Posted by Ivana Kalay
Have you seen a sudden increase in the interest in "Black PR"? If you haven't... you will.
What is it? For those of you who aren’t familiar with the term, "Black PR" or BPR occurs when a person with malicious intent -- often a competitor -- uses various techniques to attack and even destroy an adversary's reputation. It may be unethical, but in a zero-sum business world it is also survival of the fittest. It is a strategic alternative and a most effective one at that.
How's it done? There are thousands of ways to screw with the basic relationship between the organization and its stakeholders frankly. But now with Web 2.0, it doesn't get any easier.
By way of background, the term "Web 2.0" was coined by O'Reilly Media in 2003 as a marketing buzzword used to capture the new ways of developing and interacting with on-line applications. Web 2.0 applications are by-directional and absolutely better suited for information gathering and analysis. Regrettably, these very same technologies can also be used by Black PR practitioners to reach the masses faster than ever before. Welcome to BPR 2.0.
For the record, BPR techniques in the Web 2.0 world are pretty much the same as their earlier iterations; only now the new tools can handle enormous volumes of information. While in Web 1.0 the data was hard to be found, analyzed and modified; today it is much more accessible and a lot more integrated. Simple fact, search engines query information more often than before and cached information sources never disappear.
Here, to spirit discussion, let's look at some of the technical aspects of Web 2.0 and how each relate to potential Black PR practices:
Feeds -- Feeds are syndication formats designed to automatically deliver content to the user. RSS and ATOM are the two most popular formats. The idea behind feeds is rather than the need to visit a specific site as was the case in Web 1.0, a feed brings the information to the user. Due to their modularity and the remixable nature, feeds can very efficiently aggregate and re-distribute information.
Black PR professionals can take advantage of both RSS and ATOM by first locating key information channels and then using them to redistribute an alternative message. Once a carefully placed message is in circulation with important feed channels, it could potentially reach millions of users instantly. This type of technology can be used to spread forged messages in order to perform a negative BPR "stunt." And remember, traces of these stunts remain on the Net (your Web portfolio) forever.
Social Networks -- One of the key features of Web 2.0 is its social aspect. Social Networks are probably one of the most powerful BPR tools since they can be used to spread false messages virally.
Splogs -- Blogging is now the undisputed 21st century media platform for delivering messages. However, Splogs, short for spam blogs, are false, forged and artificially created blogs by software agents. Splogs are usually used to generate income by abusing advertisement platforms such as Google Ad-Sense.
However, it is completely different story when it comes to BPR. Black PR practitioners can and do employ the power of splogging to deliver a message across multiple platforms. The actual splog content is dynamically generated out of completely legitimate blogs and deadly BPR messages are then subsequently embedded. The more splogs that are employed, the further the message is distributed.
SEO Power Tools -- There are even power tools to enable even better and more successful BPR. One such is Paterva. Paterva is mega powerful tool which utilizes several social networks, search engines and information sources, such as the MIT PKI (Public Key Infrastructure) data to enable BPR professionals to extract and find links between entities in an easy to use and quite graphical way. Paterva can find links between e-mails, names, social profiles, locations, etc. Once the map is reveled the connections are obvious and leveragable.
Frankly, the real scary part... This stuff isn't that hard. For instance, a hacker could very readily create hundreds of junk backlinks to your site within a short period of time. Most commonly they'll set up a Splogs created using a free blog account. They'll create it in such a way that the anchor text of these links to contain spam words like “online gambling” or “viagra”. Bottom line: Google sends up a red flag anytime you acquire too many backlinks too quickly (especially if the links look spammy). In short order, your Google PR (page rank) goes to hell.
You want a real example of BPR 2.0's effectiveness? Here's a BPR strategy designed steal the clients of their rival. One of the leading European airlines (name withheld here for security) recently launched a new version of its website. It's Ajax Web2.0 orientated; it's beautiful; and it's vulnerable. What happened? The airline's major competitor hired a small team of professional "black-hats" (hackers) to probe the site using light-weigh Web-apps. The hackers directly found various "leaks," allowing them glean the names, contact details and many other personal data of the competitor's customers. The competing airline used the information to target specific travel prospectives and prices. The result: the company with the beautiful new website lost about 25 percent the annual revenue as a result of client conversion.
A loss of 25 percent the annual revenue... That's real money! And THAT should keep you up at night.
Well, at the very least, it should knock some sense into all the nuts-and-berries Social Media PR 2.0 freaks who think Web 2.0 is akin to the Second Coming.
Web 2.0 is without doubt the most innovative approach to technology. However, due to its flexibility, modularity and easy of use, it perfectly suits black public relations practices. The future is within the information, the single most valuable resource in the digital world. Black PR needs indefinite supply of it and Web 2.0 is here to make that happen.
You've been warned.
Ivana Kalay is a leading PR security expert. She is an active member of Gnucitizen, a creative hacker organization. She specializes in information technology hacking, social engineering and Black PR.
Display comments as (Linear | Threaded)
A lot of this is being done in Russian PR, where Black PR has a long, rich history - intertwined with good, old fashioned, government propaganda. That and the mass of hacker expertise there makes all this really relevant.
Otherwise, how does a consultant go about pitching Black PR and Black PR 2.0 to a client? I work out of London and that might be something genuinely new!
Mmm. This may be the biggest load of tosh I've seen online since the last one, or it could just be a huge wind-up.
Let's take just one little sliver.
"One of the leading European airlines (name withheld here for security) recently launched a new version of its website. It's Ajax Web2.0 orientated; it's beautiful; and it's vulnerable. What happened? The airline's major competitor hired a small team of professional "black-hats" (hackers) to probe the site using light-weigh Web-apps. The hackers directly found various "leaks," allowing them glean the names, contact details and many other personal data of the competitor's customers. The competing airline used the information to target specific travel prospectives and prices. The result: the company with the beautiful new website lost about 25 percent the annual revenue as a result of client conversion."
Bzzzt! Does not compute! Really, a quarter of a major European airline's revenue went away because someone hacked their website and then used the information to target customers? There's really no easier way to find an airline's customers? And this enormous circus of fraud and incompetence happened and nobody got arrested? And 'light weigh[t] Web-apps" have been the weapons of choice among hackers since... when?
I do not think these words mean what you think they mean.
well, check out the current Skype outage. ALEXA clearly shows that Skype has list a significant portion of their traffic for the duration. What if this was caused by hackers?
Since you don't mention the name of the hacked airline, it's hard to verify your case study. After losing 25% of revenues, surely a "leading European airline" would address this issue? If it is no longer an issue, surely it's safe to mention their name?
If they are a client, it's imperative, of course that you not name them - but in this case, I believe that you should identify them as a client of yours.
If not, I think that you should feel free to tell us who they are, in order that we can draw more informed conclusions.
Isn't this just a "tidy up your Web 2 leaks" security story (like the three little pigs)? But one that's been beefed up, and made scarier by your slightly vague, doom-laden prophecies.
Could we really lose 25% of our revenues if a competitor grabbed my customer list? It feels wrong somehow - I've never known customers to be either so fickle, or so responsive to messaging.
And from what little I recall of another airlines (publicly recorded) "dirty tricks" campaign in the early nineties, this seems like a gross inflation.
An interesting artlcle, though, and one that demands close attention.
Hi - very nice writeup. I didn't know Paterva - cool hint, thx. The black-linking to decrease site ranks is a pretty common technique in good ol' since the BMW 'accident' :)
This post brings up a lot of good food for thought although most of the band wagoners won't take heed until its far too late.