Increasingly, digital ad viewers aren’t human. A study done last year in conjunction with the Association of National Advertisers embedded billions of digital ads with code designed to determine who or what was seeing them. Eleven percent of display ads and almost a quarter of video ads were “viewed” by software, not people. According to the ANA study, which was conducted by the security firm White Ops and is titled The Bot Baseline: Fraud In Digital Advertising, fake traffic will cost advertisers $6.3 billion this year. ... Fake traffic has become a commodity. There’s malware for generating it and brokers who sell it. Some companies pay for it intentionally, some accidentally, and some prefer not to ask where their traffic comes from. It’s given rise to an industry of countermeasures, which inspire counter-countermeasures. ... All a budding media mogul—whether a website operator or a traffic supplier—has to do to make money is arbitrage: Buy low, sell high. The art is making the fake traffic look real, often by sprucing up websites with just enough content to make them appear authentic. Programmatic ad-buying systems don’t necessarily differentiate between real users and bots, or between websites with fresh, original work, and Potemkin sites camouflaged with stock photos and cut-and-paste articles.
Most gamblers were still asleep, and the gondoliers had yet to pole their way down the ersatz canal in front of the Venetian casino on the Las Vegas Strip. But early on the chilly morning of Feb. 10, just above the casino floor, the offices of the world’s largest gaming company were gripped by chaos. Computers were flatlining, e-mail was down, most phones didn’t work, and several of the technology systems that help run the $14 billion operation had sputtered to a halt. ... Computer engineers at Las Vegas Sands Corp. (LVS) raced to figure out what was happening. Within an hour, they had a diagnosis: Sands was under a withering cyber attack. PCs and servers were shutting down in a cascading IT catastrophe, with many of their hard drives wiped clean. The company’s technical staff had never seen anything like it. ... The people who make the company work, from accountants to marketing managers, were staring at blank screens. “Hundreds of people were calling IT to tell them their computers weren’t working,” says James Pfeiffer, who worked in Sands’ risk-management department in Las Vegas at the time. Most people, he recalls, switched over to their cell phones and personal e-mail accounts to communicate with co-workers. Numerous systems were felled, including those that run the loyalty rewards plans for Sands customers; programs that monitor the performance and payout of slot machines and table games at Sands’ U.S. casinos; and a multimillion-dollar storage system. ... In an effort to save as many machines as they could, IT staffers scrambled across the casino floors of Sands’ Vegas properties—the Venetian and its sister hotel, the Palazzo—ripping network cords out of every functioning computer they could find, including PCs used by pit bosses to track gamblers and kiosks where slots players cash in their tickets. ... This was no Ocean’s Eleven. The hackers were not trying to empty a vault of cash, nor were they after customer credit card data, as in recent attacks on Target (TGT), Neiman Marcus, and Home Depot (HD). This was personal. The perpetrators wanted to punish the company, or, more precisely, its chief executive officer and majority owner, the billionaire Sheldon Adelson. Although confirming their conjectures would take some time, executives suspected almost immediately the assault was coming from Iran.
For eight years, Sepúlveda, now 31, says he traveled the continent rigging major political campaigns. With a budget of $600,000, the Peña Nieto job was by far his most complex. He led a team of hackers that stole campaign strategies, manipulated social media to create false waves of enthusiasm and derision, and installed spyware in opposition offices, all to help Peña Nieto, a right-of-center candidate, eke out a victory. ... Sepúlveda’s career began in 2005, and his first jobs were small—mostly defacing campaign websites and breaking into opponents’ donor databases. Within a few years he was assembling teams that spied, stole, and smeared on behalf of presidential campaigns across Latin America. He wasn’t cheap, but his services were extensive. For $12,000 a month, a customer hired a crew that could hack smartphones, spoof and clone Web pages, and send mass e-mails and texts. The premium package, at $20,000 a month, also included a full range of digital interception, attack, decryption, and defense. The jobs were carefully laundered through layers of middlemen and consultants. Sepúlveda says many of the candidates he helped might not even have known about his role; he says he met only a few. ... His teams worked on presidential elections in Nicaragua, Panama, Honduras, El Salvador, Colombia, Mexico, Costa Rica, Guatemala, and Venezuela. ... He’s serving 10 years in prison for charges including use of malicious software, conspiracy to commit crime, violation of personal data, and espionage, related to hacking during Colombia’s 2014 presidential election.
For the members of Congress, who in 2002 provided almost $4 billion to modernize voting technology through the Help America Vote Act, or HAVA—Congress’s response to Bush v. Gore—this probably wasn’t the result they had in mind. But voting by computer has been a technological answer in search of a problem. Those World War II-era pull-lever voting machines may not have been the most elegant of contraptions, but they were easy to use and didn’t crash. Georgia, which in 2002 set out to be an early national model for the transition to computerized voting, shows the unintended consequences. It spent $54 million in HAVA funding to buy 20,000 touchscreen voting machines from Diebold, standardizing its technology across the state. Today, the machines are past their expected life span of 10 years. (With no federal funding in sight, Georgia doesn’t expect to be able to replace those machines until 2020.) The vote tabulators are certified to run only on Windows 2000, which Microsoft stopped supporting six years ago. To support the older operating system, the state had to hire a contractor to custom-build 100 servers—which, of course, are more vulnerable to hacking because they can no longer get current security updates. ... The voting technology business, after a frenetic decade of mergers, acquisitions, and renamings, is dominated by just a few companies: Election Systems & Software, or ES&S, and Dominion Voting Systems are the largest. Neither has much in common with the giants of computing. Apple, Dell, IBM, and HP have all steered clear of the sector, which generates, according to an analysis by Harvard professor Stephen Ansolabehere, about $300 million in annual revenue. For context, Apple generates about $300 million in revenue every 12 hours.