Small treatise about e-manipulation for honest...


Citation preview

IntroductionInformation based attacks

Search engine optimizationOnce upon a time. . .

Small treatise about e-manipulation for honestpeople

Information based attacks in the Internet

Frederic RaynalSogeti / Cap Gemini – MISC magazine


Francois GaspardNew Zealand Telecom International


F. Raynal & F. Gaspard Small treatise about e-manipulation for honest people 1/59

IntroductionInformation based attacks

Search engine optimizationOnce upon a time. . .


Attacking with no limit

Information warfare : often restricted to information as a contents

Hacking : often restricted to a technical exploit

What if we merge both ?

⇒ Attacking with both the content and the container

Information based operations : deception, intoxication,misinformation,. . .Technical operation : Search Engine Optimization as a mean toemphasize the information we want

F. Raynal & F. Gaspard Small treatise about e-manipulation for honest people 2/59

IntroductionInformation based attacks

Search engine optimizationOnce upon a time. . .



1 Information based attacks

2 Search engine optimization

3 Once upon a time. . .

F. Raynal & F. Gaspard Small treatise about e-manipulation for honest people 3/59

IntroductionInformation based attacks

Search engine optimizationOnce upon a time. . .


(Short and inaccurate) Summary of Information warfare

2 kinds of orientation

Information management in order to achieve information dominance

Use information to produce knowledgeOthers have to run after you to keep up-to-date

Information used as a weapon

Dominance is one goal, not the only oneThink also of deception, intoxication or misinformation, . . .

F. Raynal & F. Gaspard Small treatise about e-manipulation for honest people 4/59

IntroductionInformation based attacks

Search engine optimizationOnce upon a time. . .


Information based attacks (IBA)










Web sites

F. Raynal & F. Gaspard Small treatise about e-manipulation for honest people 5/59

IntroductionInformation based attacks

Search engine optimizationOnce upon a time. . .



1 Information based attacksCollectRecruitArmPropagate

2 Search engine optimization

3 Once upon a time. . .

F. Raynal & F. Gaspard Small treatise about e-manipulation for honest people 6/59

IntroductionInformation based attacks

Search engine optimizationOnce upon a time. . .



Where to gather information on the Internet

Google, MSN, yahoo,. . . , only see 10% of the web !

Ex. : social networks websites (Linkedin, orkut, twitter, facebook,. . . )

Use the appropriate tool depending on the information you arelooking for :

Ex. : Federal Funding Accountability and Transparence (FFATA) forcontracts with the US government

Perimeter of a network has become from known to blurred

Perimeter of information is out of control. . .

F. Raynal & F. Gaspard Small treatise about e-manipulation for honest people 7/59

IntroductionInformation based attacks

Search engine optimizationOnce upon a time. . .


Google Hacking

Fun and profits

Finding passwords

inurl :passwd.txt (1st result in :WebAdmin :aeYYajmW204V6)

Owned websites

intitle :"hacked by" : imaginative pictures. . .intitle :tt2.swi : compromised websites installing a java trojan


intitle :"Live View / - AXIS" | inurl :view/view.shtml :some surveillance camssite intitle :"index of" mp3 : p2p outdated

F. Raynal & F. Gaspard Small treatise about e-manipulation for honest people 8/59

IntroductionInformation based attacks

Search engine optimizationOnce upon a time. . .



1 Information based attacksCollectRecruitArmPropagate

2 Search engine optimization

3 Once upon a time. . .

F. Raynal & F. Gaspard Small treatise about e-manipulation for honest people 9/59

IntroductionInformation based attacks

Search engine optimizationOnce upon a time. . .



Populate the attackers

Infiltrate where they already are

Stay hidden as much as possible : tor, open proxies, open WiFi, . . .

Create your own contesting

Opposition website : federate all opponents at one place

F. Raynal & F. Gaspard Small treatise about e-manipulation for honest people 10/59

IntroductionInformation based attacks

Search engine optimizationOnce upon a time. . .


Opposition website :

F. Raynal & F. Gaspard Small treatise about e-manipulation for honest people 11/59

IntroductionInformation based attacks

Search engine optimizationOnce upon a time. . .



1 Information based attacksCollectRecruitArmPropagate

2 Search engine optimization

3 Once upon a time. . .

F. Raynal & F. Gaspard Small treatise about e-manipulation for honest people 12/59

IntroductionInformation based attacks

Search engine optimizationOnce upon a time. . .


Arm : battlefield == the Internet

There is life outside the Internet

Consequences, answers to our actions can be lead outside of theInternet

Combining it with others battlefields is more efficient : law suits,finance, information in newspapers or leaflets, . . .

Internet howto

Websites are spread all over the Internet

Add websites under your control

A human looks for an information

Spread information on the Internet, push it to the user

The results are found according to search engines

Change the results by tricking the search engines

F. Raynal & F. Gaspard Small treatise about e-manipulation for honest people 13/59

IntroductionInformation based attacks

Search engine optimizationOnce upon a time. . .


Usual attacks

Using information to attack

Intoxication : attempt to misguide the interpretations, the reasoningof the target, that is its analysis capacities

Ex. : spreading a wrong information, ”false/false” strategyEx. : change the content of a website according to who comes

Deception : can be either based on hiding (e.g. camouflage,blinding) or simulation (create, lure, invent)

Ex. : WW2, when false military bases were created in order to abusethe German on the d-day locationEx. : abuse search engines to warp the results

Misinformation : based on alteration, removal, addition and so on ofinformation

Ex. : the supposed lethal benzene in the bottles of PerrierEx. : hoaxes, rumors spreading from a forum to another one, then bymail, and so on

F. Raynal & F. Gaspard Small treatise about e-manipulation for honest people 14/59

IntroductionInformation based attacks

Search engine optimizationOnce upon a time. . .



1 Information based attacksCollectRecruitArmPropagate

2 Search engine optimization

3 Once upon a time. . .

F. Raynal & F. Gaspard Small treatise about e-manipulation for honest people 15/59

IntroductionInformation based attacks

Search engine optimizationOnce upon a time. . .



Organize knowledge to export the battle

Increase the doubts toward the target in the public

Increase the bad consciousness of the target itself

Questions and answers

What if you can increase the perception of all our vectors and in the sametime, decrease the perception of the target’s answers ?⇒ Where SEO comes into play . . .

F. Raynal & F. Gaspard Small treatise about e-manipulation for honest people 16/59

IntroductionInformation based attacks

Search engine optimizationOnce upon a time. . .

White Hat SEOBlack Hat SEOAdvanced examplesAggressive Black Hat SEO


1 Information based attacks

2 Search engine optimization

3 Once upon a time. . .

F. Raynal & F. Gaspard Small treatise about e-manipulation for honest people 17/59

IntroductionInformation based attacks

Search engine optimizationOnce upon a time. . .

White Hat SEOBlack Hat SEOAdvanced examplesAggressive Black Hat SEO


Web Spam

The practice of manipulating web pages in order to cause search enginesto rank some web pages higher than they would without any manipulation.

Search engine optimization (SEO) [?]

SEO is the process of improving the volume and quality of traffic to a website from search engines via ”natural” (”organic” or ”algorithmic”) searchresults for targeted keywords.

F. Raynal & F. Gaspard Small treatise about e-manipulation for honest people 18/59

IntroductionInformation based attacks

Search engine optimizationOnce upon a time. . .

White Hat SEOBlack Hat SEOAdvanced examplesAggressive Black Hat SEO

Why/How would I do SEO?


Users trust search engines as a means of finding information

⇒ Exploit this trust

Users usually do not look past the first ten results returned by thesearch engine

⇒ Exploit this laziness

A matter of color

White hat SEO : a site conforms to the search engines’ guidelinesand involves no deception

Black hat SEO : attempts to improve rankings in ways that aredisapproved of by the search engines, or involve deception

F. Raynal & F. Gaspard Small treatise about e-manipulation for honest people 19/59

IntroductionInformation based attacks

Search engine optimizationOnce upon a time. . .

White Hat SEOBlack Hat SEOAdvanced examplesAggressive Black Hat SEO


1 Information based attacks

2 Search engine optimizationWhite Hat SEOBlack Hat SEOAdvanced examplesAggressive Black Hat SEO

3 Once upon a time. . .

F. Raynal & F. Gaspard Small treatise about e-manipulation for honest people 20/59

IntroductionInformation based attacks

Search engine optimizationOnce upon a time. . .

White Hat SEOBlack Hat SEOAdvanced examplesAggressive Black Hat SEO

A quick overview of White Hat SEO

Usual guidelines

Keywords : be creative, avoid generic keywords

Architecture : page rank computed according to {in|out}coming links

Content : need to be innovative and refreshed regularly

⇒ Guidelines are not written as a series of rules

Strategy : long term, no deception

Create content for users, not for search engines

Make that content easily accessible to the spiders

⇒ Content indexed by SE is the same as the one seen by users

F. Raynal & F. Gaspard Small treatise about e-manipulation for honest people 21/59

IntroductionInformation based attacks

Search engine optimizationOnce upon a time. . .

White Hat SEOBlack Hat SEOAdvanced examplesAggressive Black Hat SEO


1 Information based attacks

2 Search engine optimizationWhite Hat SEOBlack Hat SEOAdvanced examplesAggressive Black Hat SEO

3 Once upon a time. . .

F. Raynal & F. Gaspard Small treatise about e-manipulation for honest people 22/59

IntroductionInformation based attacks

Search engine optimizationOnce upon a time. . .

White Hat SEOBlack Hat SEOAdvanced examplesAggressive Black Hat SEO

A quick overview of Black Hat SEO

Spam web for profit : online pharmacy industry [?]

Many industries prefer not to spam directly (due to anti-spam lawsin US & Europe)

They create an affiliate program

⇒ Sales increase : regular incomes thanks to affiliate

⇒ Limited Liability : affiliate used as escape goat

How some affiliation programs allow to spam ?

No terms of agreement at the sign-up page

Some companies operate in jurisdiction where spam is not illegal(ex. Seychelles)

Spam is ”restricted” to email spam

F. Raynal & F. Gaspard Small treatise about e-manipulation for honest people 23/59

IntroductionInformation based attacks

Search engine optimizationOnce upon a time. . .

White Hat SEOBlack Hat SEOAdvanced examplesAggressive Black Hat SEO

Black Hat SEO is a myth. . . or not [?]

F. Raynal & F. Gaspard Small treatise about e-manipulation for honest people 24/59

IntroductionInformation based attacks

Search engine optimizationOnce upon a time. . .

White Hat SEOBlack Hat SEOAdvanced examplesAggressive Black Hat SEO

A quick overview of Black Hat SEO

Strategy : short term, deception

Content indexed by SE is often different from the one seen by users

Most techniques are nasty, some are illegal

A few basic examples

Content spam : altering the view of a SE over a page

Invisible text, keyword stuffing, doorway page, scraper sites,. . .

Link spam : take advantage of link-based ranking algorithms

Link farms, hidden links, sybil attacks, spam blogs, pagehijacking, . . .

World-writable spam : add links to sites editable by users

Blog entries, forums, wikis, referrer spamming, . . .

F. Raynal & F. Gaspard Small treatise about e-manipulation for honest people 25/59

IntroductionInformation based attacks

Search engine optimizationOnce upon a time. . .

White Hat SEOBlack Hat SEOAdvanced examplesAggressive Black Hat SEO


1 Information based attacks

2 Search engine optimizationWhite Hat SEOBlack Hat SEOAdvanced examplesAggressive Black Hat SEO

3 Once upon a time. . .

F. Raynal & F. Gaspard Small treatise about e-manipulation for honest people 26/59

IntroductionInformation based attacks

Search engine optimizationOnce upon a time. . .

White Hat SEOBlack Hat SEOAdvanced examplesAggressive Black Hat SEO



Modify the content of the page according to the parameters

Cloaking for dummies

User agent cloaking : change page depending on who comes

i f ( s t r p o s ($ SERVER [ "HTTP_USER_AGENT" ] , "Googlebot" ) ) {i n c l u d e ( "googlebot -special.html" ) ;

} e l s e {// display real page


IP cloaking : change page depending on where a request comes from

$ i p = s t r v a l ($ SERVER [ "REMOTE_ADDR" ] )

F. Raynal & F. Gaspard Small treatise about e-manipulation for honest people 28/59

IntroductionInformation based attacks

Search engine optimizationOnce upon a time. . .

White Hat SEOBlack Hat SEOAdvanced examplesAggressive Black Hat SEO

A(n in)famous example : spider view of

F. Raynal & F. Gaspard Small treatise about e-manipulation for honest people 29/59

IntroductionInformation based attacks

Search engine optimizationOnce upon a time. . .

White Hat SEOBlack Hat SEOAdvanced examplesAggressive Black Hat SEO

A(n in)famous example : human view of

F. Raynal & F. Gaspard Small treatise about e-manipulation for honest people 30/59

IntroductionInformation based attacks

Search engine optimizationOnce upon a time. . .

White Hat SEOBlack Hat SEOAdvanced examplesAggressive Black Hat SEO

Solving captcha


Automatic registration to forums, post comments on blogs, . . .

Captcha for dummies [?]

Remove the background : denoising

Join points in the letters : filtering

Derotate the letters : geometric transformation

Read the letters : pattern recognition

F. Raynal & F. Gaspard Small treatise about e-manipulation for honest people 31/59

IntroductionInformation based attacks

Search engine optimizationOnce upon a time. . .

White Hat SEOBlack Hat SEOAdvanced examplesAggressive Black Hat SEO

Solving captcha : phpbb2 [?]

F. Raynal & F. Gaspard Small treatise about e-manipulation for honest people 32/59

IntroductionInformation based attacks

Search engine optimizationOnce upon a time. . .

White Hat SEOBlack Hat SEOAdvanced examplesAggressive Black Hat SEO

Real case : who wants certified viagra (1/3)

F. Raynal & F. Gaspard Small treatise about e-manipulation for honest people 33/59

IntroductionInformation based attacks

Search engine optimizationOnce upon a time. . .

White Hat SEOBlack Hat SEOAdvanced examplesAggressive Black Hat SEO

Real case : certified viagra at university (2/3)

http :// ?page=254

User clicks on 2nd answer, trusting the .edu

PR : 6/10 – Backlinks : 3420Site runs Nucleus CMS v3.23 (current : 3.32)

Flaw in default skin allows to inject code in generated pages :

<s c r i p t s r c="http ://"></s c r i p t >

gcoxiio.js redirects depending on the referer :

Referer : ?q=certified+viagra&ie=utf-8Redirection :

i f ( document . r e f e r r e r . toLowerCase ( ) . indexOf ( ’viagra ’)!=−1)l o c a t i o n . h r e f=’http ://’ ;

User is redirected to http ://

F. Raynal & F. Gaspard Small treatise about e-manipulation for honest people 35/59

IntroductionInformation based attacks

Search engine optimizationOnce upon a time. . .

White Hat SEOBlack Hat SEOAdvanced examplesAggressive Black Hat SEO

Real case : pills online (3/3)

F. Raynal & F. Gaspard Small treatise about e-manipulation for honest people 36/59

IntroductionInformation based attacks

Search engine optimizationOnce upon a time. . .

White Hat SEOBlack Hat SEOAdvanced examplesAggressive Black Hat SEO


1 Information based attacks

2 Search engine optimizationWhite Hat SEOBlack Hat SEOAdvanced examplesAggressive Black Hat SEO

3 Once upon a time. . .

F. Raynal & F. Gaspard Small treatise about e-manipulation for honest people 37/59

IntroductionInformation based attacks

Search engine optimizationOnce upon a time. . .

White Hat SEOBlack Hat SEOAdvanced examplesAggressive Black Hat SEO

Black Hat SEO reversed


Decrease page rank of competitors’ websites

Some nasty but legal ideas. . .

Inject poison keywords to the target’s website : sex, drug, medicine,viagra, casino. . .

Google browling : add links to the target from many bad sites

Even better with blacklisted websites !

Google Washing : use an old domain you own to duplicate thecontent of the target’s website, then report the target as duplicatecontent ⇒ SE will ban the newest

And many more ! ! !

F. Raynal & F. Gaspard Small treatise about e-manipulation for honest people 38/59

IntroductionInformation based attacks

Search engine optimizationOnce upon a time. . .

The main strategyWhite ops based on SEOBlack ops based on hacking


1 Information based attacks

2 Search engine optimization

3 Once upon a time. . .

F. Raynal & F. Gaspard Small treatise about e-manipulation for honest people 39/59

IntroductionInformation based attacks

Search engine optimizationOnce upon a time. . .

The main strategyWhite ops based on SEOBlack ops based on hacking



Proctor : a french IT consulting company

Limited resources, driven by cost killing

Tonton : an indian IT consulting company

Many men at work cheaper than european ones


Goal : Tonton wants to enter the European market

Vector : buy a well known local company, Proctor

Mean : exhaust Protor’s resource so that it need helps

Limit : do not deteriorate too much Proctor’s image

F. Raynal & F. Gaspard Small treatise about e-manipulation for honest people 40/59

IntroductionInformation based attacks

Search engine optimizationOnce upon a time. . .

The main strategyWhite ops based on SEOBlack ops based on hacking


1 Information based attacks

2 Search engine optimization

3 Once upon a time. . .The main strategyWhite ops based on SEOBlack ops based on hacking

F. Raynal & F. Gaspard Small treatise about e-manipulation for honest people 41/59

IntroductionInformation based attacks

Search engine optimizationOnce upon a time. . .

The main strategyWhite ops based on SEOBlack ops based on hacking

Buying Proctor : the main strategy

Marry me

Tonton propose a partnership to Proctor :

A big big (and lucrative) contract in India, where Proctor wants togrowProctor must propose to Tonton other contracts in Europe whereProctor wants to find partners

The 1st indian contract is really interresting for Proctor

Tonton gives next other (rotten) contracts to Proctor on the Indiamarkets


Proctor : resources consumed in several markets, new businesses,lawsuits

Tonton : internal view of Proctor, cheaper resources involved

F. Raynal & F. Gaspard Small treatise about e-manipulation for honest people 42/59

IntroductionInformation based attacks

Search engine optimizationOnce upon a time. . .

The main strategyWhite ops based on SEOBlack ops based on hacking

Buying Proctor : the main strategy

Tonton & Proctor


T & Panswer (and

win) a 1st big contract

Contractfor P

Lot of workSmall benefits


for P

Contractfor T

T : Tonton (indian cie)P: Proctor (european cie)PR: Public Relation



F. Raynal & F. Gaspard Small treatise about e-manipulation for honest people 43/59

IntroductionInformation based attacks

Search engine optimizationOnce upon a time. . .

The main strategyWhite ops based on SEOBlack ops based on hacking

Buying Proctor : drug the salesmen of Proctor

Happiness or deception for the groom

Provide a nice clients list to several salesmen ⇒ consume energytrying to reach them

Invitation to tender : identify them and gives them to Proctor ⇒consume energy trying to win them

Hire away salesmen : show them life is better somewhere else ⇒cause internal tensions and resignation


Proctor : salesmen will be busy as they have never been, goal beingto saturate them

Tonton : learn the european market with the watcher, wait forexhaustion

F. Raynal & F. Gaspard Small treatise about e-manipulation for honest people 44/59

IntroductionInformation based attacks

Search engine optimizationOnce upon a time. . .

The main strategyWhite ops based on SEOBlack ops based on hacking

Buying Proctor : drug the salesmen

Tonton & Proctor


T & Panswer (and

win) a 1st big contract

Contractfor P

Lot of workSmall benefits


for P

Contractfor T

T : Tonton (indian cie)P: Proctor (european cie)PR: Public Relation




Clients list given to

salesmenT puts watchers on .fr's markets

Many invitations to tender

Hire away salesmen

T + PR Exhibitions Visitorslists

F. Raynal & F. Gaspard Small treatise about e-manipulation for honest people 45/59

IntroductionInformation based attacks

Search engine optimizationOnce upon a time. . .

The main strategyWhite ops based on SEOBlack ops based on hacking


1 Information based attacks

2 Search engine optimization

3 Once upon a time. . .The main strategyWhite ops based on SEOBlack ops based on hacking

F. Raynal & F. Gaspard Small treatise about e-manipulation for honest people 46/59

IntroductionInformation based attacks

Search engine optimizationOnce upon a time. . .

The main strategyWhite ops based on SEOBlack ops based on hacking

Buying Proctor :

Time for opposition

Currently no website on life and business in IT consulting ⇒ createone, promote it

Use contacts found during information gathering to provide inputs

Contact a PR agency to promote the articles (propose interestingand new content ! ! !)

Use white hat SEO to enforce the visibility

Never target directly Proctor

⇒ We have created a very efficient long-term influence tool

F. Raynal & F. Gaspard Small treatise about e-manipulation for honest people 47/59

IntroductionInformation based attacks

Search engine optimizationOnce upon a time. . .

The main strategyWhite ops based on SEOBlack ops based on hacking

Buying Proctor :

Tonton & Proctor


T & Panswer (and

win) a 1st big contract

Contractfor P

Lot of workSmall benefits


for P

Contractfor T

T : Tonton (indian cie)P: Proctor (european cie)PR: Public Relation




Clients list given to

salesmenT puts watchers on .fr's markets

Many invitations to tender

Hire away salesmen

T + PR Exhibitions Visitorslists


WorkersFormer workers

ClientsPR => press

"bad" content

salary study


F. Raynal & F. Gaspard Small treatise about e-manipulation for honest people 48/59

IntroductionInformation based attacks

Search engine optimizationOnce upon a time. . .

The main strategyWhite ops based on SEOBlack ops based on hacking

Buying Proctor : aggressive SEO to shut up Proctor

The sound of silence

Google bowling : create many backlinks to Proctor from ”bad”websites (racist, sex, drugs, online casino, . . . )

Create ”bad” websites with the same keywords as ProctorUse blacklisted websites to link with Proctor

Duplicate content : find or create duplicate content on Proctor’swebsite

Use blogs, forum, . . . , to have many links pointing to the same page

Link farm : automatically create many websites dealing with Proctorhaving many many many links to Proctor

F. Raynal & F. Gaspard Small treatise about e-manipulation for honest people 50/59

IntroductionInformation based attacks

Search engine optimizationOnce upon a time. . .

The main strategyWhite ops based on SEOBlack ops based on hacking

Buying Proctor : aggressive SEO to shut up Proctor

Tonton & Proctor


T & Panswer (and

win) a 1st big contract

Contractfor P

Lot of workSmall benefits


for P

Contractfor T

T : Tonton (indian cie)P: Proctor (european cie)PR: Public Relation




Clients list given to

salesmenT puts watchers on .fr's markets

Many invitations to tender

Hire away salesmen

T + PR Exhibitions Visitorslists


WorkersFormer workers

ClientsPR => press

"bad" content

salary study



Link farms

Google bowling

Flaw exploitation


F. Raynal & F. Gaspard Small treatise about e-manipulation for honest people 51/59

IntroductionInformation based attacks

Search engine optimizationOnce upon a time. . .

The main strategyWhite ops based on SEOBlack ops based on hacking


1 Information based attacks

2 Search engine optimization

3 Once upon a time. . .The main strategyWhite ops based on SEOBlack ops based on hacking

F. Raynal & F. Gaspard Small treatise about e-manipulation for honest people 52/59

IntroductionInformation based attacks

Search engine optimizationOnce upon a time. . .

The main strategyWhite ops based on SEOBlack ops based on hacking

Buying Proctor : owning the local network

One laptop stolen is the key to everything. . .

Standard station locadm : ********locuser : qwerty

Backup Server+ master

sv_deploy : d3pl0y75

Administrator : $admin$


Projectrv : rv

Administrator :*******


jdupont : ********Administrator :


DB Serveradmprov : *******admsql : ******

srvadm : srv0dmsqlserver / sa

empty pwd


2 domain controlers1289 accounts

8 adminAdministrator (********)

jrichard (********)jdupont (********)jkevin (********)dvador (********)samva (********)cveso (********!)obade (********)File and

printing servers


Several servers (Lotus Notes,

mails, ...)


known passwordweak password


F. Raynal & F. Gaspard Small treatise about e-manipulation for honest people 53/59

IntroductionInformation based attacks

Search engine optimizationOnce upon a time. . .

The main strategyWhite ops based on SEOBlack ops based on hacking

Buying Proctor : owning the local network

Tonton & Proctor


T & Panswer (and

win) a 1st big contract

Contractfor P

Lot of workSmall benefits


for P

Contractfor T

T : Tonton (indian cie)P: Proctor (european cie)PR: Public Relation




Clients list given to

salesmenT puts watchers on .fr's markets

Many invitations to tender

Hire away salesmen

T + PR Exhibitions Visitorslists


WorkersFormer workers

ClientsPR => press

"bad" content

salary study



Link farms

Google bowling

Flaw exploitation



Steal laptop

Own AD Own


Own www noise

Poison keywordsCloaking

F. Raynal & F. Gaspard Small treatise about e-manipulation for honest people 54/59

IntroductionInformation based attacks

Search engine optimizationOnce upon a time. . .

The main strategyWhite ops based on SEOBlack ops based on hacking

Buying Proctor : when human (resources) is the weak link

Hiring away people

Focus on identified key people and send them (better) job proposal

Use the access to the LAN to get the resumes of all engineers,spread them on the Internet : some competitors will know what todo with them

Hiring process : hunting ghosts

People tracking resumes on the Internet are searching in the samefew sites : make the access to these sites difficult

Either on the proxy or the (shared) storage place, change what lookslike email address or phone number in resumes : people will be muchmore difficult to reach

F. Raynal & F. Gaspard Small treatise about e-manipulation for honest people 55/59

IntroductionInformation based attacks

Search engine optimizationOnce upon a time. . .

The main strategyWhite ops based on SEOBlack ops based on hacking

Buying Proctor : when human (resources) is the weak link

Tonton & Proctor


T & Panswer (and

win) a 1st big contract

Contractfor P

Lot of workSmall benefits


for P

Contractfor T

T : Tonton (indian cie)P: Proctor (european cie)PR: Public Relation




Clients list given to

salesmenT puts watchers on .fr's markets

Many invitations to tender

Hire away salesmen

T + PR Exhibitions Visitorslists


WorkersFormer workers

ClientsPR => press

"bad" content

salary study



Link farms

Google bowling

Flaw exploitation



Steal laptop

Own AD Own


Own www noise

Poison keywordsCloaking

HR Hire away

Key people

CVs send to Recruitment offices


steal leak


Recruitment process

Fake resumesWarp resumes

Sites maintenance

F. Raynal & F. Gaspard Small treatise about e-manipulation for honest people 56/59

IntroductionInformation based attacks

Search engine optimizationOnce upon a time. . .

The main strategyWhite ops based on SEOBlack ops based on hacking


Mixing everything in a clever way

Attacking with information is complex but difficult to oppose

Attacker has the initiative, a real advantageQuite easy (with time but no mean) to amplify the attack

SEO is a mix of following guidelines, cleverness and hacking

Usually applied on our own website (thus information)Can also be applied by everyone on anybody’s website

⇒ Mixing both is really efficient

The Internet is realy well suited to propagate information (e.g.deception, misinformation, intoxication)Content (information) is emphasize thanks to container (SEO)Do not forget you can also combine with other tricks from otherfields

F. Raynal & F. Gaspard Small treatise about e-manipulation for honest people 57/59

IntroductionInformation based attacks

Search engine optimizationOnce upon a time. . .

The main strategyWhite ops based on SEOBlack ops based on hacking

Q & (hopefully) A

F. Raynal & F. Gaspard Small treatise about e-manipulation for honest people 58/59

IntroductionInformation based attacks

Search engine optimizationOnce upon a time. . .

The main strategyWhite ops based on SEOBlack ops based on hacking

References I

Search engine optimizationhttp :// engine optimization

Captcha Breaking W/ PHPBB2 Examplehttp ://

Page Hijack : The 302 Exploit, Redirects and Googlehttp ://

Web spam techniquesR. S. Liverani –

http :// spam techniques/web spam techniques.html

F. Raynal & F. Gaspard Small treatise about e-manipulation for honest people 59/59