By Michael Tiffany, Co-Founder and President at White Ops

Mass Social Media Manipulation, Identity Harvesting and New Types of Fraud

2019 proved to be a positive year in the fight against ad fraud. Research uncovered that the total amount lost to fraud this year will be down 11% from the same study a couple years ago. That said, it's still a $5.8 billion problem, and while progress is good, more progress is better. Less sophisticated cybercriminals abandoned their fraud schemes this year, but that leaves the smartest fraudsters still out there for us to find.

We saw larger nation states weaponizing social media channels and platforms to influence large groups of people. The rise of internet-connected TV (CTV) created new avenues for fraudsters to explore and exploit. As defense tactics evolve to combat new threats, cybercriminals are in turn getting smarter. Some are even returning to their old tricks.

In thinking through what transpired in 2019, here are my top predictions for 2020:

The Ability to Manipulate Social Media at Scale Will Be Democratized

We have already seen how nation states can weaponize social media platforms to influence different groups of people. In 2020, the ability to do mass social media manipulation will democratize. What started with elite nation states will become increasingly available to others, including breakaway states and transnational groups. Key to this democratization is the use of bots. With an army of bots, especially botnets built out of real people's computers, anything can be made to look popular. Today, cybercriminals use that capability to make money in ad fraud, by selling visits (or plays or installs... bots can be programmed to take any action you pay them for). Want your website to be more popular? Pay a botnet to get visits from all over the world. Or get the bots to play your new song, or to reshare your content, or add a comment. You can see how the same technique could be used to make extreme propaganda look popular, to make it look like it's trending, to make it look recommendable. And the people who want to put out that propaganda don't need to know how to run a botnet themselves; they just need to find and pay the same botnet operators doing ad fraud. Botnets can't make propaganda, but they can amplify it across the world.

As platforms raise new defenses against fraud, cybercriminals will shift their focus to softer targets, not giving up until the defenses are raised everywhere

Successful botnet operators adapt and evolve their bots to go undetected. Over time, the bots become more lifelike and easier to detect. And, unless they get shut down and arrested, smart botnet operators leave the platforms that catch them and swarm to the platforms that can't. This is exactly what we have seen in ad fraud. And, of course, the same principle applies to fake plays, fake listens, and social media manipulation.

I also spent time talking to my fellow Humans at White Ops, diving into their reflections from 2019 and what they think is ahead in 2020. Here are their thoughts: 

Tamer Hassan, Co-founder and CEO: As Organizations Shift to Identity Targeting, Cybercriminals Will Harvest False Identities

Cybercriminals have witnessed how dependent organizations have become on identity targeting, therein lies the opportunity. In 2020, identification will become harder as cybercriminals start to leverage identity targeting to harvest and sell bot identities. Cybercriminals are mastering both how to look more human-like and how to look like more humans. As part of this process, identity harvesting will emerge in a big way. This will entail growing an identity for an extended period of time, eventually creating millions of fake users who can talk and interact with one another. For example, fake social media accounts could be linked to posting fake reviews, and even fraudulent credit cards and bank accounts. Consumers will rely more on brands to police these fake profiles and fake account networks while organizations must utilize technology to combat accounts that are negatively impacting their brand and network.

Jonathan Tomek, Manager, Detection: Old Tech Tools Will be Used to Commit New Types of Fraud

Even with all the next-gen technology available, some cybercriminals are still turning to old tricks to commit fraud. In 2020 we can expect to see bad actors using devices such as VPN's to make it virtually impossible to trace where they are located. We are also seeing a technique called "monkey-patching," generally used in software testing to allow developers to shut off certain aspects of software, being repurposed for fraudulent purposes, such as disabling "close" buttons on pop-up ads.

##

About the Author

Michael Tiffany is the least talented person at White Ops. He cofounded the company to attract the kind of people who wow him, and to focus their energy on a new way of protecting people in the interconnected future. Michael's founding vision for White Ops is to make people more secure by making them less attractive targets, by disrupting the profit centers of cybercrime. Tiffany is also a lifetime Technical Fellow of Critical Assets Labs, a DARPA-funded cyber-security research lab, and a Subject Matter Advisor for the Signal Media Project, a nonprofit promoting the accurate portrayal of science, technology and history in popular media. And he is a member of the old school white hat hacker collective ninjas.org.