The malicious code used by Newsweek Media Group websites as part of an ad fraud scheme has been found on sites owned by Christian Media Corporation, an online publisher that, just like NMG, has close ties to a controversial religious leader and the university he founded.
The code was detected by researchers at DoubleVerify, a digital media measurement company that previously found it on several properties owned by NMG. The code enables a publisher running it to earn revenue on ads that would otherwise not meet industry standards for viewability.
Wayne Gattinella, the CEO of DoubleVerify, told BuzzFeed News that after weeks of scanning it has only found the code on sites connected to these two companies. “This suggests a very tight relationship, technically or otherwise, between these two organizations,” he said.
Reporting by BuzzFeed News also found that five CMC websites have been engaging in the same type of ad fraud that was also present on several NMG websites.
These findings raise questions about CMC and NMG’s connections to each other, and their relationships with Olivet University and a larger network of companies and organizations linked to Korean pastor David Jang.
CMC and NMG both previously funneled millions of dollars to Olivet as part of what the university has described as research and development agreements. Both companies continue to work with the university, and their executives have served as advisers and trustees for Olivet. In 2013 and 2014, NMG, under its previous corporate name, was itself listed as a trustee of Olivet. The company gave Olivet more than $2.8 million during that period.
NMG is already facing scrutiny for a recent string of layoffs, controversial firings, the continued employment of a chief content officer who was fired from Reuters over complains of sexual harassment, and the fact that the company is the target of a widening fraud investigation by the Manhattan District Attorney’s Office. That probe recently saw members of the DA’s office execute a search warrant at the upstate New York campus of Olivet University. This followed a January search of Newsweek’s Manhattan offices.
In separate statements to BuzzFeed News, NMG and CMC blamed “overseas” technology partners for the malicious code. This appears to contradict a previous statement from NMG to the Wall Street Journal earlier this month that placed the blame on two of its employees. CMC and NMG did not reply to questions about what, if any, business ties exist between the companies.
“NMG works with overseas tech firms that service several publishers. The code in question originated from one of them,” said NMG. The company did not reply when asked why it now blames overseas partners when it previously pointed the finger at two employees.
“The programmatic advertising (and its codes) and audience development are outsourced, and CMC is looking into its overseas IT vendors to analyze the matter and any inconsistencies,” read the statement from CMC.
Both companies said their ties to Olivet University and Pastor David Jang have no connection to advertising practices or the malicious code.
“To imply that this code originated from a university or a church that the co-founders and executives may attend is categorically false and amounts to clear defamation and religious discrimination,” read a statement from Newsweek Media Group.
“Dr. David Jang is an evangelical theologian who loves the Lord Jesus Christ and the Bible,” read the statement from CMC. “He has no role with CMC.”
The university also told BuzzFeed News it has no connection to the code or to related ad fraud.
“This issue has zero, absolutely no relevance at all to Olivet University,” Ronn Torossian, spokesperson for Olivet, told BuzzFeed News. “To be clear, these are not related to any work we have done in R&D. None at all, and any claims otherwise are false and completely made up.”
CMC and NMG ran "identical" code
CMC is led by William Anderson, who served as the treasurer of Olivet University’s board of trustees as recently as 2016.
CMC’s ties to Jang’s ministries are public and well-documented, including in a previous Mother Jones investigation and a series of investigations by Christianity Today, among other public documents. Similar to NMG, CMC “gave more than a million dollars to Olivet through licensing and R&D agreements in 2013 and 2014.”
The chair of the board of advisers of CMC is Rev. Dr. Geoff Tunnicliffe, who has served in the top role at the World Evangelical Alliance, an organization closely linked to Olivet University and Jang according to public statements, documents, and previous reporting. In 2007, Tunnicliffe gave the commencement address at Olivet and received an honorary degree from the university. He also joined with Jang to cut the ribbon on a new evangelical center that opened in New York, and is listed, along with the WEA, as a key partner of Olivet University’s research and development programs. CMC also lists Jang’s World Olivet Assembly and the WEA among its “Global Advisory Partners.”
The relationship between CMC, Olivet, and other Jang-affiliated organizations is what initially put the company in the same sphere as NMG. But the discovery of identical malicious code on CMC and NMG properties, as well as similar ad fraud strategies, reveals that the similarities also extend to unique, and dubious, advertising practices and technology.
Executives from DoubleVerify emphasized to BuzzFeed News that it’s incredibly rare to see this kind of malicious code running on sites operated by seemingly legitimate publishers. They also said the code on CMC’s sites was identical to that found on NMG’s.
“It’s the same fingerprint, it’s literally the identical code between the two entities,” said Gattinella of DoubleVerify.
DoubleVerify identified the malicious code on a total of nine sites owned by CMC: christianpost.com, christiantimes.com, christianitydaily.com, christiantoday.com, christianexaminer.com, crossmap.com, breathecast.com, bibleportal.com, and gnli.com.
Along with the CMC sites, DoubleVerify also located the code on an additional, previously unreported site linked to NMG, techtimes.com. When contacted by BuzzFeed News, NMG said techtimes.com is owned by a separate legal entity and “is not managed or controlled by NMG.”
That’s not entirely true. BuzzFeed News confirmed with multiple ad exchanges that ad inventory for techtimes.com was being sold directly by NMG as recently as this week. The ads.txt file for techtimes.com also listed several direct relationships with ad exchanges that use the unique seller ID assigned to Newsweek Media Group or an affiliated brand. (Ads.txt is an ad industry initiative used by many top publishers to list the ad exchanges and other resellers that are authorized to sell their inventory.)
After BuzzFeed News contacted NMG with information about it selling ads for techtimes.com, the site’s ads.txt file was edited to remove all NMG seller IDs.
The site techtimes.com is part of a company called 33 Universal that was partly owned and chaired by NMG cofounder and former chief officer Jonathan Davis. In 2012 several 33 Universal sites were integrated into NMG’s operations, according to a journalist who worked at the company at the time. Many sites that were once part of 33 Universal are still owned by NMG, according to domain registration records. Some, such as celebeat.com and designtimes.com, have not been updated since last year.
NMG’s statement to BuzzFeed News said Davis "has since divested his interests” in 33 Universal. (His wife, Tracy Davis, is the president of Olivet University.)
Buying and manipulating traffic
Along with the code and ties to Olivet and Jang, another similarity between CMC and NMG properties is the way they have been buying traffic and manipulating it in ways that meet industry definitions for ad fraud.
A BuzzFeed News story from January revealed that several NMG websites were committing ad fraud by purchasing low-quality traffic from ad networks and manipulating it to appear as if it was high-quality referral traffic. The company initially denied engaging in ad fraud, but its subsequent admission of the presence of malicious code further supported the findings of ad fraud investigation firm Social Puncher, which were backed up by similar data from DoubleVerify and by reporting from BuzzFeed News.
Traffic data from web analytics service SimilarWeb shows that five CMC sites have purchased traffic from ad networks that specialize in generating it using pop-up and pop-under windows opened on unsuspecting users, a tactic previously detailed by BuzzFeed News.
Once the window is open, the traffic is first routed to a CMC domain such as c2.cmcigroup.com or tc.cmcigroup.com before being passed along to a CMC site with advertising. Redirecting traffic in this manner disguises its origins and makes it appear as if it’s organic referral traffic, rather than low-quality purchased traffic. The practice is forbidden by Google’s ad network as well as by many major ad networks and ad exchanges. It’s also the same practice that NMG was engaged in.
SimilarWeb data shows that top CMC properties like the Christian Post received traffic laundered through c2.cmcigroup.com, and that last year it also received it from tc.cmcigroup.com. CMC also operates sites such as vinereport.com that receive almost 100% of their audience as a result of this method of buying and manipulating traffic, according to SimilarWeb. Vinereport.com is a general news and entertainment site that appears not to publish any religious content in spite of being run by a Christian publisher. DoubleVerify said it flagged vinereport.com for ad impression fraud in the first quarter of this year.
In spite of the new evidence of connections between CMC and NMG’s sites, neither company would speak on the record to address questions about formal or informal ties. A source with knowledge of one company emphasized that they are separate legal entities.
Of course, NMG said the same about techtimes.com, which it was selling ads for.
CORRECTION
Tracy Davis's name was misspelled in an earlier version of this post.