Reputation Attacks: A Little Known Internet Threat

Reputation attacks target both individuals and companies, and their goal is to ruin the victim’s reputation. While attack techniques are varied, the consequences are often the same: a damaged reputation resulting in many cases in financial loss. Attackers can use several methods to ruin a company’s reputation. Until now, most common attacks have been based on distributed denial of service (DDoS). The objective of these attack is to flood corporate online services by means of millions of non legitimate requests from botnets. In this way, business performance is affected, causing direct financial losses and the corresponding damage to corporate image and reputation.

Corporate websites are also the target of “defacement’ attacks. They consist of trying to exploit a server or Web application vulnerability to modify pages or introduce other content in the pages that shows the corporate web server. When users and potential customers visit a corporate web page and find it has been modified by a third-party, their confidence in the company is seriously affected.

Another method used by hackers that has proven successful is publishing false information on forums and blogs. Seemingly genuine news items, quotes included (false, of course) strategically distributed on several online sites can spread like wildfire, and achieve their goal: to convince a large number of users that the information is true. Many urban legends that are still popular today were originally created in a similar way, and have managed to affect highly prestigious multinational companies.

In a similar vein, there have also been false rumors aimed at manipulating stock market prices. Firstly, attackers send true stock market information as spam, to potentially interested parties. After several messages and once attackers consider they have sufficiently gained people’s trust, they send false information to manipulate stock prices.

Google, a reference point on the Web
Google’s strategic position on the Internet has seen it become a reference when searching for information, but also has a key role in establishing corporate reputations, good or bad. Consequently, Google is also used to attack the reputation of third-parties.

The best known method is “Google bombing’ which allows specific websites to appear at the top of search results. Attackers study the way in which Google indexes and orders web pages during searches, and try to introduce critical content regarding a specific brand or company in the first places of the results list. When users search for a specific brand in Google, the first links displayed include pages aimed at damaging their reputation. Although Google has improved its algorithm to avoid these attacks, they are still common practice.
PageRank is another Google-based method aimed at ruining corporate reputations. It consists of algorithms developed by Google to measure quantitatively the relevance or importance of web pages on a scale of 0 to 10. A company’s PageRank usually represents its popularity; if the value is high, it is usually considered to be a reliable source accessed by many important sites.

Google is currently penalizing companies who exchange links and artificially try to increase PageRank. Attackers are exploiting this to insert penalized links on legitimate web pages. This way, they get the site to be penalized, its PageRank to decrease, and thereby damage its reputation.

Other ways of attacking a reputation
CastleCops is a volunteer security community focused on making the Internet a safer place. Its free services include malware and rootkit cleanup, malware and phishing research, and malware and hash databases.

CastleCops accepts donations via PayPal. Attackers took advantage of this to begin a campaign aimed at discrediting CastleCops. They stole PayPal users’ passwords using Trojans and phishing techniques, and made several donations to CastleCops. When users realized someone had sent their money to CastleCops, they blamed CastleCops for the fraud. Consequently, CastleCops was forced to return all the money, and invest in resources to manage all the complaints and requests. CastleCops’ reputation was undoubtedly damaged.

Malware-based attacks
Most of the methods described above are essentially malware-based. For example, botnets are used to carry out distributed denial of service attacks and to launch spam that contains false information to ruin companies’ images. Most defacements also use automated attack tools. In the case of Google, malware is also used to automate the insertion of links and spam on 2.0 websites that allow users to add content. In the case of CastleCops, Trojans were used to steal PayPal users’ credentials.

There are numerous scenarios in which viruses, Trojans and other malware-types can damage a company’s reputation. In 2004, even Google was affected by the MyDoom worm which disabled many of its servers for several hours. Worse still, the search engine underwent the attack hours before being floated on the stock market. Other search engines such as Altavista, Yahoo! and Lycos were also affected by the worm.

Phishing techniques, which are still as popular as ever, can also damage companies. These attacks are critical for banks, since they cause financial losses and strike fear in users. In the same way, specially-crafted Trojans (mainly banker Trojans) have become one of the worst Internet threats. The main danger lies in the fact they are designed to specifically affect certain entities, and in many cases, operate totally invisibly and when users access their online bank, their access credentials are sent to hackers. In 2006, Trojans accounted for 53 percent of all new malware created, and 20 percent of these were banker Trojans. During 2007, there have already been over 40 percent more attacks than in the whole of 2006.