>but I was shocked at the ease of carrying that kind of attack
From affiliate marketing to PPC ad networks, etc., the implementing systems tend to be built as naively as possible. When you survey the implementations you quickly realize that the designers assume there are no bad actors in the known universe. Literally no thought was given to fraud.
They generally tend to be wide open to abuse, and frequently through simple URL manipulation/automation and standard HTML.
What's amazing is that billions of dollars are at stake, requiring little more than mouse-clicks. So, given that clicks are so insanely easy to simulate, you would think that these systems would be very robust; yet they are frequently the opposite. But, beyond the naivete, it is not entirely the networks' fault. They are locked in a never-ending game of cat-and-mouse with people who have very little to lose and much to gain.
From affiliate marketing to PPC ad networks, etc., the implementing systems tend to be built as naively as possible. When you survey the implementations you quickly realize that the designers assume there are no bad actors in the known universe. Literally no thought was given to fraud.
They generally tend to be wide open to abuse, and frequently through simple URL manipulation/automation and standard HTML.
What's amazing is that billions of dollars are at stake, requiring little more than mouse-clicks. So, given that clicks are so insanely easy to simulate, you would think that these systems would be very robust; yet they are frequently the opposite. But, beyond the naivete, it is not entirely the networks' fault. They are locked in a never-ending game of cat-and-mouse with people who have very little to lose and much to gain.