Sound the alarm! That’s right all you marketing professionals, pay attention because this is a warning. When you start to dominate your industry in search and digital marketing, you’re sure to attract a crowd who will resort to anything in order to steal your success. In the case of my work for MIWV.com, they couldn’t beat me, so they tried to hijack my results.
At Millimeter Wave Products Inc. in Largo Florida, I handle all information technology and global marketing initiatives. The goal is to dominate search, so my time has been spent working to attract new business from global companies universities, government organizations and more. While controlling search and other digital platforms (images Google Suppliers, YouTube, Baidu, etc.) is a continual process, I’ve already positioned MIWV as top dog, and people have noticed.
Other companies have recognized MIWV as a serious threat, not only because I’ve made it number one on multiple digital platforms, but of how fast I helped explode it onto the scene. I had only been working there about 3-4 months when it rose and took over the industry. It must have been like a magic trick to these other businesses. One day no one’s heard of MIWV and then next, they are controlling the industry.
The take over began at the end of May 2012, but the competition didn’t try to full-out hack MIWV until around Christmas time, 6 months later. I suspect they first attempted to outrank us with their own campaigns, and once it failed they went for the shady route. They clearly couldn’t beat me with digital marketing tactics, so the decided to try and hijack traffic to the MIWV website.
While attacks to the website are routine, from logs, port scans and injection attempts, they almost always fail due to the my counter measures. If a complete hijack or hack was actually successful, I also have a “panic button” in place that I can simply press to auto-replace everything I’ve put in place.
The only successful attack was the one I mentioned that happened over the holidays in December 2012. It really was sophisticated in nature, setting it apart from the rest.
How the Hijack Worked?
This hijack disguised itself well with a little known technique to stay under the radar. It was a MySQL injected redirect that attacked the web server and embedded itself inside the MySQL database. The code itself remained hidden on datacenter scans. (As some of you know, you can deliver code through injections and XSS techniques on certain servers, platforms and websites if they’re not updated.) In our case it was a zero day attack, meaning it was a new technique that anti-virus/malware software doesn’t know about… that occurred on MySQL that has since been reported an updated to virus/malware companies globally.
What was the Hacker’s goal?
The purpose of this malware was to infect the MIWV website by detecting (and ultimately redirecting) traffic from queries on any search engine. If someone were to directly type the website address, the malware would not be activated. Coming from a search engine was the trigger, the malware would remember your browser cache and have the ability now to re-direct you to a different website. In our case, they got as far as redirecting you to a page overseas, but it was still blank. (Had they been smarter they would have the site re-directs already in place prior in order to make their attack successful.)
See the hijack for your own knowledge.
(video I created for techs. to see and understand attack)
I could have easily removed the site and MySQL database then uploaded my clean backups to solve the problem, but I was curious to learn more. MIWV didn’t lose any money in the situation, and the site wasn’t technically not “down”, but I wanted to find the actual code, since it’s sophistication level was above then normal, then search for logs and gather information on where the attacks originated. I got as far as the actual IP address overseas, but at that point I would have had to deal with the host country authorities to subpoena information… so I dropped my investigation.
Why would Someone Target MIWV?
It’s not like the millimeter wave arena is common to regular folks, so what did they have to gain? You probably guessed it. Money.
In business these days it is extremely valuable to maintain digital dominance. As I’ve already mentioned, those responsible for hijacking our search results clearly wanted our search traffic. From my investigation, I could tell this was not just some bored college kid hacker. This was developed by professionals that were most likely hired by another company.
What if this Happens to You?
You should always be monitoring your website and search traffic, especially when you’re starting to build steam. If you are infected, contact your web server admin. or data center techs. to replicate the problems with them. At that point you will have to depend on their ability to handle the situation. (another reason why quality support is worth gold…) Another thing you can do is scan your website at http://sucuri.net. The scan is FREE and it’s one of the best website scans around. (Please be aware that this example was a server level attack, while most malware targets the individual P.C. The angle of attack was to not worry about the individual, but go after the server to hijack search results.)
Since I was able to get to the exact malware code, I downloaded the script for my own reference, but I would never use it. It really would be a poor use of my time. I’d rather invest my energy into strategic marketing that produces results. Look at what happened with this attempt. I’m sure someone was paid good money to infiltrate MIWV.com, but in the end it was a totally wasted effort. Use time, money and effort to deploy the best marketing campaigns you can. That’s what I do, and clearly it works! 😉