Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Hijacked Web Traffic For Sale

timothy posted more than 2 years ago | from the 1-crying-young-spying-young-viewer-for-sale dept.

Crime 68

mask.of.sanity writes "If you can't create valuable content to attract users to your site, Russian cyber criminals will sell them to you. A web store has been discovered that sells hacked traffic that has been redirected from legitimate sites. Sellers inject hidden iframes into popular web sites and redirect the traffic to a nominated domain. Buyers purchase the traffic from the store to direct to their sites and the sellers get paid."

Sorry! There are no comments related to the filter you selected.

In the news tomorrow... (0, Funny)

Anonymous Coward | more than 2 years ago | (#38862635)

"Russian Hackers find a way to sell their own mothers"

FTFY (-1)

Anonymous Coward | more than 2 years ago | (#38862689)

"Russian Hackers find a way to sell..."

Your Mom.

Re:FTFY (0)

Chrisq (894406) | more than 2 years ago | (#38864267)

"Russian Hackers find a way to sell..."

Your Mom.

I have just two questions. Is she fit, and how much?

Obligatory... (0, Funny)

Anonymous Coward | more than 2 years ago | (#38862649)

In Soviet Russia, web-store sells you.

I'll visit your site, govnah. (1)

Anonymous Coward | more than 2 years ago | (#38862685)

Ten pence per page load!

Uhm... (4, Informative)

martin-boundary (547041) | more than 2 years ago | (#38862699)

Isn't this what websites do all the time with ads, and Facebook and Google+ buttons? It's not like I personally agree to send my traffic to Facebook when the button shows up on a random webpage, and visiting all those ad servers incidentally just slows down my web browsing for no good reason.

Re:Uhm... (-1, Flamebait)

Anonymous Coward | more than 2 years ago | (#38862737)

Here's a question. How mentally retarded are you? Is it the point where your head is as large as a watermelon? Do you need to wear a hockey helmet to avoid further injury? Do you have at least bowel control?

Because most non-retarded people could understand the difference between scripts added by the site owners for advertising or promotion purposes versus those illicitly embedded by russian hackers.

Re:Uhm... (1)

Anonymous Coward | more than 2 years ago | (#38862797)

I can't tell the difference, because I adblock and greasemonkey that shit into oblivion.

Re:Uhm... (1)

ewanm89 (1052822) | more than 2 years ago | (#38863797)

You might want to add noscript too!

Re:Uhm... (1)

LifesABeach (234436) | more than 2 years ago | (#38865793)

All Hail the Gang of Three, "greasemonkey, adblock, and noscript!"

Re:Uhm... (1)

alreaud (2529304) | more than 2 years ago | (#38867287)

Ghostery feels left out...:-(

Re:Uhm... (0)

Anonymous Coward | more than 2 years ago | (#38875039)

right, right, because anyone who isn't as computer literate as the average Slashdot user is "retarded".

This is why you have no girlfriend.

Re:Uhm... (0)

Anonymous Coward | more than 2 years ago | (#38862771)

Isn't this what websites do all the time with ads, and Facebook and Google+ buttons? It's not like I personally agree to send my traffic to Facebook when the button shows up on a random webpage, and visiting all those ad servers incidentally just slows down my web browsing for no good reason.

This is different. In this case, It looks like the browser is redirected to the to the seller's domain. The "buttons" you refer to are just AJAX requests in the background.

Re:Uhm... (2, Informative)

Anonymous Coward | more than 2 years ago | (#38862847)

Isn't this what websites do all the time with ads, and Facebook and Google+ buttons? It's not like I personally agree to send my traffic to Facebook when the button shows up on a random webpage, and visiting all those ad servers incidentally just slows down my web browsing for no good reason.

This is different. In this case, It looks like the browser is redirected to the to the seller's domain. The "buttons" you refer to are just AJAX requests in the background.

what are you talking about? facebook "like" buttons are either scripts or iframes, and the script just adds an iframe after the fact, but in it all comes down to GET requests and cookies stealing information that do slow down browsing of sites. if you cannot see this perhaps it is time to get off dialup.

Re:Uhm... (0)

mister_dave (1613441) | more than 2 years ago | (#38863011)

?

You only "send your traffic" to facebook, if you choose to click on the link to Facebook.

all those ad servers incidentally just slows down my web browsing for no good reason

The "free" content you like to browse costs money to produce.

Re:Uhm... (5, Informative)

Pieroxy (222434) | more than 2 years ago | (#38863115)

?

You only "send your traffic" to facebook, if you choose to click on the link to Facebook.

Aaaaand, congratulations! You don't know how the Web works.

Whenever you see the "Like" facebook button, you browser has made several HTTP request to facebook and run facebook hosted scripts on your page. And if you're logged in to facebook on that computer, facebook has recorded the fact that YOU went to that page.

All of that without clicking on the button, courtesy of the website owner.

Re:Uhm... (4, Interesting)

kainosnous (1753770) | more than 2 years ago | (#38863465)

Very true. It's something that has bothered me for a while. I'd really rather not have Facebook and others tracking me all over the web, and yet, they usually do. Even while you're viewing this very page, there are icons for Twitter, Facebook, and Google which must be loaded from their site. IIRC, some of those ToS won't allow you to use their logo, so it has to come from their site. Even the website has a copy of the image, you still need to use their site for stats and other nifty functionality. In modern sites, that is almost always done by client side JavaScript which makes users send traffic to their site. All of that can be bypassed, but I don't know anybody who does for long.

I think that people would be truly shocked to find out how much information they are sending about themselves, and how many sites collect it that they are unaware of. Most of that comes because of an ignorance about how the web works. What makes it sad is that most of them don't care as long as they get to chat with friends on their Facebook page.</rant>

Re:Uhm... (3, Insightful)

somersault (912633) | more than 2 years ago | (#38863537)

Even while you're viewing this very page, there are icons for Twitter, Facebook, and Google which must be loaded from their site

Actually, those images are loaded from http://a.fsdn.com/sd/commentshareicons.png [fsdn.com] .

Tinfoil hat fail.

Yes, most of them don't care. I don't care either.

Re:Uhm... (1)

Dan541 (1032000) | more than 2 years ago | (#38865353)

How about;

static.ak.fbcdn.net
apis.google.com
platform.twitter.com
and google-analytics.com ?

Re:Uhm... (1)

somersault (912633) | more than 2 years ago | (#38865597)

Well, I only checked the icons since he said they "must" be loaded from Facebook, etc.

Anyone who does care about such things could log out when they're not using those sites, or use a separate browser for social sites, or block those domains from being accessed when they're not on the relevant site, do some types of browsing via proxy, etc etc etc. If you don't want these guys collecting your information to make your advertisements (if you don't block them) more relevant, simply stop handing out the information.. geez.

Re:Uhm... (2)

Maow (620678) | more than 2 years ago | (#38866401)

How about;

static.ak.fbcdn.net
apis.google.com
platform.twitter.com
and google-analytics.com ?

Use Ghostery add-on (Firefox & Chromium), perhaps with RequestPolicy Firefox add-on.

Unrelated but I can't stand browsing without EasyGestures add-on for Firefox...

Re:Uhm... (2)

ewanm89 (1052822) | more than 2 years ago | (#38863817)

Worse still is google analytics, that one happens 100% hidden from the ordinary users view, no picture or anything.

Re:Uhm... (1)

Anonymous Coward | more than 2 years ago | (#38864337)

Just install Ghostery on your browser?

Very true. It's something that has bothered me for a while. I'd really rather not have Facebook and others tracking me all over the web, and yet, they usually do. Even while you're viewing this very page, there are icons for Twitter, Facebook, and Google which must be loaded from their site. IIRC, some of those ToS won't allow you to use their logo, so it has to come from their site. Even the website has a copy of the image, you still need to use their site for stats and other nifty functionality. In modern sites, that is almost always done by client side JavaScript which makes users send traffic to their site. All of that can be bypassed, but I don't know anybody who does for long.

I think that people would be truly shocked to find out how much information they are sending about themselves, and how many sites collect it that they are unaware of. Most of that comes because of an ignorance about how the web works. What makes it sad is that most of them don't care as long as they get to chat with friends on their Facebook page.</rant>

Re:Uhm... (0)

Anonymous Coward | more than 2 years ago | (#38864965)

There's no such icons/buttons on the site for me.

Re:Uhm... (1)

houghi (78078) | more than 2 years ago | (#38867265)

To prevent this I block everything from Facebook. I do this on a host level.. Used to add it to my hosts file, but now I have blocked it on my DNS server.

Everything that is *.facebook.com (and facebook.com) is IP 0.0.0.0

Re:Uhm... (0)

Anonymous Coward | more than 2 years ago | (#38869431)

If you're using a proper DNS server it would be far better to just serve NXDOMAIN rather than quad zeroes.

Just add facebook.com as a zone, declare yourself the master, and point it to an empty database of RRs for the zone.

Re:Uhm... (0)

Anonymous Coward | more than 2 years ago | (#38865937)

uhm duh, everybody knows how the web works fucktard. It's more convenient now to send the information you want to facebook, it someone is going to be writing all this shit down, they might as well write down exactly what I want to say.

Re:Uhm... (5, Informative)

trancemission (823050) | more than 2 years ago | (#38863337)

You only "send your traffic" to facebook, if you choose to click on the link to Facebook.

?

Wrong. Many sites share information on their visitors to 3rd parties, this allows said 3rd parties to track and profile you. You do not have to click a link, it happens in the background.

Use this to find out who the main players are: http://www.ghostery.com/ [ghostery.com]

Ghostery sees the invisible web - tags, web bugs, pixels and beacons. Ghostery tracks the trackers and gives you a roll-call of the ad networks, behavioral data providers, web publishers, and other companies interested in your activity.

And obviously ad-block plus, NoScript at al...

Facebook specific:
https://addons.mozilla.org/en-US/firefox/addon/facebook-blocker/?src=userprofile [mozilla.org]

Re:Uhm... (1)

ewanm89 (1052822) | more than 2 years ago | (#38863807)

Accept the little picture was requested from facebooks' server?

Re:Uhm... (0)

Anonymous Coward | more than 2 years ago | (#38864377)

I looked all over the place and can't find the accept button. So, I hereby give you formal approval to download that picture to my computer.

Re:Uhm... (0)

Anonymous Coward | more than 2 years ago | (#38866249)

World would be a better place if the only sites were ones without ad's like it used to be.

(Incidently the type of stuff I like to read is like that but its extremely difficult to find).

If there was a way for me to search for sites that specifically don't have ad's then I would.

(The BBC is 100% ad free and already paid for by my license fee)

The content does cost money to produce but the content worth actually viewing is paid from another channel most of the time.

I hope those javascript pop over cloudflare things are blocked by a adblock subscription soon. Infact I have about 5 examples I think I will see if I can get them added to fanboy's annoyances myself.

Thanks for inspiring me.

Re:Uhm... (1)

CodeBuster (516420) | more than 2 years ago | (#38874175)

and visiting all those ad servers incidentally just slows down my web browsing for no good reason.

You don't use AdBlock [mozilla.org] ? You'd be crazy to browse the web these days without AdBlock, NoScript, Flashblock and Ghostery. Unblock sites that you really care about if you must, but browsing without any protection is just nuts.

This is getting ridiculous (2)

gweihir (88907) | more than 2 years ago | (#38862803)

It also shows the complete failure of law-enforcement when it comes to commercial hacking.

Re:This is getting ridiculous (1)

vikingpower (768921) | more than 2 years ago | (#38862863)

Yes. But on which side is the ridiculosity residing ? The law-enforcement's, as they can't do anything ? The engineering side ? Our side ? Yours, for making the more-than-obvious statement ?

Re:This is getting ridiculous (2)

gweihir (88907) | more than 2 years ago | (#38862889)

The only one I can be sure about is mine ;-)
This is slashdot though, so I am fine with that.

The rest looks a bit like moronic cops failing to catch moronic criminals defrauding moronic companies to deviate business from moronic customers. The complete human tragedy rolled into it. Reminds me a bit of of the movie "Fargo".

Re:This is getting ridiculous (1)

vikingpower (768921) | more than 2 years ago | (#38863003)

Funny that you should mention "the complete human tragedy". Reminds me of Barbara Tuchman's "The march of folly", on how humans repeat the same moronic behaviour through all of history.

Re:This is getting ridiculous (1)

BrynM (217883) | more than 2 years ago | (#38863013)

Lots of the time, this happens on porn sites. It's the old "shame you into not reporting it" angle.

Re:This is getting ridiculous (0)

Anonymous Coward | more than 2 years ago | (#38862879)

You're right! We need more law enforcement over the Internet! Get the TSA; I hear they are interested.

Re:This is getting ridiculous (2)

znrt (2424692) | more than 2 years ago | (#38863101)

It also shows the complete failure of law-enforcement when it comes to commercial hacking.

it also shows the braindeadness of site value assessment based on traffic.

AAA: Anti-Ajax-Argument (1, Insightful)

vikingpower (768921) | more than 2 years ago | (#38862813)

One more, in fact, there were already so many...

Re:AAA: Anti-Ajax-Argument (2)

andrew3 (2250992) | more than 2 years ago | (#38862941)

iFrames != AJAX. I'd say they probably never even used AJAX, only a simple JavaScript redirect.

Re:AAA: Anti-Ajax-Argument (1)

vikingpower (768921) | more than 2 years ago | (#38862997)

I do agree. Still, imagine your most basic Ajax app, and the doors it opens to this sort of exploits. "The horror. The horror" ( Col. Kurtz, "Apocalypse Now" )

Re:AAA: Anti-Ajax-Argument (1)

andrew3 (2250992) | more than 2 years ago | (#38863033)

I always thought AJAX couldn't be done cross-domain, correct me if I'm wrong? (I don't do JavaScript very often)

Anyway, for me, the best solution is disabling JavaScript altogether using NoScript, and enabling on a per-domain basis. Call me paranoid...

Re:AAA: Anti-Ajax-Argument (3, Informative)

Pieroxy (222434) | more than 2 years ago | (#38863119)

You are correct. AJAX cannot be cross-domain.

There is however a catch, since a lots of libraries will allow you do do cross-domain "AJAX-like" request by adding a "SCRIPT" object to the page dynamically. You can't POST but you can GET fine with this method since the SCRIPT tag is cross domain.

who are they trying to fool? (1)

rocc0 (2542402) | more than 2 years ago | (#38862833)

traffic generators are there for a while already.... but the question is , who are they trying to fool?

Re:who are they trying to fool? (0)

Anonymous Coward | more than 2 years ago | (#38873593)

most of the time those iframes contain adver. it is very difficult if not impossible to detect that flash video adver are being displayed from inside an iframe. generate lots of traffic against the sites with a few of these iframes per page. it is very cheap to buy massove amounts of traffic. my neigbor worked for a company that did this. she only worked there for a few weeks before finding this out. she quit the day she found out.

that company ois still in business racking in millions per month. reporting it to the authrotis did nothing they ignored the complant.

teg (0)

Anonymous Coward | more than 2 years ago | (#38862865)

t4g

OMG (3, Funny)

goldaryn (834427) | more than 2 years ago | (#38862875)

Today I learnt

1) There are hackers on the Internet

2) Foreign capitalists also engage in criminal activity

3) Noone cares about Australian click-throughs

Re:OMG (0)

Anonymous Coward | more than 2 years ago | (#38863041)

Kredtu saldzinjums - http://www.kredituabc.lv/paterina-krediti

I love Russia... (0)

Anonymous Coward | more than 2 years ago | (#38862923)

I really do. Because that country has so completely failed as a nation state that any criminal activity one can possibly conceive of to use the internet for has already been done by some russian gang to make money off of.

Pay for bandwidth/hosting, AND for visitors (2)

mehrotra.akash (1539473) | more than 2 years ago | (#38863095)

Whats the point?

Re:Pay for bandwidth/hosting, AND for visitors (0)

Anonymous Coward | more than 2 years ago | (#38863571)

Its like paying someone for a denial of service attack. How is this useful?

Re:Pay for bandwidth/hosting, AND for visitors (1)

Anonymous Coward | more than 2 years ago | (#38863631)

Whats the point?

Their account information and/or credit card information. Think phishing on a more ambitious scale.

I don't understand.... (1)

GillyGuthrie (1515855) | more than 2 years ago | (#38863135)

Somebody please enlighten me on how this service works. If you are "injecting" inline frames that have a size of 0 width and 0 height, then how the heck does anybody click on it? I don't get it.

Re:I don't understand.... (3, Informative)

MrAngryForNoReason (711935) | more than 2 years ago | (#38863325)

Somebody please enlighten me on how this service works. If you are "injecting" inline frames that have a size of 0 width and 0 height, then how the heck does anybody click on it? I don't get it.

The iframe loads in a line of javascript which initiates a redirect to the target site. The user doesn't need to click on anything as the javascript will run automatically.

What this means in practice is that as soon as a user loads the page they will be redirected to the target site, probably so quickly that they don't realise. This is what makes it so dangerous as the user can be redirected to a page that is almost identical to the genuine one and then convinced to login to the site giving up their login or bank details etc.

Re:I don't understand.... (0)

Anonymous Coward | more than 2 years ago | (#38865451)

it's as easy as:

window.parent.location = 'http://newdestination.com';

Re:I don't understand.... (2)

kainosnous (1753770) | more than 2 years ago | (#38863541)

Just because you, the end user, doesn't see something, doesn't mean that you aren't actively engaging it. Everytime you open a web page, your browser usually makes several requests to retrieve stylesheets, scripts, and every image on the page. There is nothing that requires those items to come from the site you think they do. If a rogue script is there, then it gets on your computer and likely has all the permission that you've allowed for the page you're on, possibly including cookie information. Also, a script could quietly auto-redirect you to a phishing page, etc.

Wooooot!!!! in SOWIJET RUSSIA.... (-1)

Anonymous Coward | more than 2 years ago | (#38863199)

...things are D0NE

ACTA,SoPA,P1PA? FUCK Y0U \:D/

Viable marketing strategy (0)

Anonymous Coward | more than 2 years ago | (#38863339)

Why not, it's not like every company has the motto: 'don't be evil'
Pay a company to be on the Google first page(TM), or just buy the connections.

I'm just being sarcastic of course but from my point of view there is not much difference.
BTW good way to rickroll people.

Is this website fiverr? (-1)

Anonymous Coward | more than 2 years ago | (#38863463)

http://fiverr.com/gigs/search?query=visitors&x=0&y=0 [fiverr.com]

What's next? A report on the underground websites that sell pictures of naked girls kissing?

It's not criminality (-1)

Anonymous Coward | more than 2 years ago | (#38863587)

...it's the free market.

Stupid niggers.

Oh wait, I get it: because it causes minor personal inconvenience, all of a sudden it's worth talking about instead of genocide and existential risk. Well, guess what - it's not.

Ancient news (2)

Bob Ince (79199) | more than 2 years ago | (#38863765)

Not sure why this is suddenly news, the Russian iframe traffic hubs have been running for over a decade now.

The destination URLs are typically clickfraud, exploits, and iframes to other traffic redirectors.

The domain registrar mentioned in the article (DirectI) is notorious for high levels of abuse from the Russian-language sploit/AWM community.

Re:Ancient news (0)

Anonymous Coward | more than 2 years ago | (#38863947)

I was about to post this.
Also you can add filters to adblock plus on your own. I added facebook.com and twitter.com plus about 50 other places that have to buttons that are spewn through the web.

I wrote about this in 2003.. (1)

Dynamoo (527749) | more than 2 years ago | (#38869797)

I wrote about this in 2003. Well, sort of [slimeware.com] . Back then I created a site which was a sort of satire about the seedy side of internet money making, and this sort of traffic diversion tactic was one I came up with. It only took 9 years for real life to catch up..
Check for New Comments
Slashdot Login

Need an Account?

Forgot your password?