Rogue Affiliate Hacking Scheme Uncovered; Educational, Government Sites Targeted
A rogue affiliate operator based somewhere in central Europe is believed to be responsible for an extended hacking scheme targeting seldom-updated pages on mostly US-based institutional sites. The scheme’s temporarily successful intent: Inserting secretive backlinks into these pages, thus creating top-page SEO rankings on Google for the affiliate’s link-farm style site.
News of the hack was recently revealed by eTraffic, an online-search and marketing firm, including online gambling. ETraffic researches revealed on Thursday that they have stumbled upon the scheme, in which at least 76 web pages had been subtly altered to include such backlink phrases as “real money slots online” and “online casino,” among many others.
The secretly-altered pages are predominantly on the domains of US-based colleges and universities. The list of notable institutions whose websites were hacked by the unidentified rogue includes such well-known schools as Duke University, Stanford, the University of Michigan, Dartmouth (an Ivy League school), the University of Florida, the University of Kentucky, plus many others. A few local-government and non-US domains are also among the list of sites known to have been hacked.
The purpose of the hack was quite clear, and explained at length in the eTraffic piece. By creating the hidden backlinks from already high-ranking sites, the lawbreaking affiliate achieved top-page Google ranks for many different keyword and phrase searches. Google’s long-broken algorithm has been abuse in such ways in several instances in recent years. Click-throughs by gambling customers who search for the key phrase can translate into quick conversion payments for such cheating affiliates.
Here’s a sample of how the backlink text (italicized) was inserted, clunkily, into unrelated pages. This comes from the official site for the city of Reading, Pennsylvania, among the dozens of victimized domains:
… File an Annual Business Privilege Tax Return
Most businesses are assessed a small fee based on gross receipts generated on the sale of goods and services in the City. Detailed information is available on the City’s web-site.
Obtaining a Health Permit
The sale of food is online casino games real money no deposit also regulated by certain health and safety codes, and permits that are issued by the Property Maintenance Division at City Hall. It is against the law to serve food or sell groceries without the required permits. For additional information, contact the PMD at 610-655-6283. …
Most of the hacked sites have since been fixed, though some examples still remain.
As to who’s responsible for the hack, that’s not yet publicly known. The site (which we won’t name or link to, which would be self-defeating), is registered anonymously through Company Gransy (Gransy S.R.O, d/b/a Subreg.cz), a Czech Republic-based sub-registrar. And the site is hosted in Frankfurt, Germany, at one of European hosting service Leaseweb’s many server sites.
The illicit link farm is still active as of today, though it is likely that several response actions are in the works. Such responses likely include takedown orders involving the hacking’s beneficiary domain, plus a likely manual blocking of that domain from all Google results, when and if Google ever gets around to it. Civil and criminal charges are also possible once the hacker is identified. The affiliate’s link farm includes offers for sites created by Microgaming, NextGen, NetEnt, BetSoft and Real Time Gaming, implying that the rogue affiliate currently has deals with those gaming providers, at least temporarily.