In a shocking revelation earlier this year, it was discovered that a piracy network, known as “Camu” or “camuflagen” in Portuguese, was illegitimately serving over 2 billion online advertisements on a daily basis. This network, based in Brazil, engaged in large-scale ad fraud operations, processing a staggering 2.5 billion bid requests daily across 132 domains at its peak. To put this into perspective, the volume of ad traffic generated by Camu was equivalent to that of the entire city of Atlanta, Georgia.
The researchers at HUMAN Security uncovered Camu’s operations back in December 2023 and have since been monitoring its activities. While the network is still active, its bid requests have significantly decreased to around 100 million per day. The modus operandi of this scheme relies on a simple cookie-based redirection mechanism, which lures users seeking movies and television shows to decoy sites flooded with advertisements.
Camu operates dual-faced piracy websites that offer users a standard experience akin to other illegal content platforms. When visitors click on the desired content, they are redirected to a different domain hosting the material, surrounded by a barrage of ads. Many of these advertisements come from legitimate companies unaware of their association with illicit content. To maintain this facade, Camu employs tactics to ensure that only their intended audience accesses the cashout sites.
Director of Fraud Operations at HUMAN, Will Herbig, explains that Camu manipulates domain loading based on different parameters to obscure its activities. Visitors redirected to cashout sites receive a token that installs a cookie on their browser, granting them access to the content and ads. Unauthorized individuals such as security researchers or advertisers arriving via alternate means would lack this cookie and be rerouted to harmless sites.
To further obfuscate the connections between its malicious domains and piracy platforms, Camu alters the redirection process data and adds false referral information to the landing domain’s URL. This misdirection creates an illusion that visitors arrived from reputable sources, concealing the network’s true nature.
The fraudulent practices of Camu shed light on broader issues within the online advertising ecosystem. Herbig points out that alongside Camu, there are seven other comparable operations engaging in similar activities albeit on a smaller scale. The automated nature of online ad purchasing through middleman exchanges facilitates such fraud, as legitimate advertisers unknowingly interact with dubious entities.
Ad fraud has become a rampant problem, with experts like Dr. Augustine Fou highlighting the alarming increase in both the dollar value and percentage of ad impressions lost to fraudulent activities. Despite efforts to combat such practices, ineffective verification services and the vast programmatic ecosystem make it challenging to eradicate ad fraud completely.
In conclusion, the case of Camu serves as a stark reminder of the vulnerabilities present in the digital advertising landscape and the ongoing battle against ad fraud. As researchers and security experts continue to unravel these networks, the need for improved safeguards and vigilance in the online advertising industry becomes ever more apparent.