Meet the Russian hacker that helps advertisers defraud their AdWords competitors



What kind of chutzpah does it take to use Google’s own gmail and YouTube services to defraud the company’s cash cow AdWords business? Apparently the kind that is possessed by a Russian hacker going by the pseudonym “GoodGoogle.” (It’s no less bold to use Google’s trademark in your name.)

According to a recent blog post by KrebsonSecurity, GoodGoogle is among the most established AdWords fraudsters as a two year old operation that uses a botnet, custom software, and manual service to target the budgets of its clients’ AdWords competitors. Under such a scenario, GoodGoogle would use its bots to fraudulently click on a competitor’s ads, causing the company to pay for valueless traffic and eventually depleting an allocated AdWords budget.

The black hat company apparently charges its customers $ 100 per ad unit to block between three to ten of a competitor’s ads for 24 hours, offers a volume discounted rate of $ 80 for 15 to 30 blocked ad units, and an $ 1000 to block a few of ads indefinitely. All fees are paid with anonymous virtual currencies like Bitcoin and WebMoney and, being as a good businessman is wont to do, GoodGoogle offers support and a warranty on his work. Speaking via instant message, the hacker pointed Krebs to forums containing dozens of happy customers endorsing his work.

GoodGoogle’s pitch reads:

Are you tired of the competition in Google AdWords that take your first position and quality traffic? I will help you get rid once and for all competitors in Google Adwords.

The key to the effectiveness of the above operation, however, is to do so without tripping Google’s anti-fraud detection systems. Otherwise, the search giant is apt to cancel the offending clicks and black-list the corresponding IP addresses. As Krebs points out, the botnet involved in the AdWords fraud is likely used exclusively for this activity, and not for unrelated DDOS or spam attacks, for fear of landing on such lists.

It’s for this reason that the use of gmail and YouTube to operate this business is particularly brazen. Now that Krebs has called out the offending activity – assuming Google wasn’t already aware – expect the company to make a concerted effort to shut down the GoodGoogle service and to catch the offending hackers.

In many ways, GoodGoogle is the opposite of the more familiar type of click fraud in which publishers use bots to click on display ad units on their own site to juice their monthly revenue. Instead, the Russian hacker allows companies to target competitors ads and effectively price them out of competing in the AdWords market, making it easier and cheaper for the buyer of the service to reach its own companies.

It should be no surprise that there’s fraudsters out there looking to make an easy buck in targeting online advertisers. But it’s a bit surprising that a company like this has gone unchecked for more than two years, despite its flagrant disregard for any effort to hide his activity.

One conspiracy theory suggests that Google has taken a lackadaisical approach to AdWord fraud enforcement because this activity actually puts more ad dollars in its coffers, at least in the short-term. But that’s little more than wishful thinking from scorned advertisers. Google dedicates enormous resources to policing ad-fraud and spam.

It shouldn’t be long before GoodGoogle finds itself snuffed out by Google’s ad-cops. Unfortunately, like the cockroaches that hackers are, there are no shortage of bad actors willing to take the Russian’s place.