‘StreamScam’ Operation Involved 28.8 Million U.S. Households, Including Approximately 3,600 Apps and 3,400 CTV Devices
Oracle announced the discovery of “StreamScam,” the largest known connected television (CTV) ad fraud operation exposed ever. The StreamScam operation exploited flaws in CTV ad serving technology to fool advertisers into paying for ads that were never delivered to households. The operation spoofed more than 28.8 million U.S. valid household IP addresses, including approximately 3,600 apps and 3,400 unique CTV device models. The usage of valid household IP addresses demonstrates the sophistication of StreamScam compared to previous CTV ad fraud operations. By comparison, the largest prior CTV ad fraud operation had been ICEBUCKET, which involved two million spoofed household IP addresses, 300 app IDs, and 1,000 CTV device IDs.
Read More: SalesTechStar Interview With Denis Murphy, Chief Revenue Officer At Couchbase
StreamScam perpetrators capitalized on vulnerabilities in the technology used to improve the video viewing experience in CTV. Known as Server-Side Ad Insertion (SSAI), the technology combines content and ads into a single video stream that can play seamlessly with no delays on end-user devices, such as Roku, AppleTV, and FireTV.
Oracle Moat tallies the number of ad impressions that are inserted into video streams by SSAI servers as well as the number of ad impressions that actually play on end-user devices. Using Moat technology, Oracle discovered that the StreamScam perpetrators built a network of servers that sent ad impression events to Moat and advertisers without actually sending ad and video content to users. They forged household IP addresses, app IDs, and device IDs in the measurement events to make it appear that ads had played in those environments when in fact they did not.
“Where advertising dollars go, criminals will follow, and rapidly-growing channels like CTV are presenting new opportunities for ad fraud and theft,” said Mark Kopera, head of product for Oracle Moat. “In a quickly evolving landscape of risks and opportunities, it’s critical for marketers to work with trusted partners that have the knowledge, experience, and scale to identify and block new threats as they emerge. We look forward to working with companies across the digital advertising ecosystem to expose and work to prevent this and other emerging types of ad fraud, as well as protect advertisers’ vital campaign resources.”
Read More: DemandJump Announces Insights For Content, Automating Content Strategy And Research