Devin Gaffney

Devin Gaffney

Founder of International Persuasion Machines

Devin Gaffney is a data scientist and founder of International Persuasion Machines, a sociotechnical security firm that specializes in fraud, abuse, platform manipulation, and coordinated inauthentic behavior.

Presentation Abstract

Falsifying Traffic Data to Defraud Auction Marketplaces

In this talk, I will discuss the research, methods, tools, and approach used to proof of concept a fraud on an online marketplace. Specifically, I find that Flippa.com’s online website auction house provides would-be fraudsters the ability to convincingly manipulate the market and meaningfully alter auction outcomes by pumping auction listings with fake web traffic.

On each auction listing, this fake traffic is displayed as a core reporting metric via a Google Analytics chart plugin. Google Analytics fails to flag and remove bot traffic, and instead includes the traffic on the charts.

From a statistical review of the entire marketplace, traffic counts are a meaningful variable that predicts final sale price. Each individual hit corresponds to roughly a $0.19 increase in value, while the cost of submitting the traffic for a would-be fraudster is several orders of magnitude less. Thus, for any individual auction, it is strictly economically efficient to spam fake traffic - a fraudster is nearly guaranteed to make more money than they spend by sending the traffic to an individual auction.

These results have direct implications for the Flippa marketplace directly, but serves as a window into a more general burgeoning security threat of “sociotechnical security” where users exploit the express affordances of platforms. This is distinct from more traditional security where users circumvent intended use. I then will share several other high-level examples further illustrating this new threat landscape.