Podcast: Bad Things

By | July 28, 2020
0 Comment

The BBC World Service Business Daily version of my piece on link scams.  (The Business Daily podcast is here.)  

Loose Wireless 110803

To listen to Business Daily on the radio, tune into BBC World Service at the following times, or click here.

Australasia: Mon-Fri 0141*, 0741 

East Asia: Mon-Fri 0041, 1441 
South Asia: Tue-Fri 0141*, Mon-Fri 0741 
East Africa: Mon-Fri 1941 
West Africa: Mon-Fri 1541* 
Middle East: Mon-Fri 0141*, 1141* 
Europe: Mon-Fri 0741, 2132 
Americas: Tue-Fri 0141*, Mon-Fri 0741, 1041, 2132

Thanks to the BBC for allowing me to reproduce it as a podcast.

Taking Shady RAT to the Next Level

By | November 22, 2011
0 Comment

I know I’ve drawn attention to this before, but the timeline of McAfee’s Operation Shady RAT by Dmitri Alperovitch raises questions again about WikiLeaks’ original data.

Alperovitch points out that their data goes back to mid-2006:

We have collected logs that reveal the full extent of the victim population since mid-2006 when the log collection began. Note that the actual intrusion activity may have begun well before that time but that is the earliest evidence we have for the start of the compromises.

This was around the time that Julian Assange was building up the content that, he recounted in emails at the time, that his hard drives were filling up with eavesdropped documents:

We have received over 1 million documents from 13 countries, despite not having publicly launched yet! (Wikileaks Leak, Jan, 2007)

Although Assange has since denied the material came from eavesdropping, it seems clear that it was, until McAfee’s report, the earliest example of a significant trove of documents and emails stolen by China-based hackers. This may have been the same channel stumbled upon a year later by Egerstad (Dan Egerstad’s Tor exit nodes get him arrested and proves a point I made in July | ZDNet).

There were, however, reports in mid 2006 of largescale theft of documents: State Dept (May), and NIPRNet (June), US War College (Sept) and German organisations (October).

I would like to see more data from McAfee and, in the interests of transparency, at least the metadata from the still unrevealed WikiLeaks stash in order to do some note comparing and triangulation. I’d also like to see this material compared with the groundbreaking work by three young Taiwanese white hats, who have sifted through malware samples to try to group together some of these APTs: APT Secrets in Asia – InSun的日志 – 网易博客.

The work has just begun.

Getting Paid for Doing Bad Things (12″ version)

By | November 22, 2011
0 Comment

This is the extended version of my earlier blog post. The BBC finally ran my commentary so for those of you who want more info, here it is:

Think of it as product placement for the Internet. It’s been around a while, but I just figured out how it works, and it made me realise that the early dreams of a blogging utopia on the web are pretty much dead.

Here’s how this kind of product placement works. On the Internet Google is like a benevolent dictator: it creates great stuff we love, and with which most of the net wouldn’t work. But it also wields great power–at least if you’re someone trying to make money off the web. Because if you don’t show up in Google’s search results, then you’re nobody. It’s the equivalent of exile, or solitary confinement, or something.

A lot of money is spent, therefore, in gaming your website’s position in Google’s rankings. But you have to be careful. Google also spends a lot of money tweaking its algorithms so that the search results you get are not gamed. Threat of exile is usually enough to keep most web players in line.

But because Google doesn’t issue a set of rules, and doesn’t explain why it exiles web sites, the gray area is big. And this is where the money is made.

One of the mini industries is something called link building. Google reckons a site with lots of links to it is a popular site, so it scores highly. So if you can get lots of sites to link to yours, you’re high up in the results.

Now it just so happens that some of the pages on my modest decade-old blog score quite highly here. So I suppose it was inevitable that link building companies would seek me out.

A British company, for example, called More Digital offered me a fixed upfront annual fee for a “small text-based ad” on my website. As intriguing was the blurb at the bottom of the email:

You must not disclose, copy, distribute or take any action in reliance on this e-mail or any attachments. Views or opinions presented in this e-mail are solely those of the author and do not necessarily represent those of More Digital.

Clearly these guys mean business, I thought, so I wrote back to Alicia Ross. She was excited to hear from me, and offered two options: one was a simple link in my collection of recommended web sites. The idea would be that I would include a link to their client’s website–whoever it was–alongside my real recommendations.

The other was “one page simple text”:

The advert will be text, not a visual banner It will appear in the content, and only on a single page of your website. Our writers will provide you with a copy that will fit naturally into your existing content.

(I think she means “copy” rather than “a copy”). For this I would earn $200 a year per ad if the client was a poker, casino or bingo site;

Now in Internet terms this is big money. It would take me a month or so to make that kind of dosh on simple Google ads on my website. Now they’re talking about one simple text link and I get the cash in two days!

But hang on a minute. There’s that ethics thing in the back of my mind. I have to listen to it a second.

The first one I’m not crazy about: What’s the point of a collection of recommended links if I don’t actually recommend them myself?

But the second one took some getting my head around. I couldn’t figure out what she had in mind, so I asked her. And this is when I started to get really depressed.

Basically what they’re after is me inserting a sentence into an existing blog post that links to their client. These guys are not interested in a new post. That would take time to rise up through the ranks of Google; they want to tap into my micro-Google fame. And remember this is not an ad. It’s a plug. It’s product placement. In a piece that is supposed to otherwise be straight, authentic and, well, me. I like to think that’s why it has Google juice.

By the time I got back to Alicia the offer was off the table as all the spots had been picked up. Clearly this is a well-oiled business. But then I got another, from a different company. Mayra Alessi was contacting me on behalf of a U.S. company selling identity theft protection, which she wanted me to link to in a piece I wrote two years ago about a privacy problem with Facebook. For $30 a month.

Mayra, if it was she, proposed I add a sentence at the end of a paragraph on how Facebook needs to fix the way they handle friendshipt requests as follows:

Mistakes like these from Facebook, make us more and more vulnerable to identity theft, that is why it is important to understanding identity theft in the USA.

Clearly Mayra hasn’t made her way in the world based on her copyediting, grammar or punctuation skills.  And the irony hasn’t escaped me of a company peddling identity theft protection is at best unaware that companies operating in its name are paying websites to mislead their readers, and Google.

What’s wrong with all this? Well, I guess the first thing is the seediness. A company is basically hiring another company to fiddle its rankings on Google–instead of just producing the kind of kick-ass content that it should be building it leeches off my kick-ass content.

And it’s not just seedy, it’s illegal. Well, as far as Google is concerned. Only the other day someone complained on a Google forum after getting his sites bumped off Google’s index. The reason, he suspects, is that he took $75 from one of the companies that contacted me for linking to a site about bikes. And these companies must know that. I guess that’s why the fees seem quite high for the chicken feed that niche blogs like ours are used to earning.

The point is, that the companies apparently funding this kind of activity–those whose websites benefit from the link love–are not necessarily sleazy gambling sites. I was invited to link to were an Internet security company. Among companies willing to pay me $150 for a link are, according to one of these link building outfits trying to get me aboard, are those selling mobile phones, mobile phones, health and fitness, travel, hotels, fashion, Internet services, insurance, online education and, somewhat incongruously, recycling companies.

To me this is all the more sleazy because these are real companies with offices in the UK and US and they’re clearly proud of what they do. We’re not talking Ukrainian spammers here. But their impact, in a way, is worse, because with every mercenary link sold they devalue the web. I’ve been doing a blog for nearly 10 years now, and the only thing that might make my content valuable is that it’s authentic. It’s me. If I say I like something, I’m answerable for that. Not that people drop by to berate me much, but the principle is exactly the same as a journalistic one: Your byline is your bond.

All in all, a tawdry example of where the blogosphere has gone wrong, I reckon. Keep your money. I’d rather keep the high ground.

Did Prolexic Fend Off Anonymous’s Sony Attacks?

By | November 22, 2011
1 Comment

Prolexic, a company that defends clients against Distributed Denial of Service (DDoS) attacks, says it has successfully combatted the “Largest Packet-Per-Second DDoS Attack Ever Documented in Asia”:

“Prolexic Technologies, the global leader in Distributed Denial of Service (DDoS) mitigation services, today announced it successfully mitigated another major DDoS attack of unprecedented size in terms of packet-per-second volume. Prolexic cautions that global organizations should consider the attack an early warning of the escalating magnitude of similar DDoS threats that are likely to become more prevalent in the next 6 to 8 months.”

Although it describes the customer only as “an Asian company in a high-risk e-commerce industry” it could well be connected to the recent attacks on Sony by Anonymous. A piece by Sebastian Moss – The Worst Is Yet To Come: Anonymous Talks To PlayStation LifeStyle — in April quoted an alleged member of Anonymous called Takai as reacting to unconfirmed reports that Sony had hired Prolexic to defend itself (Sony Enlists DDoS Defense Firm to Combat Hackers):

“It was expected. We knew sooner or later Sony would enlist outside help”. Pressed on whether Anonymous would take out Prolexic, Takai showed confidence in the ‘hacktavist’s’ upcoming retaliation, stating “well, if I had to put money on it … I’d say, Prolexic is going down like a two dollar wh*** in a Nevada chicken ranch  ”. He did admit that the company “is quite formidable” and congratulated “them for doing so well”, but again he warned “We do however have ways for dealing with the ‘Prolexic’ factor”.

The website also quoted Anonymous members expressing frustration at the new defences, but that they appeared to be confident they would eventually prevail. That doesn’t seem to have happened.

Prolexic’s press release says the attacks had been going on for months before the client approached the company. The size of the attack, the company said, was staggering:

According to Paul Sop, chief technology officer at Prolexic, the volume reached levels of approximately 25 million packets per second, a rate that can overwhelm the routers and DDoS mitigation appliances of an ISP or major carrier. In contrast, most high-end border routers can forward 70,000 packets per second in typical deployments. In addition, Prolexic’s security experts found 176,000 remotely controlled PCs, or bots, in the attacker’s botnet (robot network). This represents a significant threat as typically only 5,000-10,000 bots have been employed in the five previous attacks mitigated by Prolexic.

It does not say why it considers the attack over, now gives any timeline for the attack. But if it is Sony, it presumably means that Anonymous has withdrawn for now or is preoccupied with other things. Prolexic, however, is probably right when it warns this is a harbinger of things to come:

“Prolexic sees this massive attack in Asia with millions of packets per second as an early warning beacon of the increasing magnitude of DDoS attacks that may be on the horizon for Europe and North America in the next 6 to 8 months,” Sop said. “High risk clients, such as those extremely large companies in the gaming and gambling industries in Asia, are usually the first targets of these huge botnets just to see how successful they can be.”

Why the Sunday Sun is a No-Brainer

By | February 20, 2012
0 Comment

There’s lots of talk now that Murdoch is going to sell up his UK newspapers, all his newspapers, and that he’s not going to launch a Sunday edition of The Sun. They may all be true. But if he did any of those, he’d be throwing money away.

2011 07 Newspapers in UK

Take a look at the readership figures, courtesy of the National Readership Survey – Latest Top line Readership. All the UK newspapers have a Sunday edition, with the exception of the Financial Times. And, with the exception of The Times and the Sunday Times, there’s a close relationship between those who buy the dailies and the Sunday, in terms of numbers, and of their socio-economic group:

To me it’s pretty obvious that the News of the World was, in essence, the Sunday edition of The Sun in all but name. Of course, Murdoch may have bigger fish to fry, but in raw numbers, the way to go is obvious.