fantomNews™ — the ultimate know

Disclaimer

Obviously, we cannot and will not condone any of the actions described below, nor are we available for actually conducting such operations by way of commissioned work, etc. (So don’t ask!)Neither is anything mentioned below to be construed as actionable advice – it is, rather, merely a concise real world security risk assessment report in terms of what, in a worst case scenario, hard hitting competitors might resort to in order to harm competing web sites’ rankings.Please be aware that the list displayed here is far from exhaustive. Rather, this overview restricts itself to the more obvious, fairly unsophisticated (albeit no less destructive) tactics readily available to anyone with only a modicum of technical savvy. There’s lots more we won’t make mention of here as we don’t intend this to mutate into a blueprint for attackers…Note that potential attackers (e.g. competitors) would have to take into account the legality/illegality of such operations (esp. concerning Tactics #1). This depends eminently on the specific jurisdiction they would be working from.

1. Tactics #1: DOS Operation

1.1 Attackers might run a concerted, typically botnet based denial-of-service attack against e.g. VictimDomain1.com, VictimDomain2.com, etc., hitting victim’s entire web real estate.

1.2 Once the victim’s domains are down, attackers might attempt to access the sites in question with their browsers with the Google toolbar fully enabled. The rationale being that this will trigger fresh spidering by the search engine.
If the spider finds the targeted pages returning a 404 (not found) message, they will typically be deindexed.

1.3 To further nudge spiders towards crawling the non-accessible sites, fresh blog content could be generated featuring links pointing to them, whereupon the articles would be pinged to the blog aggregators.
Such pinging will normally ensue in search engine spiders hitting the sites, effectively deindexing the pages in question if not found.

1.4 As a final measure, the non-accessible pages might be re-submitted manually to Google. Generally, this will not result in immediate spidering so if the attacked servers should be rigged up and newly accessible in the meantime, it will probably not work. However, since spidering schedules aren’t public knowledge, such a tactics may yet prove successful.

2. Tactics #2: Redirection Operation

If hackers where to implement 301 redirects to the targeted pages/domains from some “bad neighborhood” (e.g. porn sites, link farms, etc.) this could result in the attacked pages being deindexed.

3. Tactics #3: Link of Death Operation

3.1 Attackers might link to the targeted pages from some blatant link farms + FFA sites, plastering the anchor text with irrelevant, spammy keywords.

3.2 The link farm pages would then be manually submitted to the search engines, pointed to from blogs, trash sites, etc.

3.3 This can feed the search engines with “red flags” signaling that the pages in question are spammy and irrelevant to visitors, ultimately leading to deindexing.

4. Tactics #4: Duplicate Content Operation

If the targeted pages’ content where to be duped on some throwaway “bad neighborhood” domains, possibly embedded in spammy keywords (e.g. porn, pills, casinos), invisible text, etc., this may result in both sets of pages being deindexed.

5. Tactics #5: Over-Submission Operation

While the effect of this approach is generally deemed questionable, attackers have been know to over-submit pages (typically within a fully automated setup) to the search engines either from a single IP or even spread across a set of seemingly unrelated IPs.

6. Tactics #6: Black Social Bookmarking

Attackers might set up multiple accounts with social bookmarking sites to massively tag the targeted pages with irrelevant and spammy terms (porn, pharm, gambling, etc.), leading to their being heavily penalized or even deindexed by the search engines after the social bookmark pages have been spidered.

Protecting Yourself from Black SEO

Should you have valid indication that any or all of the tactics sketched above are being deployed against your Web properties, we may be available for security consultation upon request, depending on workload constrictions.
Note, however, that our time is limited; nor are we interested in abetting people’s frivolous paranoid ideosyncrasies. (Sorry to be so blunt: nothing personal, and certainly no offense intended, but we’ve really seen it all…) Services rendered will entail:

• Comprehensive Traffic and Server Stats Analysis: These tests and analyses are conducted deploying our own proprietary tools.
• Attacker Tracking: Implementation of proprietary tracking tools as required to determine attackers’ strategy and tactical patterns, attack conduits and origin (where possible).
• Current-State Analysis: Comprehensive report outlining our findings including evaluation of potential future risks.
• Security Plan: Customized security plan recommending protective and counter measures.
• Implementation of Protective Measures: Technical assistance, monitoring and testing of security measures you choose to implement following our recommendations. (Optional)

Our current consultation rate is $750 per hour. (A typical job will take between 6 to 8 hours to conduct. Special rates available beyond that time limit, as required.)

If you are interested in our services, please contact us (see below), outlining your situation in as detailed a manner as possible. (The more we know, the faster we can react and come back to you with a quote.)

Should you require us to sign a Non-Disclosure Agreement (NDA), please include it with your e-mail, indicating where to fax it.

We reserve the right to decline any such commissioned work at our sole discretion.

For all applications, please contact us via one of our communication conduits listed on our About page.

Subscribe!