Anchor Intelligence has identified and effectively shut down DormRing1, believed to be the largest click fraud ring ever uncovered.
The fraud ring consisted of thousands of publishers who created websites and generated fake ad traffic on these sites with the explicit purpose of defrauding ad networks and advertisers. In just two weeks, DormRing1 traffic was instructed to generate fraudulent clicks on the ads of nearly 2,000 advertisers across multiple ad networks; these clicks originated from approximately 200,000 compromised IPs.
Anchor estimates DormRing1, if undetected, would have cost the affected advertisers over $3 million in wasted advertising dollars over the course of a year.
Anchor Intelligence has shared its findings with law enforcement on both coasts, including the San Francisco branch of the FBI and the National Cyber-Forensics & Training Alliance (NCFTA) out of Pittsburgh, PA. The NCFTA, a joint partnership between law enforcement, academia, and industry, which seeks to maximize public/private resource synergies to address cyber-crime, was recently applauded by President Obama in the “White House 2009 Cyberspace Policy Review.”
DormRing1 received its name as many of the perpetrators involved were students operating out of dormitories at Shanghai Technology Institute and other Chinese technical universities. Working in conjunction with one of its ad network customers, Anchor Intelligence tracked the operations of DormRing1 masterminds by gaining access to exclusive bulletin boards on various Chinese social networking sites. Anchor learned about the various tactics used by this fraud ring and was able to link many of the publisher sites to students living in dormitories on campus.
Anchor Intelligence indicates that while DormRing1 was shut down similarly architected rings have emerged out of India and parts of Southeast Asia.