Follow Slashdot stories on Twitter

 



Forgot your password?
typodupeerror
×
Google Businesses The Internet IT

The Vanishing Click-Fraud Case 57

PreacherTom writes "In March of 2004, a computer programmer arrived at Google's offices with one goal in mind: blackmail. He had invented a program called "Google Clique", which could generate millions of fake clicks to Google's ads. The price to avoid disaster: $150,000. At the time, it didn't end well for the programmer; Google had the police in the next room. However, a few days ago the U.S. Attorney quietly dropped the case. The reason: apparently Google was unwilling to cooperate with prosecutors. Why the odd behavior?"
This discussion has been archived. No new comments can be posted.

The Vanishing Click-Fraud Case

Comments Filter:
  • Cute, guys. Reeeeeal cute.
  • *groan* (Score:3, Insightful)

    by voice_of_all_reason ( 926702 ) on Monday December 04, 2006 @09:44AM (#17098818)
    What's with both the article and summary playing to the channel 5 action stopper team "Why?!?!?" question?

    Duh, that's the point of blackmail. You don't show your hand until you have something that will discourage the victim from turning you into the police. Obviously, the guy could've released the method to the public and caused Google more than letting him go.
    • Re: (Score:3, Insightful)

      by TubeSteak ( 669689 )
      Obviously, the guy could've released the method to the public and caused Google more than letting him go.
      I bet Google was more worried about the discovery process than the guy's program.

      The guy could really do some damage by requesting all kinds of information which might become public record... information that Google wouldn't want to let out.
      • Exactly. This is genius really. The guy's been dragged over the coals for the last 2 years. Arrested, interrogated, numerous court appearances, fear of 20 years in jail. Who would want to ever go through that again??

        If I knew how to do click-fraud I'd just try and forget as soon as possible. In the US legal system you're pounded-in-the-ass by the law first, then you go to jail, so I don't wanna even be accused of knowing how.
  • Umm.. (Score:5, Insightful)

    by OneSmartFellow ( 716217 ) on Monday December 04, 2006 @09:45AM (#17098820)
    First question: What did they have to gain by persuing it ? not much me thinks

    Next question: What did they have to lose by persuing it ? trade secrets, embarassment, other

    Analysis: Very predictable.
    • yeah, they already scared the guy, and didn't have to pay him $150,000
      If they would've taken this to court there is a good chance that their algorithm would become public knowledge, which would cause them to lose much more money and credibility..... plus sending someone to jail might fall under the "evil" side of things, in a karmic sense at least.
      • by R2.0 ( 532027 )
        How on earth is helping send a blackmailer to jail "evil" in ANY sense, karmically or other?
        • because being in jail is unnatural. there is a strong notion developing that jail does absolutely nothing to benefit society. Actually, most people in the US are in jail for drug related crimes, which are arguably victimless, so getting those people off the streets doesn't make the streets any safer.
          I understand that blackmail is a different story, but putting someone in jail doesn't help the victims of the blackmail, nor does it do anything for society, other than creating another welfare case.
          In New Yor
          • because being in jail is unnatural. there is a strong notion developing that jail does absolutely nothing to benefit society. Actually, most people in the US are in jail for drug related crimes, which are arguably victimless, so getting those people off the streets doesn't make the streets any safer.

            Actually, less than fifty percent of the people in prison are there for drug-related crimes, more are there for violent crimes. Now, perhaps more than fifty percent of the people going through the courts are

    • by SurturZ ( 54334 )
      Q: Do no evil?

      A: They're an advertising company!
  • by spellraiser ( 764337 ) on Monday December 04, 2006 @09:45AM (#17098826) Journal

    <tinfoilhat>

    But on Nov. 22, the U.S. Attorney's Office quietly dismissed charges against Bradley.

    November 22 is the day they killed Kennedy! Coincidence? You be the judge ...

    </tinfoilhat>

  • Trade Secrets (Score:2, Redundant)

    by KermodeBear ( 738243 )
    Google was unwilling to cooperate with prosecutors. Why the odd behavior?
    This is pure speculation, but perhaps the courts wanted Google to reveal some, or all, of the methods it used to detect click fraud; they would not want that information revealed. A trade secret like that would be far more valuable than a guy in prison.
  • by xxxJonBoyxxx ( 565205 ) on Monday December 04, 2006 @09:51AM (#17098888)
    Did Google hire the guy?

    It's a serious question; some firms actually do hire the black hatters who targetted them.
    • by Intron ( 870560 )
      I don't think so. He sounds like a real bozo. Here's an online conversation where he uses the name CountScubula [searchguild.com] and explains what he is doing. I suspect Google strung him along until they figured out what he had, then modified their anti-cfraud software to detect it, then dropped him.
    • Comment removed based on user account deletion
      • It's not that uncommon. The theory is that the you can buy the guy's loyalty, and if he's skilled enough to hack you, he's smarter than your guys (or at least smart enough to be on the team). There are a lot of things that are easier to "train" into someone than talent.
        • Re: (Score:3, Funny)

          Right. Black hat hackers really want boring, defensive corporate jobs; they just need a foot in the door. It's just like the time a teenager did donuts on my lawn, and I hired him as a chauffeur, because what he REALLY wanted was to wear a silly little hat and be at his employer's beck and call ten hours a day.

          There's no risk of them getting bored and using your company resources to attack other targets, because they love bourgeois success too much to risk it for a thrill.

          White hat hackers, on the other h
    • All the cases I'd heard of were long, long ago. Are there any recent examples of somebody being that dumb?
    • by Juha ( 39187 )
      Isn't hiring criminals usually considered evil?
  • only 150K? (Score:5, Insightful)

    by elcid73 ( 599126 ) on Monday December 04, 2006 @09:53AM (#17098916)
    I'm curious... if he could generate 30K per month with his program, why only extort for 150K?

    Why not just run it for 5 months and call it good?
    • The lump sum payment would be guaranteed while he had no way of knowing if Google would be able to stop his software from running after a couple months, at even a few days.
    • Re: (Score:3, Interesting)

      One possibility that he was playing chicken with google and his software really didn't work as advertised. He probably figured that to an individual, $150k is a lot of money, but to google it is the proverbial fart in a windstorm so they would just let it slide under the table rather than generate lots of press. However, he figured wrong and even though google isn't pressing charges(perhaps due to the fact that they would reveal more information than its worth) the huckster still got just deserts: he did
      • If he tried to defraud Google then Google should press their case. Since they do not feel like pressing their case and have given no reason for not pressing it we can only assume they do not believe he defrauded them. Also, being able to create a program to generate "clicks" makes you very valuable.
      • There is, of course, a very real difference between fraud and blackmail. Blackmail is often legal, for example, while fraud is generally not legal. If he had operated the program to Google's detriment he would have been perpetrating a fraud. The fact that the offer to Google was an offer to not commit an illegal act makes the offer an illegal form of blackmail.
    • It's like a a DOS attack... on it's own it isn't monetized. To make click fraud work he'd have had to go to a lot of effort... OTOH he could easily release it to the world and many others WOULD go through the effort and even if unsuccessful it would cause havoc and potentially lawsuits from legitimate service users... so extortion to NOT release it was the easiest route to take, AND he wanted to make it easy for them to buy him off.

      It should have worked. Any normal company would have paid him off and made h
      • I dunno, I don't think paying the guy off is ever a smart move. The thing is, writing software to generate clicks that appear to come from all over the Internet is really not that hard to do. The tough part is working out how to make money by doing it, without breaking the law and getting caught.
    • Re: (Score:3, Interesting)

      by skotte ( 262100 )
      This got me thinking. Perhaps he wanted the lump sum which he assessed as being the value of running it a number of months, until Google caught up with him and repaired the bug. Which then suggests a possible scenario in which he didn't so much come planing to blackmail, but rather came planning to sell his information. Mind you, I don't know the guy or the situation really. Some people have said he's a real knob, which could be. But I can easily imagine him identifying a hole, and thinking to himself
    • >Why not just run it for 5 months and call it good?

      Crime has cost-benefit analyses just like legitimate business.

      If he ran the scam himself, he'd be limited to what one individual could do before some Google engineer figured out a way to block it.

      If he tried to sell his program to other criminals, he'd be betting that criminals wouldn't pass along unauthorized copies.

      If he released it for free, it would cost Google way more than he could have stolen on his own, but he wouldn't see most of that kajillion
  • Maybe G just doesn't want to give the story any more credibility, but in any case, not exposing its anti-fraud methods in court would be a good enough reason. Why give the bad guys more info than you have to?

    Rgds

    Damon
  • What I don't understand is why they needed to know about google's click or anti-click-fraud system to punish the guy. Yes, they might need to know such to assess damages for financial issues, but blackmail/extortion would be illegal regardless. If they've got the cops in the next room taping the guy making a "pay me out or else I'll do X", the feasibility or impact of X is not so important as the fact that the individual has already attempted to extort money from google.
    • In order to proove that "I'll do X" would financially damage Google, they would have to provide some kind of supporting evidence that the product's public release would hurt them. I think it's safe to assume that this evidence consists of closely gaurded trade secrets that Google did not want to risk exposing in open court...
    • by tsstahl ( 812393 )
      "pay me out or else I'll do X"

      There is a fine line between a business negotiation and extortion. The enterprising lad in question was trying to sell a program to Google. What that program does is a separate issue.
      • by phorm ( 591458 )
        Incorrect. It would be a sales attempt it he stated "I will sell you this software that does X for $150,000"

        It's extortion if he states "If you don't pay me X I will give this software/info/etc to others that can use it against you"

        The threat was not the sale of the software to google, but to others who would use it against them.
        • by greenrd ( 47933 )

          It's extortion if he states "If you don't pay me X I will give this software/info/etc to others that can use it against you"

          But doesn't this happen in perfectly legal negotiations, such as business takeover negotiations? "If you don't buy my company and its technology for the price I'm asking, I'll sell it to your competitors"...

    • by Onan ( 25162 )
      You may be thinking of the wrong "they" here. The judge and the prosecutor might not feel that they need that information, but they're not the only parties involved.

      If you're accused of a crime, you have fairly broad ability to subpoena any information that you can make an even remotely plausible case for being related to the issue at hand.

      So all this guy's lawyer would need to say to the judge is, "We believe that click-fraud is so rampant that the defendant's tool would not have caused any further harm. A
      • While it might be relevant in a civil trial where Google claimed a certain level of damages and the defendant claimed that the amount Google lost wasn't actually what Google claimed, Google doesn't have to prove it lost money from click-fraud for the criminal case to proceed, nor would showing that other people commit click-fraud be a mitigating defense against the blackmail/extortion attempt.

        Sure, a defendant does have fairly broad rights to subpoena relevant information to his defense, by no means does th
  • maybe google just fixed it

  • To me it says: There is no profit in independent security research. Go ahead and release your research findings to the public. It will cost Google (or whatever corporation) untold millions of dollars, but they will pay nothing for your work. If you ask for money, you will be accused of blackmail and sent to jail (until they fix the exploit and drop the charges).

    Why are exploits expected to be donated? I acknowledge that there is a fine line between asking for a bounty and blackmail. But to treat boun
    • Some organizations like iDefense will pay a bounty for independent security research.

      Otherwise, you can gain some degree of credibility by detecting and publishing security exploits, and there are organizations which will hire "white-hat" teams to perform penetration testing, or hire people who have a good security track record to fix major security holes, but a big part of that involves working with the organizations and being willing to not publicize security exploits until the vendor has had a reasonable
  • Call the cops in, prosecution gets court orders to search his properties (including hardrives, etc.), have that info shared under discovery (probably shared by the prosecution in order to build a case and verify that he actually had something in which to blackmail with. Important in a blackmail case as it shows intent.), then drop the whole shebang.

    Once they have the information, they can then fix/modify the filters, all without having to pay the guy his blackmail demands or ever allow any of it to reac

  •   Maybe the Programmer hinted (or threatened) a release
      of How To Do It info... to all the rest of us
  • Didn't Google Invent Click-Fraud? I thought they held the patent! When I see the Google adds they almost never take me to the website, but if I Google the site name I can usually find a url that gets me reasonibly close to where I was hesded in the first place.

You know you've landed gear-up when it takes full power to taxi.

Working...