No Hoodies Here: Organized Crime in AdTech
Black Hat USA 2025 · Day 1 · Briefings
Infoblox researchers unmasked Vextrio — the internet's most prolific malicious traffic distribution network — as a multi-year organized crime operation run by Italian and Eastern European principals operating out of Lugano, Switzerland. Using only open-source intelligence, they traced roughly a hundred shell companies across multiple continents to a handful of identifiable individuals who own professional race teams, fly private jets to Coldplay concerts, and take stratosphere flights — all funded by a trillion-dollar scam-as-a-service ecosystem hiding in plain sight inside the legitimate advertising industry. ---
AI review
Infoblox spent years tracing a trillion-dollar scam-as-a-service empire — Vextrio, 40% of compromised WordPress redirects in 2024 — back to Italian dating scammers from 2004, Eastern European technical operators, and a Lugano holding company where everyone apparently owns race teams and takes stratosphere flights. The OSINT methodology is rigorous, the narrative is gripping, and it forces a category reclassification that most of the security industry has been avoiding.