• United States



Black Hat SEOs: Is This the Future of Search?

Mar 31, 200818 mins
CybercrimeHackingWeb Search

David Naylor has been a search engine optimizer (SEO) for a decade, as long as almost anyone. About a year ago he received an unexpected phone call. “Apparently, you’re one of the best black-hat SEOs in the world,” a stranger said. Naylor laughed modestly, but it was true. Naylor’s business was to game search engines using aggressive, some would say dubious, tactics in order to goose websites’ rankings on search engines such as Google and thereby increase traffic to the sites. And he was extremely good at it.

Apparently, the caller was one of the best black-hat hackers in the world. He told Naylor that he was interested in the search engine optimization (also abbreviated SEO) business, and the related search marketing business, which can be thought of as applied SEO, using it to drive traffic to a site where one sells ads and products.

The hacker also seemed deeply intrigued by the culture of openness, even pride, that inhabits the SEO community. Hackers are recruited by crime syndicates and labor to mask their identities; SEOs are hired by Fortune 500 companies and blog about the size of their checks from Google. The caller seemed interested in that kind of freedom.

So Naylor invited the hacker to meet him and 30 or so more SEOs at one of their informal conclaves. The next one was in Manchester, England (Naylor’s from Yorkshire). They met up and slipped into a dim booth with full pints.

They talked for two hours. What Naylor remembers most from the conversation is this: “I said, “I don’t know how you guys monetize without getting caught.’ And he said to me, “That’s why I came to you. You know how to monetize. I know how to not get caught.'”

Naylor had already been thinking about that. He had seen what could happen–what has now started to happen–to SEO. The hacker’s interest in SEO would be reciprocated, and the worlds would cross over. Naylor himself was cautiously curious about hacking tools that could cut down on the considerable grunt work SEO requires. What’s more, at that time, SEOs had noticed that search companies were cracking down on black-hat SEO tactics. Hacking tools could help sidestep that problem, too. “In some ways,” Naylor says, “it would have been easier to say, “Yeah, let’s secretly break into servers, leverage cross-site scripting vulnerabilities to improve our rankings'” rather than do SEO the traditional way.

But Naylor didn’t have an appetite for hacking. SEOs may have a less-defined code of business ethics than most, but it’s a code nonetheless. They like to say that hackers break the law, while they merely break a search company’s terms of service. “When I get caught, which I do, I get kicked off a search engine for a while,” Naylor says. “When hackers get caught, they go to prison.”But now Naylor was thinking that distinction would fade. Eventually, SEO would become big business for bad guys, like spam and identity theft. It has already started. Al Gore’s ecology blog was hacked late last year, but not for political reasons. It was hacked so that some guy marketing Xanax and Viagra could plant links to boost his search rankings.Security researcher Jeremiah Grossman calls the phenomenon SEOwN3d!!1–merging SEO with hackers’ leetspeak slang for “hacked.” It’s a powerful merging of cultures and interests that has the ability to change the nature and value of search engines themselves.Naylor opted out, retired from the black-hat SEO business. He didn’t want any part of whatever it was becoming. “I never felt comfortable in that world,” he says of hacking. “You look down the road and just see it’s not something you can build a business on, a life on. All the things we used to do, it just seems easier to hire a hacker now. It’s a little bit sad in a way.”

Currently, the best way to find approximately what you need on the Internet is to submit an idea to a search engine and in return receive a list of links to sites related, somehow, to your idea.

Really, the only links that matter are the first five or so, because few people bother to scroll past what they first see; almost no one clicks to the second page of results or beyond. Website owners know this and therefore compete for the top spots. If a site does not rank highly, it is in some sense virtually nonexistent.

To determine who earns this prime real estate, search engine companies send small software programs called spiders (or crawlers or robots) to scuttle around the Internet and collect information about websites–their location, what words are on the page, what links lead to and leave from the site, and more. The spiders dump that information into mighty algorithms that reckon the sites’ relevance and credibility. These algorithms are proprietary and somewhat mysterious; no one outside of the search companies knows precisely how they work. Some argue that even the search companies don’t know exactly how they work anymore, because the algorithms are constantly changed and have become colossally complex.

(Our “SEO Glossary” describes the basics of search engine optimization.)

Still, clever types who’ve studied how the search engines behave can approximate what pleases the algorithms and then alter a site in ways that improve the site’s ranking. Some alterations are as simple as adding verbiage to match the kinds of words people type into search engines. Change the phrase “cell phone rings” on your page to “ring tones,” for example, and your traffic goes up, because while virtually no one searches on the former term, many type in the latter. Other techniques are complicated linking schemes that involve getting other sites to link back to your own site. The hundreds of techniques like these, that used to boost a site’s ranking, comprise SEO. In ancient Rome, prior to important events, a college of priests called augurs would “take the auspices,” meaning they would study the flight patterns of birds to understand the will of the gods. SEO is not so different from that.In the hands of a good SEO, optimization works outrageously well. Naylor likens it to turning on a tap. He remembers a mattress company in England that hired him to get the top ranking for searches about beds. Naylor knew the company wouldn’t be able to handle the bump in traffic he would provide, but the owner sloughed off his concerns. So Naylor delivered the number-one ranking, and about 25,000 new visitors per day. The company’s 15 trucks and meager customer service collapsed under the demand.SEO is flourishing also because many companies shifted revenue strategies to their websites without understanding that websites that don’t get noticed by search engines don’t get noticed. They underestimated search’s dominion over their success, a grievous miscalculation. In order to reach their often aggressive revenue goals, companies found themselves in the awkward position of having to worship search algorithms that they neither understood nor controlled.Desperate, they turned to SEOs and paid immoderate fortunes for their help. One SEO, Eric Ward, charges $1,000 for two one-hour phone conversations and a written report that details what your site needs to do to get juice–SEO slang for any tactic that boosts page rankings. Jeremy Schoemaker, known in the search marketing world as Shoemoney, hosts the Elite Retreat, an invitation-only weekend of SEO and marketing consulting. Neil Patel was making six figures as an SEO consultant by the time he enrolled in college, and he says his company, Advanced Consulting Services, cleared $1 million in revenue last year. His clients include HP and Samsung. “If I wanted to,” Patel says with typical bravado, “I could go give a car dealership an hour of SEO advice in exchange for a free, leased car.”

A whole community of upstart entrepreneurs has emerged. Guys like Michael Gray, QuadsZilla, Naylor, Ward, Patel, Shoemoney and Aaron Wall, among others. They are the augurs, priests interpreting the will of the search engines, and they’re cashing in. On his blog, Shoemoney posted a photo of himself, with one of his SEO checks splayed across his face, leaving only two things to see–his eyes and the check’s sum: $132,994.97.

Patel, meanwhile, has been quoted in the Wall Street Journal and is also a regular conference speaker. Last year at BlogWorld Expo, after he gave a presentation on SEO and search marketing, someone said to him, “I can’t believe you can look at yourself in the mirror in the morning.”

The Gray Business of Gaming the System

It turns out that in ancient Rome, those augurs’ divinations weren’t always divine. The will of the gods sometimes depended on earthly influences like political favors and bribery.SEO is not so different from this, either. Pay the right price, and SEOs can game the system for you by telling the algorithms little digital fibs, or sometimes deceiving them outright. This is black-hat SEO, which is a misnomer. In general, these practices aren’t illegal, just dishonest, as Naylor notes when distinguishing between black-hat hacking and black-hat SEO. (Some SEOs do call this gray-hat SEO; the nomenclature is muddied.)Black-hat SEO is based on a simple fact: No matter how clever one makes an algorithm, it’s still just a narrow set of rules. Like all binary machines, it struggles to intuit even basic human intent. Software struggles to detect duplicity. In a way, the algorithms are like robotic consumers, who are incapable of being skeptical about aggressive, deceptive marketing practices.Black-hat SEO techniques include misleading forms of link bait–for example, fabricating a salacious news story (“Britney Spears Dead!”) that spurs prurient curiosity traffic. It’s clearly a ruse to generate clickthroughs, but the algorithms see a popular link that deserves juice. Also there’s blogspam: links planted in the comments fields of blogs despite the fact they have nothing to do with the blog’s content or the present conversation. The algorithms once counted up those links and gave juice to the site they linked to. Automation of this process allowed an SEO to plant thousands of links a day and vault to the top of the search rankings.

Another favorite technique of black-hat SEOs is cloaking–making the search spiders see content that the public can’t see, thus tricking the algorithm into giving too much juice. Cloaking is like saying one million people read this story because that’s how many people were in the stores that sold the magazine that the story appeared in.

Black-hat SEO is even more wildly effective than the more legitimate forms of SEO because it is not restrained by truthfulness. If you’re willing to bend or break the search companies’ terms of service, you can get serious juice unavailable to someone who plays by the rules. The bartender who skims the till always makes more than the one who doesn’t. (Unless, of course, he gets caught.)

Many SEOs are willing to bend the rules. It’s not uncommon for an SEO consulting to major companies to use grayer SEO for his own business. “I’ve never met a so-called white-hat SEO that didn’t have some black-hat tricks,” says Schoemaker. “The same SEO that has large companies as clients probably also has a Viagra business.”

Schoemaker was not talking about Neil Patel, but he could have been. In addition to owning ACS, Patel runs his own SEO and search marketing programs focused on gambling and debt consolidation websites. (Search marketing tends to thrive in what Schoemaker calls “scammy” industries. The big three are referred to as PPC–porn, pills and casinos. He also lists ring tones and mortgage services.)

Patel makes “much more” money from this other business, though he won’t say how much. Jeremiah Grossman is quite certain a good black-hat SEO can clear seven figures in a year.

SEOs and search marketers use the higher-risk tactics mostly for themselves, but companies partake in it, too, according to every SEO interviewed for this story. Typically, once a company learns about SEO, the catch-22 becomes clear. Use it and you can reach those aggressive online revenue goals, but you’re toeing the ethical line. Don’t use it and claim the moral high ground, as your competitors who do use it game you out of the top search results.

Naylor says that when he was a black-hat SEO, “a lot of corporate sites didn’t want white-hat SEO. They wanted gray-hat SEO. They’d dip the toes a little bit deeper.” A few companies have been caught using black-hat SEO tactics and were temporarily banned from Google. Cloaking got BMW’s and Ricoh’s sites in Germany temporarily banned from Google, and many SEOs accused the New York Times of cloaking by making the algorithms see subscriber-only content that the rest of the world had to pay to see. (The Times has since abandoned its subscription model online.) Some companies even use reverse-black-hat SEO–getting competitors’ rankings to drop rather than their own to increase. Pull the mountain down rather than scale it, a request Naylor says he’s refused many times. “That’s become almost as big a business” as SEO, says Dave Dellanave, Schoemaker’s partner.

Patel insists repeatedly that the work he does for ACS clients is completely aboveboard. “I keep those worlds totally separate. A major company doesn’t need the other tactics. They’re linked to [by other sites] naturally. You don’t have to build links for them.”

But for his black-hat SEO work, the rules are different. For example, according to search engine terms of service, one is supposed to disclose when links are paid for. Paid links give less juice than “organic” links–ones that exist because someone decided that there’s something valuable behind them. It’s the difference between a deejay playing a song because he likes it and playing a song because the record company paid him to. Patel, though, like many black-hat SEOs, will conceal the fact he’s bought links. At BlogWorld Expo, “I said, “Not only do I not disclose when I pay for links, I’ll pay you double if you don’t disclose the fact it’s a bought link.'” It was this comment that spurred someone in the audience to question Patel’s self-worth.It didn’t bother Patel. “Everyone has their own bottom line,” he says. “I’m making good money and not getting in trouble.”

Of his black-hat SEO and search marketing days, Naylor says, “it was anything goes. Was blogspamming illegal? “I don’t know’ is the honest answer. There’s a form that says leave a comment. It doesn’t say, “Don’t leave an irrelevant or automated comment.'”

“Look at it this way,” says Dellanave. “Who is making these rules that say you can’t buy links? Are you breaking a law, or are you breaking a law of a free market that someone has created? If you get caught, you get banned and that’s your punishment. Sure, ethics bells go off sometimes. But at the same time, the search companies’ business model is flawed. It enables this. Even encourages it. So who’s the fool, the guy who takes advantage of that or the guy who doesn’t? There are hedge funds on Wall Street based on arbitrage. Is that unethical or is it exploiting a flaw in the market?””The problem is, there’s quick and easy money,” says Patel. “If you know you can’t get caught, you’ll do it all day long. If people don’t like it, they can try to stop it.”

Cat and Mouse

For a long time, SEOs say, the search companies’ attitude toward black-hat SEO was best described as clement. One SEO called Google’s former position on enforcing its terms of service a “rhetorical stance.” Matt Cutts, Google’s chief liaison to the SEO and search marketing community, says enforcement against “high-risk SEO” was neither lax nor selective for any reason other than the obvious one: “As you get larger as a company, you have more resources to pursue what you always wanted to enforce.”

So while the search companies would suss out the most blatant scams, careful black-hat SEOs could thrive. The key was restraint. “Game the system, just not so forcefully that you’re noticed.” Naylor says that was a good rule of thumb.

And periodically, the search companies were stirred to action by the effect SEO was having on search results. Sometimes, for example, SEOs could knock a company out of the top result for searches on that company’s name. One day in late 2006, the top result for searches on the term “trump” suddenly changed from that company’s site to a site selling erectile dysfunction drugs.

Search companies know this makes their product look bad and “that threatens their business model, which relies on advertisers paying them to deliver quality search results that many people will continue to use,” says Schoemaker. “So they react when it happens, but they don’t seem to care until people notice.”

The first time search companies tried to neutralize black-hat SEO came soon after search started to flourish, almost a decade ago. Back then, the algorithms focused on the page itself and what was on it, specifically keywords that would match what people searched for. To boost their rankings, sites manipulated keywords forcefully. “They had 40 or 50 techniques they used to do this,” says SEO Eric Ward. (Ward says he does not use black-hat SEO techniques.) Sometimes site owners would just spill a sea of keywords at the bottom of a page. Sometimes they’d hide them behind images or make them the same color as the page’s background. The principle was to include as many keywords on the page as possible, to increase the likelihood any given search would match the keywords and draw the site into search results.

When this got out of hand, the search companies tweaked the algorithms and shifted the rules from trusting keywords the most to trusting links the most. (The presumption, of course, is that website owners and content producers will try to cheat. They are trusted the least.) This made link building the center of all SEO strategies.

In principle, the idea is sound. A site can be judged by the company it keeps. But there were problems. At first, the algorithms seemed to value link volume the most, and that spurred link farms–pages full of nothing but links that the SEOs tricked people into visiting to create a self-sustaining constellation of juice. In response, the search companies altered the algorithms to value “authoritative links”–those from other sites who were already considered valuable themselves.

That helped to block off the link farms and other egregious link-building techniques, but it did little to stem black-hat SEO. Bringing peers into the equation encouraged people to manipulate not only their own sites but their peers’ sites too. It pushed SEOs into tactics like blog spamming, which proved so effective that links in comments fields and on online guestbooks essentially have been dejuiced all together. SEOs also targeted .edu domains. Because of their academic focus, the algorithms assume they’re more credible than commercial sites, and therefore .edus pass more juice than .coms. SEOs would borrow students’ unused Web space (sometimes they’d pay the students for it) and fill it with links. It was like lying on your resume. The algorithm didn’t know that your links didn’t really go to Harvard.

The more search companies tried to contain them, the more aggressively SEOs circumvented the rules. The game changed from using loopholes to actively abusing the algorithms. They deployed bait-and-switch schemes–using a phrase like “Click Here to Learn More” to get a user to click on what is actually a hidden link to boost someone’s ranking. Cloaking emerged. Patel and others paid premiums for links, spawning link brokers, who streamlined the link-buying process. Good coders created complex schemes that sent users through several pages of links before they arrived at the content they’re looking for.

The schemes are endless, like the imagination. And like all arms races, this one escalated to an untenable level. The game had to change again….

Editor’s Note: This is part one of a two-part series. For Part Two: See SEOwNn3d!!1

(This story was originally published in print with the headline “Gaming the System.”)