Man Accused of Attempting to Extort Google 302
sandalwood writes "A programmer has been arrested on charges of attempting to "threaten Google with a software program he devised that creates phony clicks on pop-up advertisements delivered by Google. Google pays Web site publishers companies a certain amount for legitimate hits on those ads, but Bradley created a method that generates false clicks that appeared to be real Internet traffic, which would have repeatedly defrauded Google... Bradley contacted Google in early March, informing company officials that he had created the program and wanted $100,000 to keep him from selling it to spammers, according to an affidavit by a U.S. Secret Service agent." A harbinger of organized crime to come? That's a real nice website you have here... a shame if anything were to happen to it..."
Or vice versa (Score:4, Interesting)
Random words mixed in with the key ones, random delays between searches, random User-Agent, etc., etc. Seems like it would be easy to do, and hard to track...
Simon.
Re:Or vice versa (Score:3, Insightful)
The problem comes in when there are all these databases of open web proxies and code in CPAN for accessing and using those. :/
Re:Or vice versa (Score:5, Informative)
Re:Or vice versa (Score:5, Interesting)
Re:Or vice versa (Score:5, Informative)
Here is summary of my recent experience with Overture's Click Protection [perlworks.com] program. Overture e-mail responses are almost unbelievable.
Re:Or vice versa (Score:5, Informative)
Re:Or vice versa (Score:4, Insightful)
maybe I'm out of line here, but this is not a good topic to brain storm. Why do we want to devises more deviant ways to spam?
And why hurt our precious Google!
Re:Or vice versa (Score:2, Interesting)
Re:Or vice versa (Score:5, Insightful)
And why hurt our precious Google!
1) Because it's our intrinsic human right to think about whatever we want.
2) Because some of us, as server administrators, must deal with spam in all its vile forms, and we therefore must know our enemy.
Re:Or vice versa (Score:5, Insightful)
FYI, thinking is something you do inside your head. Talking, on the other hand, is an action that can have consequences in the world. It's unfortunate that the urge to accept responsibility for the consequences of one's actions is not quite as intrinsic as the urge to run one's mouth.
Re:Or vice versa (Score:3, Insightful)
Talking is distributed thinking. As soon as you start looking down upon talking about abuse, you at the same time prevent anyone from doing anything to stop it.
Re:Or vice versa (Score:3, Insightful)
Re:Or vice versa (Score:5, Insightful)
Pretending no one thought of it is not an effective way to prevent others from thinking of it. We want all possible exploits to be exposed, so they can be dealt with. You're advocating security through obscurity.
Re:Or vice versa (Score:3, Informative)
Re:Or vice versa (Score:4, Insightful)
Re:Or vice versa (Score:3, Insightful)
Re:Or vice versa (Score:4, Informative)
As a more common example, take PGP. PGP uses a well known algorithm, but that does not make PGP insecure. Even if you steal a person's private key - you can only compromise their date, other PGP users are safe.
Security through obscurity is when a system is only secure if its workings/algorithms remain secret. For any system that is to be distributed outside of a controlled environment this is a very bad idea, as it's almost guaranteed that someone will crack it.
Re:Or vice versa (Score:3, Interesting)
If instead, for example, slashdot logged you in based on your ip, then that wouldn't be security though obscurity.
Re:Or vice versa (Score:3, Informative)
Presumably Google is smart enough to check referer logs when charging for adwords. If they don't check referers, a much simpler and more reliable attack is to embed a 1px by 1px iframe in your own high-traffic website.
Re:Or vice versa (Score:3, Informative)
Re:Or vice versa (Score:5, Interesting)
Well, I don't see how this person could offer up a tool for extortion without figuring out how to spoof IP addresses, anyway. Surely, it would raise an alert if most, if not ALL of your clickthroughs came from a single small set of IPs ? Also, one nitpick about the article, since when does Google offer popup advertising ?
I'm quite certain plenty of programmers know how to fake clickthroughs, or they could sit down and figure it out. Spoofing IP addresses, on the other hand, would be slightly more difficult.. and there are only so many open proxies and so on.
On a slightly more depressing note, this sounds like a perfect scheme for all those zombie machines that are being spawned out there (with email worms). Instead of doing a Distributed DOS or sending out spam (which are their current uses, and can be easily traced back), if they were used to randomly send out a few million clicks, or to host a mini link farm for Googlebot's eyes only.... the possibilities for spamming become endless. Scary thought.
Re:Or vice versa (Score:2)
it would take under an hour to write the code
google will even help you [google.com]
TCP Spoofing in a nutshell (Score:3, Informative)
TCP spoofing is quite possible. It's just difficult, and has become progressively more difficult.
Say we have just the idea of a basic handshake (without worrying about the way TCP works for a moment). Host A sends a packet to Host C purporting to come from Host B. Host C sends a packet to Host B saying "you r
Re:Or vice versa (Score:2)
Don't forget random IPs... without that, the tracking becomes very easy
Using Google to extort Google? ;-) (Score:5, Funny)
Search terms: "how to extort" AND money AND "from google"
Re:Using Google to extort Google? ;-) (Score:5, Funny)
Google...
The cause of and solution to all of life's problems
Re:Using Google to extort Google? ;-) (Score:3, Funny)
At least that's Homer's view.
Re:Using Google to extort Google? ;-) (Score:5, Funny)
Suggestions:Also, you can try Google Answers [google.com] for expert help with your search.
No results, but five advert boxes (Score:5, Informative)
Blackmail (Score:2, Insightful)
Re:Blackmail (Score:2, Funny)
Michael Anthony Bradley, 32
Probably still has his mothers umbilical cord attached. Sheesh.
Found him! (Score:5, Funny)
Re:Found him! (Score:5, Funny)
He works for SCO?
Re:Found him! (Score:2)
That'll teach him a lesson... (Score:5, Funny)
Slashdot... (Score:5, Funny)
Isn't this what Slashdot is trying to do? No?
Or, putting that in terms we can all understand... (Score:5, Funny)
Very similar to the google case, I think step 4 only applies to the lawyers
Foolish criminal (Score:3, Insightful)
Re:Foolish criminal (Score:2)
Unlike you...
he would set up a few websites
and rake the money in slowly over a length of time.
Every time he clicks on a link to his own website, he -- as the website owner -- pays Google for it.
Now how do you suppose he's going to make any money at that?
Google syndicate their ads through AdSense program (Score:2)
Google have a programme called AdSense [google.com] in which they put Google AdWords on other websites - I'm sure you've seen them around the net. He could have set up a website, signed up with AdSense, and then had his clicking program click away on those ads on his own website. Result? A cheque from Google for the clicks.
he must have been (Score:4, Funny)
What have we learned? (Score:5, Insightful)
Imagine, he could have licensed his software to the spammers and charged them an annual fee to use it. He could have been the "Microsoft" of the spamming industry.
Re:What have we learned? (Score:5, Funny)
I would like to point out that, due to dangerously unsecure settings on installation of their home software, Microsoft is already the "Microsoft" of the spamming industry...
Note: WinXP really is better. Win2003 is much better. But if we don't have Microsoft to pick on, just who ARE we gonna pick on?
Re:What have we learned? (Score:2)
I thought Microsoft [hotmail.com] was the Microsoft of the spamming industry.
-Colin
Hi. I'm Troy McClure (Score:4, Funny)
Re:Hi. I'm Troy McClure (Score:4, Funny)
I think slashdot just found... (Score:5, Funny)
Hi little guy, this is Cmdr.Taco... We're going to link to your site in an article. What? You say you can't handle the traffic? For the low low cost of $699 we can grant you a license to mirror your site on our finely tuned slashdot-proof servers.
stupid... (Score:5, Funny)
Stupid!
Would this really bother them? (Score:2, Interesting)
No doubt the software would follow a particular pattern, which even in a large amount of data, could possibly be tracked and with regards to things like open proxies, it would surprise me if Google didn't already check for things like that.
Re:Would this really bother them? (Score:2)
Aside from saving themselves $100k, they get to avoid the arms race. Their engineers vs. this programmer and the spammers. Over and over again, measuers, counter-meaures, counter-counter measures, counter-counter-counter measuers ad infinitum.
Besides, if they get this guy sent to PITA prison, that will have a chilling effect on the next poor schmuck who is thinking of fucking with G
Google uses pop ups? (Score:2, Interesting)
BTW, I have also devised a program to simulate fake activity. Use any of the windows based graphical macro programs, load google, search, click the ad, save macro, repeat it in a loop. You could do this in multiple VMWare sessions if you wanted to increase your "productivity".
The fine line.... (Score:5, Funny)
1) Fun
2) Well-paying
3) Legal
This guy probably was legal up to the point of threatening Google. I guess that the fine line between the criminal mind and normal everyday greed.
Slashdot - weapon of mass debandwith (Score:3, Funny)
The way of the future... Just wait till Bush catchs on, Cowboy Neal and Taco will be billionairs with an army of geeks on hand...
TO THE SLASHDOT MOBILE!
Psst ... /. (Score:5, Funny)
Re:Psst ... /. (Score:2, Funny)
Awww, crap, you too? That's common knowledge:
num=int(rnd(0)*5)
select num
MSG="Microsoft sucks."
MSG="Linux rocks!"
MSG="MPAA is bad."
MSG="RIAA is evil."
MSG="This is a repost. Duh!"
end select
printf $MSG
Interesting (Score:5, Funny)
What a daft bugger. (Score:5, Interesting)
Spammers, on the other hand, have now moved onto blogs lately. Fred Rodriguez [fredrodriguez.com], a rider Emeryville, CA, for italian team Aqua e Sapone has spams for the usual penis enlargment, diet pills, cheap computer eqz, etc. on his guest book. Spammers got no shame, just like this fool.
sloppy work (Score:5, Funny)
Ha ha, but AdWords among most effective ads on net (Score:4, Informative)
25%, I shit you not (Score:4, Informative)
We get 10%+ click-through on the most completely generic term for the site. It could possibly be higher, but we also rank first in the normal search results for that term, if you limit your search to one particular country or use the country name as part of the search. Being able to limit AdWords to individual countries is one of the great things about Google - Overture isn't half as good in this regard.
Our *average* click-through over all phrases is much lower, at 3%, largely because with a lot of the other product words we use, people *would* be just searching for information on the product, rather than with a view to purchase. We could raise the click-through by only displaying ad if the search term included words such as 'buy', 'purchase', etc. but 3% is well above Google's cut-off and we aren't paying for the extra impressions, only the clicks, so this suits us fine. We still rank first on most of these search terms (e.g. competing AdWords are seen as less relevant).
Advertising on WebPages is a Joke (Score:3, Interesting)
That would be a nice technology to add to Mozilla 1.x where it automatically hides the advertisement and treats it like a click through where advertisers get tired of paying out.
Re:Advertising on WebPages is a Joke (Score:2)
Not necessarily, all of the extra traffic might lead the mid manager types think that banner ads and popups are working. I'm just waiting until the day that they start paying you to tattoo ads on your forehead.
LK
Too late (Score:2)
Re:Advertising on WebPages is a Joke (Score:3, Interesting)
Actually, I've seriously considered writing a plugin along those lines.
My idea is more of a "reward" thing .. basically, I don't particularly want to be bothered by ads, but it would be nice if I could click on a toolbar button called something like "reward 'em" and moz would do a virtual click on every ad on the page, but loa
Re:Advertising on WebPages is a Joke (Score:3, Interesting)
When you want to buy something, say a w00t shirt from thinkgeek, instead of going straight to thinkgeek, if the user had a small search application that would instantly pull up the thinkgeek banner ad from one of their favorite publishing sites and auto-clicked on it, both the click AND t
Story Full of Errors? (Score:2, Informative)
* Google does not provide "pop-up ads". They provide text-based ads.
* Google does not pay website owners for AdWords. The owners pay Google to for advertising space on Google.
This is my 5000th post.
Re:Story Full of Errors? (Score:3, Informative)
Not true. You can use their adsense program. I think
http://www.google.com/services/ [google.com] http://www.google.com/adsense [google.com]
Re:Story Full of Errors? (Score:4, Informative)
Google does pay website owners for displaying adwords, in its adsense program [google.com].
The problem with the guys attempted extortion is that google charges advertisers more then it pays out on the adds, and as such this guys program, if sucessful, still makes google a buck. That said the amount advertisers pay on adds is determined by a number of criteria such as CTR (which is why googles adds are generally of good quality; better, more relevant, and therefore more clickable adds can be put in top positions for less then irrelevant adds) and as such something of this nature could potentially really screw up advertising related statistics and revenue for google.
Re:Story Full of Errors? (Score:2)
robots as websurfers (Score:5, Interesting)
Some ads on websites are sold 'per-view' and not 'per-click', but if a web-crawling robot hits it, should it count as a view? Are the authors of these bots stealing from the advertiser?
A while ago I wrote a bot that posts to slashdot. He even had decent Karma for a while, before getting a bit confused. In any case, my bot would usually post some links in his comments, which could have the effect of altering the target's page ranking on Google (this was not his purpose though). Am I somehow culpable for cheating Google?
Anyway, the point is that I think robots should have some limited rights to view pages and do human-like behavior on the net.
Re:robots as websurfers (Score:2)
No. Better yet, FUCK NO!
I'm sick of this shit, people don't get it. Just because someone does something that you don't like, such as skipping commercials in PVR'd tv, using a spider to index webpages or downloading a Britney Spears MP3, that doesn't mean that they're stealing!
Re:robots as websurfers (Score:4, Insightful)
using a spider to index webpages: correct
downloading a Britney Spears MP3: incorrect
but 2 out of 3 isn't bad I suppose......
I don't understand... (Score:2)
Anyone remember AllAdvantage? (Score:5, Interesting)
Of course, none of the ad traffic was legitimate! There were tons and tons of scripts and programs that would click the ads for you
I remember the comany would implement anti-cheat methods every couple of weeks, even to the point of tracking mouse movements
Ok, well... as always, cheaters take things to the next level. The ultimate cheat was one that surfed the web from a pre-determined list of web sites, while randomly moving the mouse cursor around the screen, and clicking every couple of seconds. Worked like a charm!
No more AllAdvantage.
Google has more sophisticated technology than AllAdvantage though... its almost impossible to cheat google. Even if this dumb-ass really did write a program to click ads on his own sites, google would catch that. There's AdSense partners getting canned every day for suspicion of cheating, when sometimes it's only as simple as an innocent erroneous click on their own ads. It happens... check the adsense forums. I doubt this guy would have been able to execute much of his plan successfully.
Re:Anyone remember AllAdvantage? (Score:5, Interesting)
As I remember it, you didn't get paid for clicking on the ads, AllAdvantage displayed a banner ad on the bottom of your computer and paid you to `look' at it. But all it really kept track of was if the mouse was moving.
I had a friend send me a script to move the mouse around while I slept, but AA cought on to that pretty quickly.
So, I just tied my mouse to a rotating fan. Sometimes the simplest solution is the best.
-Colin [colingregorypalmer.net]
Was he also wearing. . . (Score:5, Funny)
a pair of those blinking Nikes while running away from the cops?
-FL
this never would've happened... (Score:5, Funny)
Am I missing something here? (Score:3, Insightful)
Prior art! (Score:3, Interesting)
Or is this like the "on the Internet" patents? "I have a spam scam that really works--on Google!"
Idiots (Score:3, Funny)
"See, I have this cache of weapons in my house, and I'll sell them off to criminals at some point if you don't give me the money!"
"Wait...SWAT Team? What SWAT Team?"
"Outside my house?"
Paddy Power. (Score:2, Interesting)
Allready happened in Ireland with Paddy Power
http://www.business.com/directory/media_and_ent
and
http://www.cnn.com/2004/WORL
or just google for Paddy Power and hackers
Comment removed (Score:5, Interesting)
Re:The future of advertisement... (Score:3, Insightful)
Or maybe advertisers will quit trying to quantify per-view or per-link and just pay (or be charged) a flat fee for a time-period run, something more similar to how things work on TV and radio. Rather than making an ad on the web accountable in ways that no other media is required, why not just assume it's getting you market-awareness and presence?
Maybe I'm dense, but... (Score:2)
Doesn't that mean it's not Google that would be defrauded, but the affected advertisers?
I did the same thing.... (Score:4, Interesting)
Defrauding Google, is like defrauding a family member or something...
I'm glad this ass got caught.
-- D3X
Um,,, (Score:2, Interesting)
I mean, he created a product. He was planning to sell it, but if Google is better served by that product not making it to market isn't it common sense that they might want to buy it?
For example, if I developed a way to run my automobiles using water as fuel or to get 200 miles per gallon of gasoline
LK
Re:Um,,, (Score:4, Insightful)
To continue your gasoline example, it'd be like developing a method to fool the 'pay-at-the-pump' system into giving you gas without actually charging your credit card, and then telling the gas station that if they don't give you $100,000, you'll publish the program in the USA Today(tm).
Is this Extortion? (Score:2)
Am I the only one... (Score:2)
Funny thing is, it doesn't feel very different, even if one is legal and the other is not...
Organized crime is already in on it (Score:5, Informative)
My guessing the specs (Score:5, Interesting)
With out banner adds or pop ups (Thwap the guy who called Google ads POP UPS) you'll need some software on your server to make this work.
Im guessing this guy hacked this software so he can send bad any data he wants and is expecting Google to act like Microsoft and pay to keep it quiet.
He picked the wrong target. Find a defect in Windows.. a nasty one.. and bribe Microsoft to stay quiet. They appear all fine with the extrotion scams and all about security by obscurity.
(I'm joking BTW.. Try that and Microsoft will thump you something nasty AND clame your defect is fraudulent)
Ok, I know this is nit-picky... (Score:3, Informative)
extortion != organized crime
This is one programmer acting alone (and stupidly). Organized crime requires an organization. If the programmer had been hired by someone else who had the idea to extort Google but not the technical know-how, this would be organized crime.
Tangent: "software program" (Score:3, Funny)
Okay, *theoretically* there could be a need to distinguish a computer program from, say, a TV program or a spending program or a concert program, but really, how likely is it that a computer programmer is threatening an information service company with information about who's playing second violin tonight?
Only with Google (Score:4, Interesting)
The rate variance is why Google doesn't tell you how much a click is worth. It varies from a few cents to a few dollars and possibly more depending on the ad. I run a programming site so I get some expensive programming ads.
Google is being incredibly generous with their AdSense program and I would hope Google would be able to find a way to take out the idiots who try to abuse it rather than cripple the program.
At the start all ad programs paid decently for click-thrus but morons abused it and morons ran the programs so they couldn't deal with it. Or they simply decided they could make more money if they went pay per sale since the advertisers would get the same amount (or more since web-sites got desperite and would flood visiters) of exposure for a lot less money.
It's an absolutly retarded program from a publisher's view. You basically have to sell the ad. You have to dedicate the page the ad is on to the ad so that people will buy what the ad is selling. The standard is about a 1.0% click-thru rate. And of those you now have a fraction of a percent that will compulsive buy. I had one text ad with Commission Junction that did a 10% click thru rate. But I would only get paid if someone bought the book right then. Nobody did so I never got paid. But the seller got lots of free publicity.
One major game development web-site I know has basically signed up for every ad program on the planet and then ran it through their custom script that selects which program to display an ad from to the visitor. I noticed they have Google Adsense worked into the mix as well. I have to wonder how much that stupid monkey and other flashing banners are worth that they don't just stick with Google and dump the rest of the ad systems.
Ben
so, let me get this straight... (Score:3, Insightful)
Extortion is alive and well online... (Score:3, Informative)
There's a few gangs based in Eastern Europe that are using Windows machines infected with viruses/worms to DDoS gambling sites unless $5,000/month in protection money is paid up.
And let's not forget SCO...
Re:It's not fraud (Score:3, Interesting)
Re:It's not fraud (Score:2, Informative)
Re:It's still not fraud (Score:2, Interesting)
Re:Pop-up's? -- Maybe they were confused (Score:3, Informative)
You get this quite a lot with amazon and paypal among others, both for peo