The advertiser for that ad is charged for that click, apparently paying the hacker as if the hacker were the publisher of an invisible web page hosting that invisible ad. Kahn said there's no evidence that either the hacked site or the destination site …
