Home » Data Protection » Malware/Cybercrime

Black Hat SEO, part two: SEOwN3d!!1

As search engine optimizers played fast and loose, a reaction from the search engine companies became inevitable. Now SEOs are forced to choose hats: black or white. (Part two in a series.)

Some decided that the free ride was over, and they cleaned up their act. They've adjusted to the new rules of the playground. The noted SEO David Naylor gave up black-hat SEO and even abandoned jobs for which his revenue would be based on traffic volume. Instead he works on retainer and consults for flat fees--trading in the potential for periodic obscene windfalls for a less outrageous, more stable income. "If I slip off that first page, I still get paid now," he says. "And I've got a team of guys I've got to feed. It was a total business decision."

Cutts of Google believes this is the primary trend. "I primarily see growth in white-hat SEO. Most are savvy enough to know that they can't afford to be delisted. The industry as a whole is heading toward white-hat SEO." But he also concedes the point that hackers and SEOs "are getting a little more affiliated, and more SEOs are delving into that world."

They've cleaved the other way, crossing into the realm of the illegal to keep the game going. If Google won't let black-hat SEOs build link farms or stuff comments fields with links, then they will exploit legitimate sites and use them as cats' paws in their schemes. Of course, an early target has been .edu domains. "Almost all of the .edu hacks now are for SEO," says RSnake. "Not just a few of the big hacks. I mean almost all of them." Domains with .mil extensions, which also pass "juice" (SEO lingo for tactics that increase Web rankings), are targets now, too.

Primary entries into sites are XSS, SQL injection and FTP vulnerabilities that allow strangers to manipulate the site. Hackers traditionally used those vulnerabilities to insert bots on a site for distributing spam, stealing personal data or some other scam. Now they are being used to stuff links on the page. They hide the links by making them the same color as the background (an old technique for keywords made new) or by simply cloaking them, so that the spiders see them but people do not.

If the site gets good traffic--like Al Gore's ecology blog--those hidden links get good juice. Another scam uses the bots to give redirect commands that send browsers to link farms. Recent headlines illustrate this: "Forth Road Bridge hack redirects to smut bazaar" and "Perl.com sends visitors to porn link farm." Many SEOs said hacking and surreptitious linking are rampant on social networking sites, and blog platforms like WordPress (where Al Gore's blog lived) are under constant attack as hackers look for high-traffic zones to plant their links and their bots.