Google Bombing, Reputation Attacks and more: How Do You Want Me to Harm You?

Ashwin Satyanarayana
Categories : Security privacy ,Internet
Tags : Internet security privacy topics phishing scams

Page content

Here’s a little story about Castle Cops, a voluntary Security Committee, which had some evil rubbed off on it in a very different and rather quirky manner. A bunch of hackers had take taken advantage of the fact that Castle Cops accepted donations from PayPal and was a not-for-profit organization. These hackers had apparently figured out the login credentials of some PayPal accounts and used this to send multiple payments to CastleCops. Obviously, the PayPal users were enraged when they figured out that the payments had been sent without their consent and without their knowledge. This event led to some bad press and harmed the reputation of Castle Cops even though they were not in the wrong.

This is another form of attack called a “Reputation Attack”. The hackers aren’t here for fun and they certainly aren’t here for money. They are here to ruin your name in public and to see if they can rub some black ink on your faces.

Reputation Attacks can be on Individuals or on companies and that probably sums up the entire Internet population. Earliest cases of reputation attack have been registered with Yahoo.com, Ebay.com and such like and they were done primarily using DOS or DDOS attacks. Lately, a plethora of techniques have been employed and we delve into a couple of them here.

Reputation Attack can be performed by a technique called “Google Bombing”. Organic listings find their way to the top of Google’s search listing and the company is able to maintain that position. However, if you look at any Google SERP (Search Engine Result Page) you will also notice a couple of links right the very top with a slightly differently colored background – these are paid listings (apart from the ones you see on your right). These listings cost money and companies usually spend to have their listed there for the appropriate keyword typed. The hackers utilize this opportunity by having a link placed there which would be a site that has all sorts of information targeted to ruin the company’s reputation. For instance, if the hackers want to ruin the reputation of goodrepco.com, they would put up a link like ihategoodrepco.com and then flood it with contemptuous content.

Google Also uses a “Page Rank” System to ascertain a site’s popularity and simultaneously tends to penalize a site for excessive and aimless link feeding into the site. Hackers just insert links into legitimate sites and populate these sites by adding these links for no reason and make Google penalize these sites, thereby ruining the site’s popularity, name and reputation.

Anatomy of A reputation Attack

Before and After Scenario