It’s been a few years since the Helkern virus which effectively disrupted service for every one-in-four websites during its peak on January 25, 2003. The worst, however, is not over. Many security experts are predicting “The Big One“; a virus so devestating, it could bring the entire internet to its knees.
Trojans hijack your computer while destroying your data, botnets slow servers, but ultimately these attacks aren’t powerful enough to bring down anything effectively. Reformatting a computer is painless, and restoring a data backup takes only minutes. Today, most datacenters provide free security monitoring services to protect against bandwidth and other server resource related attacks. Unless somebody is out there physically digging up network cables and blowing up datacenters, how else could the internet possibly come to a screeching halt? You hit the web at the bottom line.
Many websites use advertising networks such as Google’s AdSense, Yahoo!’s Publisher Network, Fastclick, and Kanoodle (just to name a few). These advertisting networks help to monetize their websites. With over $12.5 Billion (2005 US Internet Advertising Revenue) at stake, these networks depend on advertisers. And, in 2006, these figures are expected to grow. It may only be a matter of time before we see many advertisers turning away from traditional internet advertising.
How do you destroy the internet?
Attack the ad networks that provide the means to these websites.
Basic economics teaches us that if something is profitable, more and more will begin to follow suit. If we reverse that basic economic logic, and building websites is no longer profitable, we can expect to see many of these websites going offline.
Click Fraud has been a hot topic for quite some time and has even sparked legal debates where unhappy advertisers have sued for reimbursement. The spotlight is on Google. They’re certainly the biggest and most successful, however, they’re also the biggest concern. Many sources have hinted that Google’s click fraud rate is near 50%. That means that one in every two clicks you recieve is either fake or illegitamate in some way. Google’s CFO George Reyes said that click fraud is “the biggest threat to the internet economy” and is putting many websites who rely on these networks in serious danger. Popular websites you may recognize that are monetized by Google’s AdSense (in part or in whole) include: YouTube, MySpace, and Digg along with millions of others. What would happen to these internet giants (all in Alexa’s top 500) if AdSense fell through? Why would these major advertising networks go belly up? Click fraud of course!
A few people have figured out how to use click fraud programs (some even developing their own) in order to fake traffic and clicks. Everyday, programs like this generate millions in wasted advertiser dollars to benefit the publishers and advertising networks. There are hundreds of thousands of computers worldwide that have been hijacked. These botnets are infected by worms or Trojans and controlled by hackers. They can be used to send spam, more viruses, or launch DoS attacks against websites. These networks of zombie computers are traded, bought, and sold to other notorious hackers. They can even be hired. If one was so inclined, botnets (with click fraud intentions designed in mind) could bring down some major advertising networks. The problem is that most of these botnets operate in order to generate money. Commiting to this theory would be an economical suicide.
In theory, this just might work. On a small scale, it’s already happening. There are hundreds of users every day getting banned from AdSense and Yahoo! Publisher Network because of visitors intentionally clicking, for whatever reason. Even when the webmaster is being completely legitimate. Of course, taking a much larger website’s revenue source down would be much harder, but, not impossible.
Let’s imagine an advertiser attack was to actually succeed; a few things would happen.
- The victim’s website would be forced to either find other means of advertising, or go offline when the bank goes dry.
- The website would be banned, and the advertising dollar would be wasted. Either the money is returned in part to the paying advertiser to be recreditted to their account, or it is sucked up into the ad networks revenue with no mention of click fraud.
- With enough concentration, after drying up all the website revenue sources, it is possible that the website could go offline. If the website was to go offline and it was of considerable size, those servers would no longer be needed. For a website like Digg that could be several tens of thousands of dollars the datacenter will no longer have. For something like MySpace that would be hundreds of thousands in servers and bandwidth costs. Websites going offline would hurt not only those employed, but those supplying resources to those websites including third party websites, network carriers, and data centers especially.
- Google’s business model is based around AdSense and AdWords. Companies like this that depend entirely on internet advertising revenue (over ninety percent) are extremely vulnerable to click fraud and attacks like this. Each publisher or partner they lose is one more hit to their pocketbook. Given Google’s AdSense has quite a few websites under its belt this could take a long time.
- Ultimately though, the goal here is to abuse advertising dollars so much that businesses smarten up and stop buying online advertising altogether. Even though Google still generates nearly half of its revenue from Google searches, if advertisers don’t buy, they don’t get paid.
It’s easy to get the idea. If one knocks enough of them down, the rest begin to fall. With enough money and dedication towards this, one could really do some damage. I just hope no one ever tries anything like this.
Please read our disclaimer. This article was written to demonstrate how click fraud may bring an end to the internet. It still stands as one of the biggest threats to the internet’s economy to this date.