Man Accused of Attempting to Extort Google

← Back to Stories (view on slashdot.org)

Man Accused of Attempting to Extort Google

Posted by CmdrTaco on Monday March 22, 2004 @02:40AM from the future-of-cybercrime dept.

sandalwood writes "A programmer has been arrested on charges of attempting to "threaten Google with a software program he devised that creates phony clicks on pop-up advertisements delivered by Google. Google pays Web site publishers companies a certain amount for legitimate hits on those ads, but Bradley created a method that generates false clicks that appeared to be real Internet traffic, which would have repeatedly defrauded Google... Bradley contacted Google in early March, informing company officials that he had created the program and wanted $100,000 to keep him from selling it to spammers, according to an affidavit by a U.S. Secret Service agent." A harbinger of organized crime to come? That's a real nice website you have here... a shame if anything were to happen to it..."

42 of 302 comments (clear)

Or vice versa by Space+cowboy · 2004-03-22 02:40 · Score: 4, Interesting

Want to really annoy your competition ? Do the same thing actually on a google search page - just make it "search" 1000 times for words that bring up your competitions 'adwords' box, then "click" the adwords link. Google then bills your competitor for the maximum (s)he specified per day/week/month and, bonus!, your competitor then drops down the rankings for which google Adword to display...

Random words mixed in with the key ones, random delays between searches, random User-Agent, etc., etc. Seems like it would be easy to do, and hard to track...

Simon.

--
Physicists get Hadrons!
1. Re:Or vice versa by stonebeat.org · 2004-03-22 02:49 · Score: 4, Informative
  
  actually this will not work. Google use statistical data to stop the user from doing this. It will almost have to be a DDOS attack (i.e. have thousands of IP addresses click on the AD) to pull this off. In that case it would be much easier just to DDOS the website of your competitor. Just like what happened to SCO.com
  
  --
  
  Consensus is good, but informed dictatorship is better
2. Re:Or vice versa by psycho_tinman · 2004-03-22 02:54 · Score: 4, Interesting
  
  Well, I don't see how this person could offer up a tool for extortion without figuring out how to spoof IP addresses, anyway. Surely, it would raise an alert if most, if not ALL of your clickthroughs came from a single small set of IPs ? Also, one nitpick about the article, since when does Google offer popup advertising ?
  I'm quite certain plenty of programmers know how to fake clickthroughs, or they could sit down and figure it out. Spoofing IP addresses, on the other hand, would be slightly more difficult.. and there are only so many open proxies and so on.
  On a slightly more depressing note, this sounds like a perfect scheme for all those zombie machines that are being spawned out there (with email worms). Instead of doing a Distributed DOS or sending out spam (which are their current uses, and can be easily traced back), if they were used to randomly send out a few million clicks, or to host a mini link farm for Googlebot's eyes only.... the possibilities for spamming become endless. Scary thought.
3. Re:Or vice versa by walter_kovacs · 2004-03-22 03:02 · Score: 5, Interesting
  
  Actually no, click fraud is a real problem with Google (and all other pay per click engines). There have been many times when my Adwords traffic has spiked, sales have plummeted and conversions gone through the floor, and I am 99% sure that it is click fraud - the logs are just FULL of proxies, and Google seems helpless to do anything about it, but still happily collects the money.
4. Re:Or vice versa by AndroidCat · 2004-03-22 03:08 · Score: 5, Informative
  
  That's why the article mentions spammers. The (old) trick works by sending out spam that generates a click-through when someone opens the email. (Or previews it in LookOut.) That way it comes from a whole bunch of IP addresses of people dumb enough to allow HTML script to run in their email.
  
  --
  One line blog. I hear that they're called Twitters now.
5. Re:Or vice versa by pinkUZI · 2004-03-22 03:14 · Score: 4, Insightful
  
  um... guys,
  maybe I'm out of line here, but this is not a good topic to brain storm. Why do we want to devises more deviant ways to spam?
  And why hurt our precious Google!
  
  --
  You are receiving this message because your browser supports Slashdot Sigs and you have Slashdot Sigs enabled.
6. Re:Or vice versa by idiot900 · 2004-03-22 03:29 · Score: 4, Insightful
  
  maybe I'm out of line here, but this is not a good topic to brain storm. Why do we want to devises more deviant ways to spam?
  And why hurt our precious Google!
  
  1) Because it's our intrinsic human right to think about whatever we want.
  2) Because some of us, as server administrators, must deal with spam in all its vile forms, and we therefore must know our enemy.
7. Re:Or vice versa by Dun+Malg · 2004-03-22 03:34 · Score: 5, Insightful
  
  um... guys, maybe I'm out of line here, but this is not a good topic to brain storm. Why do we want to devises more deviant ways to spam? And why hurt our precious Google!
  Pretending no one thought of it is not an effective way to prevent others from thinking of it. We want all possible exploits to be exposed, so they can be dealt with. You're advocating security through obscurity.
  
  --
  If a job's not worth doing, it's not worth doing right.
8. Re:Or vice versa by dubl-u · 2004-03-22 04:36 · Score: 4, Insightful
  
  1) Because it's our intrinsic human right to think about whatever we want.
  
  FYI, thinking is something you do inside your head. Talking, on the other hand, is an action that can have consequences in the world. It's unfortunate that the urge to accept responsibility for the consequences of one's actions is not quite as intrinsic as the urge to run one's mouth.
9. Re:Or vice versa by Camel+Pilot · 2004-03-22 05:50 · Score: 4, Informative
  
  I have had similar experiences. Overture (aka yahoo) attempts to console you with their Click Protection buzz words. But in reality they do not filter out the even the most basic fraudulent clicks.
  
  Here is summary of my recent experience with Overture's Click Protection program. Overture e-mail responses are almost unbelievable.
  
  Overture claims to provide "Click Protection" for their pay-per-click advertising service. In reality they fail to prevent the most basic and easiest to detect non-authentic clicks - that is competitors clicking on competitors. They do not even filter out a customer clicking on their own links from within the Overture manager. Nor do they provide a method for an advertiser to test their own ad rendered URL's - a necessary function as a means to test the validity of an entered URL. Since filtering out such clicks would be simple and straight forward using established cookies or session id's - I can only speculate the reasons for not patching this obvious flaw and question the "sophistication of Overtures "Click Protection".
Using Google to extort Google? ;-) by ChaoticChaos · 2004-03-22 02:40 · Score: 5, Funny

I wonder how long he had to Google before he figured out the technical details of how to do that? ;-)

Search terms: "how to extort" AND money AND "from google" ;-)
1. Re:Using Google to extort Google? ;-) by physicsboy500 · 2004-03-22 02:46 · Score: 5, Funny
  
  Google...
  
  The cause of and solution to all of life's problems
  
  --
  The original generic sig.
2. Re:Using Google to extort Google? ;-) by Minwee · 2004-03-22 02:55 · Score: 5, Funny
  
  Your search - "how to extort" AND money AND "from google" - did not match any documents.
  
  Suggestions:
  - Make sure all words are spelled correctly.
  - Try different keywords.
  - Try extorting money from Yahoo! They! have! lots! of! money!
  - Try patenting PageRank and suing us.
  - Ask the underpants gnomes. They know everything.
  Also, you can try Google Answers for expert help with your search.
Found him! by Mr.+Darl+McBride · 2004-03-22 02:41 · Score: 5, Funny

You can find articles about the fellow by looking at the top Google hits for "moron," "fucktard," and "what the hell were you thinking?"
1. Re:Found him! by BabyDave · 2004-03-22 02:46 · Score: 5, Funny
  
  You can find articles about the fellow by looking at the top Google hits for "moron," "fucktard," and "what the hell were you thinking?"
  
  He works for SCO?
That'll teach him a lesson... by LinuxInDallas · 2004-03-22 02:42 · Score: 5, Funny

Next time, just go straight to the spammers.
Slashdot... by martingunnarsson · 2004-03-22 02:43 · Score: 5, Funny

That's a real nice website you have here... a shame if anything were to happen to it...

Isn't this what Slashdot is trying to do? No?

--
Martin
he must have been by squarefish · 2004-03-22 02:44 · Score: 4, Funny

feeling lucky

--
Creationists are a lot like zombies. Slow, but powerful and numerous. And they all want to eat our brains.
What have we learned? by g0bshiTe · 2004-03-22 02:45 · Score: 5, Insightful

Next time don't go to those you are trying to extort. Just go straight to the competition. I'm sure the spammers would have paid him much more than $100,000 collectively and not turned him in.

Imagine, he could have licensed his software to the spammers and charged them an annual fee to use it. He could have been the "Microsoft" of the spamming industry.

--
I am Bennett Haselton! I am Bennett Haselton!
1. Re:What have we learned? by merlin_jim · 2004-03-22 03:04 · Score: 4, Funny
  
  Imagine, he could have licensed his software to the spammers and charged them an annual fee to use it. He could have been the "Microsoft" of the spamming industry.
  
  I would like to point out that, due to dangerously unsecure settings on installation of their home software, Microsoft is already the "Microsoft" of the spamming industry...
  
  Note: WinXP really is better. Win2003 is much better. But if we don't have Microsoft to pick on, just who ARE we gonna pick on?
  
  --
  I am disrespectful to dirt! Can you see that I am serious?!
Hi. I'm Troy McClure by Anonymous Coward · 2004-03-22 02:45 · Score: 4, Funny

Hi. I'm Troy McClure. You might remember me from such search-engine fraud films as "The Altavistan Job", "The Great Dogpile Caper", and "Lycos Grifters IV: Electric Boogaloo".
1. Re:Hi. I'm Troy McClure by ObiWanKenblowme · 2004-03-22 03:02 · Score: 4, Funny
  
  My favorite was "Dial G for Google"
  
  --
  Obvious exits are NORTH, SOUTH, and DENNIS.
I think slashdot just found... by ph4s3 · 2004-03-22 02:45 · Score: 5, Funny

...a new revenue stream.

Hi little guy, this is Cmdr.Taco... We're going to link to your site in an article. What? You say you can't handle the traffic? For the low low cost of $699 we can grant you a license to mirror your site on our finely tuned slashdot-proof servers.
stupid... by jwthompson2 · 2004-03-22 02:47 · Score: 5, Funny

This guy tried to extort the search engine that allows you to find almost anything including almost anybody and he was expecting to not get caught?

Stupid!

--
Even if I knew that tomorrow the world would go to pieces, I would still plant my apple tree. -Martin Luther
The fine line.... by Kailden · 2004-03-22 02:48 · Score: 4, Funny

For your Occupation, choose 2 of the following three:

1) Fun
2) Well-paying
3) Legal

This guy probably was legal up to the point of threatening Google. I guess that the fine line between the criminal mind and normal everyday greed.

--
I need a TiVo for my car. Pause live traffic now.
Psst ... /. by g0bshiTe · 2004-03-22 02:49 · Score: 5, Funny

I figured out and wrote a perl script to increase my karma. Give me $1200 worth of ThinkGeek stuff, or I'll post it in the forums!!!!

--
I am Bennett Haselton! I am Bennett Haselton!
Interesting by SirLantos · 2004-03-22 02:50 · Score: 5, Funny

A series of funny quotes come to mind: 'You want I should break your links?' 'Mario, I need you to 404 this site.' 'I will ping flood you so fast, you wont know what hit you.' 'I host your site. You've never google me. You dont visit my page. And now you want me to bring down this site. What am I supposed to think?' 'Johhny, I swear, I'll get you your page hits. I just need some more time.'

--
The flying hamster of DOOM rains coconuts on your pitiful city.
Or, putting that in terms we can all understand... by TrekkieGod · 2004-03-22 02:51 · Score: 4, Funny
1. Find random website
2. E-mail admin, and threaten to bring site down by posting story on slashdot
3. ???
4. Profit!!!
Very similar to the google case, I think step 4 only applies to the lawyers
--
Warning: Opinions known to be heavily biased.
What a daft bugger. by ackthpt · 2004-03-22 02:51 · Score: 5, Interesting

Spammers don't need programs like that. People who have ads on their web pages and want to generate hits on the ads would want that.
Spammers, on the other hand, have now moved onto blogs lately. Fred Rodriguez, a rider Emeryville, CA, for italian team Aqua e Sapone has spams for the usual penis enlargment, diet pills, cheap computer eqz, etc. on his guest book. Spammers got no shame, just like this fool.

--

A feeling of having made the same mistake before: Deja Foobar
sloppy work by The+Clockwork+Troll · 2004-03-22 02:52 · Score: 5, Funny

He was very easy to track down. Apparently, a red flag gets raised at Google whenever anyone actually clicks on those ads. So, they eliminated the guy who needed ink jet cartridges and sent the police in.

--

There are no karma whores, only moderation johns
robots as websurfers by nuffle · 2004-03-22 02:56 · Score: 4, Interesting

This brings up some other related concerns about having robots browse pages, even when the intent is not malicious.

Some ads on websites are sold 'per-view' and not 'per-click', but if a web-crawling robot hits it, should it count as a view? Are the authors of these bots stealing from the advertiser?

A while ago I wrote a bot that posts to slashdot. He even had decent Karma for a while, before getting a bit confused. In any case, my bot would usually post some links in his comments, which could have the effect of altering the target's page ranking on Google (this was not his purpose though). Am I somehow culpable for cheating Google?

Anyway, the point is that I think robots should have some limited rights to view pages and do human-like behavior on the net.
Anyone remember AllAdvantage? by cr@ckwhore · 2004-03-22 02:56 · Score: 5, Interesting

Anyone remember the company AllAdvantage (was that really the name?) that paid users to click on ads during the dotcom boom? I remember almost everyone was into it ... people were making hundreds, even thousands of dollers per month.

Of course, none of the ad traffic was legitimate! There were tons and tons of scripts and programs that would click the ads for you ... set it up to run all night, go to sleep, wake up rich in the morning. That's probably why the thing was so popular!

I remember the comany would implement anti-cheat methods every couple of weeks, even to the point of tracking mouse movements ... the idea being that if the mouse wasn't moving, but clicks were coming in, then it was a cheat.

Ok, well... as always, cheaters take things to the next level. The ultimate cheat was one that surfed the web from a pre-determined list of web sites, while randomly moving the mouse cursor around the screen, and clicking every couple of seconds. Worked like a charm!

No more AllAdvantage.

Google has more sophisticated technology than AllAdvantage though... its almost impossible to cheat google. Even if this dumb-ass really did write a program to click ads on his own sites, google would catch that. There's AdSense partners getting canned every day for suspicion of cheating, when sometimes it's only as simple as an innocent erroneous click on their own ads. It happens... check the adsense forums. I doubt this guy would have been able to execute much of his plan successfully.

--
Skiers and Riders -- http://www.snowjournal.com
1. Re:Anyone remember AllAdvantage? by CGP314 · 2004-03-22 03:21 · Score: 4, Interesting
  
  Wow, I forgot all about AllAdvantage. I still have an old website on fortunecity.com plugging that service. (I sadly want to gain control of that site again, but I forgot my username/password)
  
  As I remember it, you didn't get paid for clicking on the ads, AllAdvantage displayed a banner ad on the bottom of your computer and paid you to `look' at it. But all it really kept track of was if the mouse was moving.
  
  I had a friend send me a script to move the mouse around while I slept, but AA cought on to that pretty quickly.
  
  So, I just tied my mouse to a rotating fan. Sometimes the simplest solution is the best.
  
  -Colin
Was he also wearing. . . by Fantastic+Lad · 2004-03-22 02:57 · Score: 4, Funny

a pair of those blinking Nikes while running away from the cops?

-FL
this never would've happened... by irokie · 2004-03-22 02:57 · Score: 5, Funny

this never would've happened if they didn't offer google in "hacker"

--
and if you see me strut, remind me of what left this outlaw torn...
Comment removed by account_deleted · 2004-03-22 03:02 · Score: 5, Interesting

Comment removed based on user account deletion
No results, but five advert boxes by blorg · 2004-03-22 03:07 · Score: 5, Informative

Ironically, while that exact search does actually come up with 0 results, there are 5 'sponsored links' offering 'Secrets behind AdWords', 'Create AdWords Cash' and so on...
I did the same thing.... by DeionXxX · 2004-03-22 03:10 · Score: 4, Interesting

I uhhh... made the same program last year in January or so at a client's request. I was skeptical that I could defraud Google's AdWords, but I ended up being successful. Out of respect, I never gave the client's his program even though it worked and sent it over to Google and told them about their vulnerability.

Defrauding Google, is like defrauding a family member or something...

I'm glad this ass got caught.

-- D3X
Re:Um,,, by Ill_Omen · 2004-03-22 03:22 · Score: 4, Insightful

The problem is that this guy's (alleged) program's sole purpose was to commit fraud.

To continue your gasoline example, it'd be like developing a method to fool the 'pay-at-the-pump' system into giving you gas without actually charging your credit card, and then telling the gas station that if they don't give you $100,000, you'll publish the program in the USA Today(tm).
Re:Story Full of Errors? by nsingapu · 2004-03-22 03:23 · Score: 4, Informative

Google does not pay website owners for AdWords. The owners pay Google to for advertising space on Google.

Google does pay website owners for displaying adwords, in its adsense program.

The problem with the guys attempted extortion is that google charges advertisers more then it pays out on the adds, and as such this guys program, if sucessful, still makes google a buck. That said the amount advertisers pay on adds is determined by a number of criteria such as CTR (which is why googles adds are generally of good quality; better, more relevant, and therefore more clickable adds can be put in top positions for less then irrelevant adds) and as such something of this nature could potentially really screw up advertising related statistics and revenue for google.

--
How do I keep track of people who are fingering
Organized crime is already in on it by Len · 2004-03-22 03:26 · Score: 4, Informative

A harbinger of organized crime to come? That's a real nice website you have here... a shame if anything were to happen to it...
This has been going on for a while. Just last week, for instance, some bookie sites in the UK were DoS'd and then received demands for money.
My guessing the specs by Felinoid · 2004-03-22 03:32 · Score: 5, Interesting

Google dosen't just have text link adds on Googles website. They also have ads on OTHER peoples websites and pay those websites for that.

With out banner adds or pop ups (Thwap the guy who called Google ads POP UPS) you'll need some software on your server to make this work.

Im guessing this guy hacked this software so he can send bad any data he wants and is expecting Google to act like Microsoft and pay to keep it quiet.

He picked the wrong target. Find a defect in Windows.. a nasty one.. and bribe Microsoft to stay quiet. They appear all fine with the extrotion scams and all about security by obscurity.
(I'm joking BTW.. Try that and Microsoft will thump you something nasty AND clame your defect is fraudulent)

--
I don't actually exist.