The Vanishing Click-Fraud Case

PreacherTom writes "In March of 2004, a computer programmer arrived at Google's offices with one goal in mind: blackmail. He had invented a program called "Google Clique", which could generate millions of fake clicks to Google's ads. The price to avoid disaster: $150,000. At the time, it didn't end well for the programmer; Google had the police in the next room. However, a few days ago the U.S. Attorney quietly dropped the case. The reason: apparently Google was unwilling to cooperate with prosecutors. Why the odd behavior?"

404 File Not Found

[InfinityWpi (175421)]

Cute, guys. Reeeeeal cute.

*groan*

[voice_of_all_reason (926702)]

What's with both the article and summary playing to the channel 5 action stopper team "Why?!?!?" question?

Duh, that's the point of blackmail. You don't show your hand until you have something that will discourage the victim from turning you into the police. Obviously, the guy could've released the method to the public and caused Google more than letting him go.

Re:

[TubeSteak (669689)]

Obviously, the guy could've released the method to the public and caused Google more than letting him go.

I bet Google was more worried about the discovery process than the guy's program.

The guy could really do some damage by requesting all kinds of information which might become public record... information that Google wouldn't want to let out.

Re:

[iamhassi (659463)]

Exactly. This is genius really. The guy's been dragged over the coals for the last 2 years. Arrested, interrogated, numerous court appearances, fear of 20 years in jail. Who would want to ever go through that again??

If I knew how to do click-fraud I'd just try and forget as soon as possible. In the US legal system you're pounded-in-the-ass by the law first, then you go to jail, so I don't wanna even be accused of knowing how.

Umm..

[OneSmartFellow (716217)]

First question: What did they have to gain by persuing it ? not much me thinks

Next question: What did they have to lose by persuing it ? trade secrets, embarassment, other

Analysis: Very predictable.

Re:

[jessecurry (820286)]

yeah, they already scared the guy, and didn't have to pay him $150,000
If they would've taken this to court there is a good chance that their algorithm would become public knowledge, which would cause them to lose much more money and credibility..... plus sending someone to jail might fall under the "evil" side of things, in a karmic sense at least.

Re:

[R2.0 (532027)]

How on earth is helping send a blackmailer to jail "evil" in ANY sense, karmically or other?

Re:

[jessecurry (820286)]

because being in jail is unnatural. there is a strong notion developing that jail does absolutely nothing to benefit society. Actually, most people in the US are in jail for drug related crimes, which are arguably victimless, so getting those people off the streets doesn't make the streets any safer.
I understand that blackmail is a different story, but putting someone in jail doesn't help the victims of the blackmail, nor does it do anything for society, other than creating another welfare case.
In New Yor

Re:

[drinkypoo (153816)]

because being in jail is unnatural. there is a strong notion developing that jail does absolutely nothing to benefit society. Actually, most people in the US are in jail for drug related crimes, which are arguably victimless, so getting those people off the streets doesn't make the streets any safer.

Actually, less than fifty percent of the people in prison are there for drug-related crimes, more are there for violent crimes. Now, perhaps more than fifty percent of the people going through the courts are

Re:

[R2.0 (532027)]

"Yeah, that's great corporate citizenship on Google's part. In order to avoid paying _A BLACKMAILER_they call law enforcement...(irrelevant crap)"

There, fixed that for ya. You see, blackmail is a criminal offense. It is the police and prosecutor's JOB to spend public resources going after suspected criminals. Google did their part by cooperating with the police in the investigation and arrest. If anything, the prosecutor should be sanctioned for NOT pursuing so obvious a case as this.

Re:

[Dhalka226 (559740)]

Erm... I didn't RTFA--is it substantially different from the summary? Because the summary says:

However, a few days ago the U.S. Attorney quietly dropped the case. The reason: apparently Google was unwilling to cooperate with prosecutors. Why the odd behavior?

Google called the cops, let them build a case, then refused to cooperate with the prosecution. They did NOT do their part by cooperating, and the prosecutor only dropped the case because of that.

Coincidence?

[spellraiser (764337)]

<tinfoilhat>

But on Nov. 22, the U.S. Attorney's Office quietly dismissed charges against Bradley.

November 22 is the day they killed Kennedy! Coincidence? You be the judge ...

</tinfoilhat>

Re:

[aitikin (909209)]

Best usage of I've ever seen.

Trade Secrets

[KermodeBear (738243)]

Google was unwilling to cooperate with prosecutors. Why the odd behavior?

This is pure speculation, but perhaps the courts wanted Google to reveal some, or all, of the methods it used to detect click fraud; they would not want that information revealed. A trade secret like that would be far more valuable than a guy in prison.

Did Google hire the guy?

[xxxJonBoyxxx (565205)]

Did Google hire the guy?

It's a serious question; some firms actually do hire the black hatters who targetted them.

Re:

[Intron (870560)]

I don't think so. He sounds like a real bozo. Here's an online conversation where he uses the name CountScubula [searchguild.com] and explains what he is doing. I suspect Google strung him along until they figured out what he had, then modified their anti-cfraud software to detect it, then dropped him.

Re:

[liquidpele (663430)]

Who did that? I'd like to know, because that's retarded.

Re:

[ZachPruckowski (918562)]

It's not that uncommon. The theory is that the you can buy the guy's loyalty, and if he's skilled enough to hack you, he's smarter than your guys (or at least smart enough to be on the team). There are a lot of things that are easier to "train" into someone than talent.

Re:

[try_anything (880404)]

Right. Black hat hackers really want boring, defensive corporate jobs; they just need a foot in the door. It's just like the time a teenager did donuts on my lawn, and I hired him as a chauffeur, because what he REALLY wanted was to wear a silly little hat and be at his employer's beck and call ten hours a day.

There's no risk of them getting bored and using your company resources to attack other targets, because they love bourgeois success too much to risk it for a thrill.

White hat hackers, on the other h

Re:

[hymie! (95907)]

The United States Government. [wikipedia.org]

Has anyone done that since the 80s?

[Beryllium Sphere(tm) (193358)]

All the cases I'd heard of were long, long ago. Are there any recent examples of somebody being that dumb?

Re:

[Unlucke (1026008)]

some firms actually do hire the black hatters who targetted them

No, sorry; just because you read on the intarwebtubes-livejournal of xxxhax0rboixxx that he was hired by "teh Googel" does not make it true, as much as your hope for a bright future would like to make you want to believe it.

with a comment like this, no wonder it was submitted by an Anonymous Coward... i do have a question though, did you happen to read his entire post, or did you only read the last part /derail_off

only 150K?

[elcid73 (599126)]

I'm curious... if he could generate 30K per month with his program, why only extort for 150K?

Why not just run it for 5 months and call it good?

Re:

[phoenix.bam! (642635)]

The lump sum payment would be guaranteed while he had no way of knowing if Google would be able to stop his software from running after a couple months, at even a few days.

Re:

[antifoidulus (807088)]

One possibility that he was playing chicken with google and his software really didn't work as advertised. He probably figured that to an individual, $150k is a lot of money, but to google it is the proverbial fart in a windstorm so they would just let it slide under the table rather than generate lots of press. However, he figured wrong and even though google isn't pressing charges(perhaps due to the fact that they would reveal more information than its worth) the huckster still got just deserts: he did

Re:

[m0rph3us0 (549631)]

If he tried to defraud Google then Google should press their case. Since they do not feel like pressing their case and have given no reason for not pressing it we can only assume they do not believe he defrauded them. Also, being able to create a program to generate "clicks" makes you very valuable.

Re:

[aminorex (141494)]

There is, of course, a very real difference between fraud and blackmail. Blackmail is often legal, for example, while fraud is generally not legal. If he had operated the program to Google's detriment he would have been perpetrating a fraud. The fact that the offer to Google was an offer to not commit an illegal act makes the offer an illegal form of blackmail.

Re:

[foniksonik (573572)]

It's like a a DOS attack... on it's own it isn't monetized. To make click fraud work he'd have had to go to a lot of effort... OTOH he could easily release it to the world and many others WOULD go through the effort and even if unsuccessful it would cause havoc and potentially lawsuits from legitimate service users... so extortion to NOT release it was the easiest route to take, AND he wanted to make it easy for them to buy him off.

It should have worked. Any normal company would have paid him off and made h

Re:

[metamatic (202216)]

I dunno, I don't think paying the guy off is ever a smart move. The thing is, writing software to generate clicks that appear to come from all over the Internet is really not that hard to do. The tough part is working out how to make money by doing it, without breaking the law and getting caught.

Re:

[skotte (262100)]

This got me thinking. Perhaps he wanted the lump sum which he assessed as being the value of running it a number of months, until Google caught up with him and repaired the bug. Which then suggests a possible scenario in which he didn't so much come planing to blackmail, but rather came planning to sell his information. Mind you, I don't know the guy or the situation really. Some people have said he's a real knob, which could be. But I can easily imagine him identifying a hole, and thinking to himself

Scale and time

[Beryllium Sphere(tm) (193358)]

>Why not just run it for 5 months and call it good?

Crime has cost-benefit analyses just like legitimate business.

If he ran the scam himself, he'd be limited to what one individual could do before some Google engineer figured out a way to block it.

If he tried to sell his program to other criminals, he'd be betting that criminals wouldn't pass along unauthorized copies.

If he released it for free, it would cost Google way more than he could have stolen on his own, but he wouldn't see most of that kajillion

Oxygen of Publicity

[DamonHD (794830)]

Maybe G just doesn't want to give the story any more credibility, but in any case, not exposing its anti-fraud methods in court would be a good enough reason. Why give the bad guys more info than you have to?

Rgds

Damon

Re:

[drsquare (530038)]

Or more than likely, Google like clickfraud because it increases their profits.

Why did they need google's info?

[phorm (591458)]

What I don't understand is why they needed to know about google's click or anti-click-fraud system to punish the guy. Yes, they might need to know such to assess damages for financial issues, but blackmail/extortion would be illegal regardless. If they've got the cops in the next room taping the guy making a "pay me out or else I'll do X", the feasibility or impact of X is not so important as the fact that the individual has already attempted to extort money from google.

Re:

[mindwar23 (964732)]

In order to proove that "I'll do X" would financially damage Google, they would have to provide some kind of supporting evidence that the product's public release would hurt them. I think it's safe to assume that this evidence consists of closely gaurded trade secrets that Google did not want to risk exposing in open court...

Re:

[tsstahl (812393)]

"pay me out or else I'll do X"

There is a fine line between a business negotiation and extortion. The enterprising lad in question was trying to sell a program to Google. What that program does is a separate issue.

Re:

[phorm (591458)]

Incorrect. It would be a sales attempt it he stated "I will sell you this software that does X for $150,000"

It's extortion if he states "If you don't pay me X I will give this software/info/etc to others that can use it against you"

The threat was not the sale of the software to google, but to others who would use it against them.

Re:

[greenrd (47933)]

It's extortion if he states "If you don't pay me X I will give this software/info/etc to others that can use it against you"

But doesn't this happen in perfectly legal negotiations, such as business takeover negotiations? "If you don't buy my company and its technology for the price I'm asking, I'll sell it to your competitors"...

Re:

[Onan (25162)]

You may be thinking of the wrong "they" here. The judge and the prosecutor might not feel that they need that information, but they're not the only parties involved.

If you're accused of a crime, you have fairly broad ability to subpoena any information that you can make an even remotely plausible case for being related to the issue at hand.

So all this guy's lawyer would need to say to the judge is, "We believe that click-fraud is so rampant that the defendant's tool would not have caused any further harm. A

Re:

[cswiger2005 (905744)]

While it might be relevant in a civil trial where Google claimed a certain level of damages and the defendant claimed that the amount Google lost wasn't actually what Google claimed, Google doesn't have to prove it lost money from click-fraud for the criminal case to proceed, nor would showing that other people commit click-fraud be a mitigating defense against the blackmail/extortion attempt.

Sure, a defendant does have fairly broad rights to subpoena relevant information to his defense, by no means does th

fixed

[tehwebguy (860335)]

maybe google just fixed it

What lesson does this teach the next evil genious?

[vinn01 (178295)]

To me it says: There is no profit in independent security research. Go ahead and release your research findings to the public. It will cost Google (or whatever corporation) untold millions of dollars, but they will pay nothing for your work. If you ask for money, you will be accused of blackmail and sent to jail (until they fix the exploit and drop the charges).

Why are exploits expected to be donated? I acknowledge that there is a fine line between asking for a bounty and blackmail. But to treat boun

Re:

[cswiger2005 (905744)]

Some organizations like iDefense will pay a bounty for independent security research.

Otherwise, you can gain some degree of credibility by detecting and publishing security exploits, and there are organizations which will hire "white-hat" teams to perform penetration testing, or hire people who have a good security track record to fix major security holes, but a big part of that involves working with the organizations and being willing to not publicize security exploits until the vendor has had a reasonable

I thought it was kinda obvious.

[Anachragnome (1008495)]

Call the cops in, prosecution gets court orders to search his properties (including hardrives, etc.), have that info shared under discovery (probably shared by the prosecution in order to build a case and verify that he actually had something in which to blackmail with. Important in a blackmail case as it shows intent.), then drop the whole shebang.

Once they have the information, they can then fix/modify the filters, all without having to pay the guy his blackmail demands or ever allow any of it to reac

...like AT&T's Blue Box response.

[ivi (126837)]

  Maybe the Programmer hinted (or threatened) a release
  of How To Do It info... to all the rest of us

Absolute Power

[stuffduff (681819)]

Didn't Google Invent Click-Fraud? I thought they held the patent! When I see the Google adds they almost never take me to the website, but if I Google the site name I can usually find a url that gets me reasonibly close to where I was hesded in the first place.

Re:

[Aladrin (926209)]

Except that if their plan was to profit from his 'fraud', they wouldn't have set him up in the first place. They'd have just 'called his bluff' and let him do it.

Instead, they chose to have him arrested and let the world know about his scheme. We don't know WHY they chose not to prosecute, but I seriously doubt it has anything to do with being evil.

Re:

[krotkruton (967718)]

"Do no evil", my ass.

Right, because a company ONLY cares about money and making more of it. And the only way to make more money is to do things that are "evil" because having morals and making decisions based on them wouldn't be good for business.

Re:

[Atrox666 (957601)]

If you are the CEO or any senior exec of a public company you have to sign a piece of paper that commits you legally to chasing profit for the stock holders.

If there was any commitment from government toward making society better then maybe there would be repercussions for certain activities that would punish execs who do things like screw up the environment or rip off their customers.

Since corporations run government maybe we should get to vote for CEOs.
Then we could call our system a democracy again.

Re:

[krotkruton (967718)]

If you are the CEO or any senior exec of a public company you have to sign a piece of paper that commits you legally to chasing profit for the stock holders.

Yeah, I get that, but where does it say that the only way to raise profits is to do evil things? So many people have adopted this idea that corporations are evil because all they care about is money, while this isn't true at all. You can care about money and still do good things. Here's a real shocker: you can do good things and make money by doing