker’s efforts would all be wasted.

    Google claims that the best course of action when subject such forms of sabotage is to contact the AdSense help center immediately and to discontinue any contact with any persons who would threaten such fraudulent actions. Contacting their Ad Traffic Quality team will lead to an investigation into the traffic and will allow Google to monitor and evaluate the traffic. Hopefully this will enhance the ability for AdSense to employ their extensive safeguards which filter out any fraudulent page views to then protect both the advertisers and the customers of AdSense.

Sources:

·        https://krebsonsecurity.com/2020/02/pay-up-or-well-make-google-ban- your-ads/

·        https://network-times.com/general/new-blackmail-mail-demands-bitcoin- payment-from-google-adsense-users/

·        https://threatpost.com/hacker-scheme-threatens-adsense-customers-with

-account-suspension/152943/