ShareThis Page

CMU website, others targeted by hackers to toy with Google search results

Aaron Aupperlee
| Friday, Oct. 7, 2016, 7:33 p.m.

Carnegie Mellon University's website was hacked.

But it wasn't an attack intended to take the university offline or one aimed at stealing personal information.

Instead, the hackers slipped a single word, “machine,” into a page about the executive director of CMU's Australia campus and linked the word to an online casino site, according to an investigation by eTraffic, an Israeli web marketing company that discovered the hack last month.

That link, and dozens like it on college and government sites, helped the casino website — mobileslotcash[dot]com — shoot to the top of Google's search results, likely driving traffic to the site and potentially bringing in $80 per click.

It was a classic “black hat” search engine optimization (SEO) tactic, experts told the Tribune-Review. It's the shady side of Internet marketing, in which some groups break the rules and sometimes resort to hacking to rank near the top of search engine results.

“We felt that applying this kind of SEO strategy is aiming a bit too low,” eTraffic wrote in a report on its investigation . “There's no other way to put it — this is just wrong.”

The hack targeted CMU and more than 70 other university, college and government websites, all ending in .edu or .gov. ETraffic said the hackers took advantage of the “last online resort free of exactly these kinds of manipulations.”

The phrase “online slot machines for real money” and a link appeared in a Stanford University page about how to build a website. “Online casino games real money no deposit” appeared on a website for the city of Reading, which was intended to give step-by-step directions to access government services. Boston University's library page for The North American Fichte Society, a site for scholars devoted to the study of German philosopher J.G. Fichte, had the words “real money mobile slots” on it.

Links from these types of sites are prized in the SEO world. They can add credibility and legitimacy to sites Google scans, causing the search engine to list it higher in results.

The renegade words and links have since been removed from many of the affected websites. The casino website has since disappeared from Google search results. Google likely learned about its SEO trickery and banned it, experts said.

In a statement to the Tribune-Review, Google declined to comment on specifics.

“Our webmaster guidelines are designed to protect users, and when a site violates them, we reserve the right to take action to preserve a good user experience. This helps ensure that in the long run people can find the best possible search results on Google, and website owners can compete on a level playing field for traffic,” Google wrote.

CMU declined to comment on the hack. Other universities, colleges and governments contacted for the story did not comment.

Little is known about the casino site behind the links. Mobileslotcash[dot]com claims to have information and links to online casinos. The site's editors make casino ratings once a month to “give a complete picture of what online casinos are worth your attention, so that you can try your luck in them,” according to the site.

The site is registered in the Czech Republic. When asked for comment via email, mobileslotcash[dot]com directed the Tribune-Review to fill out a form used to report abuses by the site. No one responded.

Guy Regev, CEO of eTraffic, told the Trib his company has detected black hat SEO tactics before but not on such an aggressive level.

ETraffic reached out to the affected sites through Twitter but saw little reason for concern.

“The perpetrators got what they wanted — a link from high-trust sites. My intuition says that's all there is there,” Regev said. “The main takeaway is that there is a lot of money in search, probably too much, and people will go to insane lengths to get their hands on some of it.”

Vanitha Swaminathan, a marketing and business economics professor at University of Pittsburgh's Joseph M. Katz Graduate School of Business, said black hat tactics can produce significant short-term results. But if Google or others find out, they can ban websites from their searches, costing companies dearly.

Large, reputable companies such as BMW, Toys R Us and J.C. Penney have all inadvertently hired a search engine consulting firm that used black hat tactics to inflate their search ranks.

“But, when they were found out, their rankings dropped so significantly, it cost the company a great deal by way of lost sales,” Swaminathan said. “Be aware of the risks of using black hat SEO — when you get found out, the search engine can make you regret you ever did it.”

Aaron Aupperlee is a Tribune-Review staff writer. Reach him at 412-320-7986 or aaupperlee@tribweb.com.

TribLIVE commenting policy

You are solely responsible for your comments and by using TribLive.com you agree to our Terms of Service.

We moderate comments. Our goal is to provide substantive commentary for a general readership. By screening submissions, we provide a space where readers can share intelligent and informed commentary that enhances the quality of our news and information.

While most comments will be posted if they are on-topic and not abusive, moderating decisions are subjective. We will make them as carefully and consistently as we can. Because of the volume of reader comments, we cannot review individual moderation decisions with readers.

We value thoughtful comments representing a range of views that make their point quickly and politely. We make an effort to protect discussions from repeated comments either by the same reader or different readers

We follow the same standards for taste as the daily newspaper. A few things we won't tolerate: personal attacks, obscenity, vulgarity, profanity (including expletives and letters followed by dashes), commercial promotion, impersonations, incoherence, proselytizing and SHOUTING. Don't include URLs to Web sites.

We do not edit comments. They are either approved or deleted. We reserve the right to edit a comment that is quoted or excerpted in an article. In this case, we may fix spelling and punctuation.

We welcome strong opinions and criticism of our work, but we don't want comments to become bogged down with discussions of our policies and we will moderate accordingly.

We appreciate it when readers and people quoted in articles or blog posts point out errors of fact or emphasis and will investigate all assertions. But these suggestions should be sent via e-mail. To avoid distracting other readers, we won't publish comments that suggest a correction. Instead, corrections will be made in a blog post or in an article.