Data Breaches: A New Way to Game Google?by
It's a familiar routine: A company gets hacked, is subjected to a cascade of negative coverage online and spends months trying to repair its image.
What's less-known is that for some businesses, there can be an unexpected benefit to getting breached: a jump in the company's ranking on Google and other search engines, an outcome that could boost sales and visibility worldwide.
Since December, when Target began dealing with the public fallout of hackers stealing financial information from as many as 40 million customers, the company has faced lawsuits, a drop in sales, a decline in the stock price and investigations by regulators.
But something else happened -- the retailer's websites, where consumers can buy Target's products, started showing up slightly higher in search-engine rankings, according to Searchmetrics.
One possible reason is that the incident generated a crush of online coverage from media sites, bloggers and social media that pointed back to Target's Web properties, which in turn may have helped raise Target's online ranking.
"Google sees these new links as a signal of trust using their PageRank algorithm, which in turn increases the web property's rankings on the search engine," Robert Hansen, director of product management for WhiteHat Security , wrote in an e-mail.
Of course, Target is already well-known offline and on. Getting a higher search ranking comes nowhere close to outweighing the negative effects of getting hacked. But for unscrupulous businesses desperate to raise their profile on the crowded Web, promoting a breach, or even pretending one happened, could be an effective scheme to elevate an unknown company's online presence.
"There is a theory that on a relatively small Web property it is possible to use a breach event to your advantage within Google's rankings," said Hansen, a security researcher who regularly presents at the Black Hat and DefCon hacker conferences. He said the Target breach has spurred debate in security circles about this method of gaming Google.
It's happened before. In 2012, a Brooklyn man named Vitaly Borker, who ran a site called DecorMyEyes, was sentenced to four years in federal prison for a scheme in which he would threaten customers with violence to generate negative publicity and raise his business's Google ranking, according to the New York Times. Last year, Chipotle and MTV both admitted to faking breaches of their Twitter accounts to gain social-media attention and promote company events.
But pulling off the hacking ploy wouldn't be easy. Danny Sullivan, founding editor of Search Engine Land
, said the central challenge of such a scheme would be predicting the behavior of journalists writing the stories.
"Most publications are terrible at linking out to anyone," Sullivan wrote in an e-mail. "If they did, they’re likely linking to Target’s home page with the word 'Target,' helping it maybe rank better for 'Target' - which it already was doing well for."
When the Las Vegas Sands was hacked , there was no impact on the casino company's search-engine visibility, Marcus Tober, founder and chief technology officer of Searchmetrics, wrote in an e-mail. He said the news outlets he checked that covered the cyber-attack didn't link to Sands's website .
Criminal groups are already using computer hacking to manipulate search rankings. Attackers will plant invisible links on otherwise trustworthy Websites that point back to their own sites, which elevates their rankings in Google's search results.
"Many of the nefarious marketers I deal with claim that if Google's PageRank algorithm were simply removed it would dramatically reduce the global amount of website compromises, because it would reduce the incentive for the breach," Hansen said.
Google said that it has been fighting attempts to manipulate its search results for years and has sophisticated technologies in place to fight fraud.
"When someone is looking for information on Google, we want them to find the most relevant answers possible," the company said in a statement. "Our search algorithm relies on more than 200 signals to help people find the answers they're looking for. And rankings vary by query: a site may rank highly for one query, and not for another. We also continually improve our algorithms that detect and discourage spam -- these efforts have been going on since the earliest days of the company."
If this deceitful strategy does catch on, it'll be the digital-age embodiment of the old saying, "there's no such thing as bad publicity."
As long as they link to your homepage.