Denial of Service attack on the victim’s source of ad revenue, Google AdSense

    We expect services to protect themselves from fraudulent activity. Automated
tend to be particularly tempting to unscrupulous individuals that seem to think that they can pull one over
on an unmanned operation. So it
makes plenty of sense
for Google AdSense to be constantly vigilant for any bot activity trying to
extract artificial ad views to collect on the bounty of ad revenue. But what if
our fences become cages?

researcher Brian Krebs details a new extortion scheme that recently targeted
one of his readers involving a Denial of Service attack on the victim’s source
of ad revenue, Google AdSense. The attacker threatens the victim with the loss of
revenue by flooding the victim’s website with traffic that is indicative of
fraudulent activity. It seems obvious how a criminal mind would use fraudu-

lent activity
to create false views to draw upon the stone of advertising wealth, but the effort
of keeping up with defensive algorithms might just not be worth the trouble if
shaking down the customer is easier. Why break into the ATM when you can
threaten the card holder?
    The extortion
note sent to the victim details how there will be an increase in fraudulent
traffic that will trigger an investigation by Google. This might increase ad revenue
for a short while, but they’ll maintain the attack if they don’t pay up. The
attacker then claims that Google will award a permanent ban if the attack persists.
All this will go away if the victim simply pays up a five thousand dollar fee
in the form of Bitcoin. Or at least, that’s what they claim. The attacks are
situated best against victims who have significant traffic on their site already meaning
that they most likely rely on that ad revenue for income and would be more
inconvenienced by paying than they would be bankrupted otherwise the
attacker’s efforts would all be wasted.

    Google claims that the best course of action when subject such forms of
sabotage is to contact the AdSense help center immediately and to discontinue
any contact with any persons who would
threaten such fraudulent actions.
Contacting their Ad
Traffic Quality team will lead to an investigation into the traffic and will
allow Google to monitor and evaluate the traffic. Hopefully this will enhance
the ability for AdSense to employ their extensive safeguards which filter out
any fraudulent page views to then protect both the advertisers and the
customers of AdSense.