Ed Snowden, eat your heart out. The computer security firm White Ops released a detailed investigative report on the largest digital ad fraud operation to date.

Ominously dubbed the Methbot Operation (after the word “meth” that appears in the code), a group of Russian hackers appears to be making $3m to $5m a day by showing real video ads to fake people on fake websites for “real” clicks. Stay with me…Here’s how it went down…

See, to pull this off the meth heads needed to meticulously reverse engineer the ad-quality verification process to pass the fake views and clicks off as legit.

Step one was creating over 6,000 domains with 250k unique URLS that looked, at least on the surface, the same as major publishers like ESPN or Vogue. This, in turn, tricked ad-serving algorithms into sending them the most profitable video ads.  After that, it was a matter of building up a data center of 570k bots connected to hundreds of thousands of IP addresses to “watch” the ads, move the mouse a little, and click on the ad.  Heck, these bots even had social media login info….So, what’s the damage?

White Ops estimates that the Methbot campaign watched upwards of 300m video ads per day, making an average of $13.04 per “view.” That adds up to about $4m each day of American advertising dollars going directly into the hackers’ cargo shorts.  According to a 2016 study White Ops released with the Association of National Advertisers, this type of digital ad fraud cost $7b in 2016.  Clearly, it’s a big problem as more and more advertisers turn to the web, but who knows, maybe there’s a small village in Russia that’s really into Coors Light, Mailchimp, or whoever else is advertising a lot these days.