Oracle announced the discovery of “StreamScam,” the largest known connected television (CTV) ad fraud operation exposed ever. The StreamScam operation exploited flaws in CTV ad serving technology to fool advertisers into paying for ads that were never delivered to households. The operation spoofed more than 28.8 million U.S. valid household IP addresses, including approximately 3,600 apps and 3,400 unique CTV device models. The usage of valid household IP addresses demonstrates the sophistication of StreamScam compared to previous CTV ad fraud operations. By comparison, the largest prior CTV ad fraud operation had been ICEBUCKET, which involved two million spoofed household IP addresses, 300 app IDs, and 1,000 CTV device IDs.
StreamScam perpetrators capitalized on vulnerabilities in the technology used to improve the video viewing experience in CTV. Known as Server-Side Ad Insertion (SSAI), the technology combines content and ads into a single video stream that can play seamlessly with no delays on end-user devices, such as Roku, AppleTV, and FireTV.
Oracle Moat tallies the number of ad impressions that are inserted into video streams by SSAI servers as well as the number of ad impressions that actually play on end-user devices. Using Moat technology, Oracle discovered that the StreamScam perpetrators built a network of servers that sent ad impression events to Moat and advertisers without actually sending ad and video content to users. They forged household IP addresses, app IDs, and device IDs in the measurement events to make it appear that ads had played in those environments when in fact they did not.
“Where advertising dollars go, criminals will follow, and rapidly-growing channels like CTV are presenting new opportunities for ad fraud and theft,” said Mark Kopera, head of product for Oracle Moat. “In a quickly evolving landscape of risks and opportunities, it’s critical for marketers to work with trusted partners that have the knowledge, experience, and scale to identify and block new threats as they emerge. We look forward to working with companies across the digital advertising ecosystem to expose and work to prevent this and other emerging types of ad fraud, as well as protect advertisers’ vital campaign resources.”
Moat’s investments in research to improve CTV measurement and detect sophisticated ad fraud in CTV environments enabled it to identify the fake impressions and classify them as invalid.
Advertising spending in the CTV space is growing dramatically, as consumer behavior shifts from traditional linear broadcast to multi-device and on-demand viewing. According to eMarketer, U.S. CTV ad spending will total $8.11 billion in 2020 and will increase to $11.36 billion in 2021.
“We commend Oracle Moat for its work to find and address vulnerabilities in the fast-growing CTV space, and we plan to share information about this specific attack through an upcoming industry briefing together,” said Mike Zaneis, CEO of the Trustworthy Accountability Group (TAG). “To address these new types of threats in digital advertising, TAG has expanded its threat sharing capabilities through the TAG Threat Exchange to quickly disseminate information about new and emerging threats in areas like CTV ad fraud. We look forward to continuing to work with Oracle Moat and other participating companies to build an impenetrable barrier against the criminals who would profit from ad fraud.”
“Sophisticated invalid traffic (SIVT) detection technology has been critical for us in the fight against ad fraud,” said Jim Keller, EVP Digital Sales and Advanced Advertising, Discovery, Inc. “Oracle Moat has helped us, and our clients, detect invalid traffic, track viewability and most importantly, protect media spend.”
To help educate and inform the broader industry of the StreamScam discovery and discuss mitigation, TAG and Oracle will be holding an industry briefing for TAG members in January 2021. TAG members will receive access to actionable information from Moat to help identify StreamScam in their data and avoid campaign fraud. Companies should also work with their agencies and technology partners to determine the impact of the fraud. Moat customers can contact their client representative to get additional information.