Microsoft's Alleged 'click Launderers' Maintain Innocence

Beta customers named in two click fraud lawsuits Microsoft filed this week maintain their innocence, and both say they assisted the software giant in investigating the source of the problem.

On Wednesday, Microsoft held a press conference featuring its general counsel, senior attorney of its digital crimes unit, an independent consultant, a Harvard professor and an executive from an advertising industry group. The Microsoft executives detailed what they said is a new kind of click fraud, "click laundering," and said the company had filed two lawsuits against people employing the technique.

Microsoft alleges that defendants used botnets and other techniques to drive traffic to their own servers, where they scraped out the traffic-referring information and replaced it with code that made it look like the traffic came directly to their sites.

While the company HelloMetro was not named as a defendant in either of the suits, it was cited as the publisher of sites receiving inordinate numbers of clicks. "During the brief 4 weeks last year we participated in Microsoft's Beta, we volunteered information to Microsoft to help locate some suspected sites and companies," said Clark Scott, CEO of HelloMetro, in a statement. "That is why we are not listed as a Defendant here. We may be asked to submit what we have found to pursue those John Does."

Microsoft named 20 John Does as defendants in the suit, meaning it doesn't know who is responsible for the fraud.

But RedOrbit says it also helped Microsoft investigate the fraud. "We turned over log files" and other details that Microsoft requested as it sought to discover the source of a dramatic spike in clicks to RedOrbit, said Eric Ralls, RedOrbit's president, who is also named as a defendant in the suit.

Microsoft executives pointed their fingers at RedOrbit because "we feel confident that the person who would profit is RedOrbit," said Richard Boscovich, senior attorney of Microsoft's digital crimes unit. It's unclear why Microsoft didn't name HelloMetro as a defendant for similar reasons.

Yet, RedOrbit didn't profit, Ralls said. "They had paid us no money. We didn't get a dime from those clicks. We have not profited in any way from this at all," he said.

Ralls said that his lawyer, retained this week after news of the lawsuits surfaced, has instructed him to say little more. "We do not, nor have we ever, engaged, assisted in, or condoned click fraud," Ralls said in a statement. "We are disappointed that Microsoft has made these completely baseless allegations, and intend to defend against them vigorously."

Both RedOrbit and HelloMetro were beta customers of Microsoft's AdCenter program. AdCenter is Microsoft's answer to Google's AdSense, the market-leading advertising platform.

There are some curious aspects of the case, said Richard Sim, vice president, product management and marketing at Anchor Intelligence. For instance, Microsoft said that the average clicks per day on RedOrbit's site grew from 75 to 10,000 in a matter of weeks.

"When I saw that, to me it signaled that the person behind this scheme was very unsophisticated because that's a sure sign that something's going wrong," Sim said. "That did surprise me, that if this was perpetrated by one individual that they'd use such a rudimentary approach." Most ad platforms would suspect fraud after such a dramatic spike in traffic.

Yet Microsoft characterized this kind of fraud as sophisticated. "There's been lots of talk about whether this is technically possible," said Boscovich. It's the first time Microsoft has seen this kind of fraud, which it previously thought was impossible to do, he said.

It's possible, though rare, that such spikes happen without the involvement of the site owner. For instance, a competitor might maliciously send huge volumes of traffic to another site as a way to try to get the site blacklisted by its ad platform, Sim said.

Microsoft is the underdog in this market and seemed to be using the lawsuits as a way to paint itself as the most honest of the ad platform providers.

"We and every other company in the industry has to recognize that we have a choice. We can either take aggressive steps to stop this fraud or look the other way and make money from it. We don't think looking the other way should be an option," said Brad Smith, general counsel at Microsoft, during Wednesday's event.

Microsoft noted that it has filed three click fraud suits. The experts around the table said that they were aware of one Google suit that was quickly dropped and zero Yahoo suits.

But Microsoft has a history of using lawsuits to fight fraud and has often done so successfully, Sim said. "I think the approach Microsoft took to fighting spam is similar to what they're doing in click fraud," he said. Microsoft used technology tools, industry collaboration and civil lawsuits to combat spam, Sim said. "That was effective because for the industry as a whole it sent the message that they are willing to invest and enforce violations against spam policies. They send a message to the perpetrators that they can't get away with this," he said.

That's exactly what Microsoft said it is trying to do. "We're sending a clear message here and that's that we don't tolerate this," said Boscovich.

It is very early in Microsoft's ad platform and so it may be trying to ensure from the very beginning that fraud isn't a problem. "For them, click fraud hasn't been a big pain point to date," Sim said.

Subscribe to the Security Watch Newsletter

Comments