We’ve taken a look at your submission and can confirm this is not a security vulnerability, but we do appreciate you sending us detailed information about your discoveries.
Hi,I have sent an e-mail including the details to your side three days ago.
However, I still do not receive any responses. I am becoming worried. I
hope there are not any problems. In case of you did bot receive my previous
e-mail, I am kindly submitting it again to your side.Thanks.Sonmez
Hi! Miki,How are you?Where is Stephen? Why he did not write to me.I have prepared a document for details. I added pdf file to attach. Thanks.Sonmez
Hi,can you share with us the detailed procedure you use to inflate your number of clicks and in which way this is innovative?
Thanks,Miki, Google Security TeamOn 12/26/15 10:50:40 email@example.com wrote:
I share below my email address which I use when I log into my Adsense account. If you examine my all time graphic, you will notice the great difference. The traffic from April 2015 to December 2015 shows the amount of money that I earned by about 20,000 fake clicks based on the subject matter weakness. As I said before, I use this account just to test my theory about the security weakness. You will see when you thoroughly examine my account that about 99% of the clicks that brought me money involved Istanbul IPs through my subscription to an Internet service provider. This means that for the last 7 to 8 months I have been receiving payments for the virtual clicks made from different IPs over the Internet subscription of a single person. This situation also results in a weakness in the display of ads in search results. By this method, it becomes possible to consume the daily budgets of other ads by fake clicks. I am able to perform these procedures on a single computer using an Auto click scripts that I prepared myself. I currently draw up a much more detailed document about this subject. I hope that you will not accuse me of fraud. From the first moment, I have been trying to contact you but I have never had an answer. I will continue to share all the details. Have a good working day.
My adsense account email:firstname.lastname@example.org
My name is sonmez ertem
From Istanbul Turkey
Hey,You can find our program rules at:Regarding secrecy, please see the following faq entry:
Q: My employer / boyfriend / dog frowns upon my security research. Can I report a problem privately?
A: Sure. If you are selected as a recipient of a reward, and if you accept, we will need your contact details to process the payment. You can still request not to be listed on our public credits page.Cheers,StephenGoogle Security TeamOn 12/23/15 19:25:57 email@example.com wrote:
The procedure I am executing is, by changing the modem and browser settings, I am creating fake clicks and tricking your ad system. I am currently creating such fake clicks and receiving payments for Adsense ads on my site. I am currently earning in one day what I normally earn in a year. The same weakness exists for Adwords ads displayed for search results. With this method, by creating fake clicks on others’ ads, I am able to deplete the ad budgets of competitor ad publishers for search results. I have been testing this procedure for about a year. In order for you to examine my accounts and for further details, I am requesting information on your procedures for the award program and your secrecy policies. Regards.
Hey Se,Thanks for the report. Can you send us the details via email what the weaknesses are and how to exploit them?Cheers,StephenGoogle Security TeamOn 12/19/15 13:49:52 firstname.lastname@example.org wrote:
Adwords & Adsense Bug Report
We have a “adsense” test accou
nt whereby we receive payments with a system which you frequ ently encounter that makes cli cks by changing proxies, opera tes on a method similar to click-bots, which Google has f ailed to catch for more than a year and, we think, will neve r catch.
In order to share with you thi
s method, which draws on the w eaknesses of the web, we submi tted a report to the email add ress email@example.com with the ID Email Subject:[3-334300 0007550], the response we had was that “we would be answered in a few days” but we never r eceived such an answer.
We earned in one day more than
we earn in a year by utilizin g your security weaknesses. An d we have been receiving our p ayments regularly for months n ow. The same weakness also app lies to “adwords“. We request your help about the process we need to follow so that you can have more details about it and investigate our accounts.
We are of the opinion that it
would be detrimental both for us and also for Google if we s hared this bug with anyone oth er than you.
What can we do to show you thi
s problem in detail and benefi t from the security award prog ram? We will be glad if you ca n guide us. Thank you.