Despite the action packed title this is a very serious topic, malicious attacks on websites are nothing new, and are certainly something Sony are very familiar this week. Botnets for example have been used in the past by hackers and programmers to create distributed computer networks in order to cause denial of service attacks on websites. Often a denial of service attack would be used to blackmail or threaten a company into giving the website assassin money in exchange for ceasing the attack.
However clever and hard to trace these DOS attacks are, it is still possible to trace, identify and prosecute the perpetrator. The rise of SEO in modern day marketing however has started to deliver a new generation of website assassins and tactics. Anyone who has read about the recent penalty applied to JC Penney will probably have thought to themselves; so if I buy a thousand spammy links pointing to a competitor site then report this anonymously to Google, they could be penalised too.
This isn’t new thinking and given the large amount of fraudsters, black hat SEO agencies and the pressure from clients to produce results in highly competitive markets has lead to subversive attacks in the past. Dan Thies for example made a blog post four years ago regarding “How a third party can remove your site from the SERPs”. This type of attack uses proxy servers and bots to index pages of a website making them appear as duplicate content.
As Google adapt and develop their algorithm can we expect to see a more malicious and targeted forms of gaming the system? Rather than seeing companies try and slip by the eye of Google by using link or content farms, paid for links, keyword stuffing etc, we could see a rise in the use of these tactics to attack a website’s credibility or authority.
Equally as important is whether a company can prove that they have not implemented these methods themselves, or would they blame their SEO agency who would equally deny involvement in such activities? Without police involvement it would be impossible to trace such activities to a particular person or company. So would this be a civil matter, a criminal matter, and how would Google respond to the evidence? While you are trying to prove your innocence, your website is wiped from the SERPs and you’re losing money daily.
I have seen angry customers of a client create duplicate websites of the company who wronged them; some have even optimised these for the company’s keywords and appeared below them in the SERPs. This can be massively damaging to a brand, a business and an online reputation. Once Google develop their algorithm to detect content syntax, to determine whether a review is good or bad; it could be possible to create hundreds of negative reviews to flood the net with bad press which could then adversely affect your position within the SERPs.
A distributed attack like this could be virtually impossible to track effectively; a single person could create hundreds of bad reviews, using proxy servers and IP masks to hide their identity and post all over the internet. Even if you could prove that they left bad reviews you would have to prove that this was either illegal or malicious in some way AND specifically prosecute them in the country in which they are based.
There is no internet police; we trust that Google and other search engines can identify spam and relevant material. With cyber real-estate on the world’s digital high street becoming more and more valuable perhaps this kind of mercenary behaviour will become more prevalent as time goes on.