Islamic terrorists are arming themselves with the technical tools and expertise to attack the online systems underpinning Western companies and critical infrastructure, according to a new study from the Institute for Critical Infrastructure Technology.

The goal of the report was to bring awareness to "a hyper-evolving threat" said James Scott, ICIT co-founder and senior fellow.

Dark web marketplaces and forums make malware and tech expertise widely available and — with plenty of hackers for hire and malware for sale — technical skills are no longer required. A large-scale attack could be just around the corner, said Scott.

"These guys have the money to go on hacker-for-hire forums and just start hiring hackers," he said.

U.S. authorities are well-aware of the rising threat posed by Islamic terrorists armed with advanced cybertools. In April, Defense Secretary Ashton Carter declared a cyberwar against the Islamic State group, or ISIS. Ransomware chatter rose to prominence on dark web jihadi forums around the fall of 2015 and continues to be a topic of debate, particularly among members of ISIS and Boko Haram.

"I had the same position that I have right now with this in December of last year with regards to ransomware hitting the health-care sector," said Scott. "We were seeing the same exact thing."

Much of the chatter on jihadi chat boards comes from Europeans and Americans, often social outcasts living vicariously through the online reputation of their handle — including disenfranchised teens or jailhouse Muslim converts turned radicals, Scott said. They may not have strong coding skills, but they have access to Western institutions and businesses and are looking to leverage that access to serve ISIS.

An example of the sort of conversation that takes place on Islamic dark web forums involved a cleaner in Berlin who worked the overnight shift and wanted to know how they could help, said Scott. Others chimed in, explaining how the janitor could load malware onto a USB device and plug it into a computer to allow them to remotely hack into the network.

"That is the kind of insider threat that we are going to be facing," said Scott. "That is what they are seeing as the next step — an army of insider threats in the West."

"These guys have the money to go on hacker-for-hire forums and just start hiring hackers"
-James Scott, ICIT co-founder and senior fellow.

Though not known for being particularly sophisticated in their use of technology — beyond the use of encrypted messaging services and creating malicious apps — Islamic terrorists are now aggressively seeking ways to bridge gaps in their knowledge, said Scott. This may come in the form of hiring hackers, recruiting tech-savvy teens and educating new recruits.

"They are rapidly compensating for that slower part of their evolution," said Scott.

For example, ISIS operates what can best be described as a 24-hour cyber help desk, staffed by tech-savvy recruits around the globe. There are always about six operatives available to address questions, for example, about how to send encrypted messages, and strategize about how to leverage local access into cyberattacks. They also share tutorials, cybersecurity manuals and YouTube links, and try to recruit other techies, said Scott.

"It is obvious that cyber jihadists use dark web forums for everything — from discussing useful exploits and attack vectors, to gaining anonymity tips and learning the basics of hacking from the ISIS cyber help desk," he said. "Setting up properly layered attacks is incredibly easy even if one has a modest budget. All one needs is a target and a reason."
ICIT will present its findings and identify possible solutions for protecting critical infrastructure — along with a panel of industry experts and government officials — on June 29 in Washington.

Source:  http://www.cnbc.com/2016/06/15/the-cyber-jihad-is-coming-says-this-security-firm.html

Categorized in Internet Privacy

China’s powerful internet censorship body has further tightened its grip on online news reports by warning all news or social network websites against publishing news without proper verification, state media reports.

The instruction, issued by the Cyberspace Administration of China, came only a few days after Xu Lin, formerly the deputy head of the organisation, replaced his boss, Lu Wei, as the top gatekeeper of Chinese internet affairs.

Xu is regarded as one of President Xi Jinping’s key supporters.
The cyberspace watchdog said online media could not report any news taken from social media websites without approval.

“All websites should bear the key responsibility to further streamline the course of reporting and publishing of news, and set up a sound internal monitoring mechanism among all mobile news portals [and the social media chat websites] Weibo or WeChat,” Xinhua reported the directive as saying.

“It is forbidden to use hearsay to create news or use conjecture and imagination to distort the facts,” it said.

The central internet censorship organ ordered its regional subordinates to fully fulfil their duties on the basis of content management, strengthen supervision and inspection, and severely punish fake news or news that deviated from the facts.

“No website is allowed to report public news without specifying the sources, or report news that quotes untrue origins,” the circular warned, adding that the fabrication of news or distortion of the facts were also strictly prohibited.

The report said that a number of popular news portals, including Sina.com, Ifeng.com, Caijing.com.cn, Qq.com and 163.com, had been punished and given warnings for fabricating news before distributing it, the report said, without giving any details about the penalty.

The Chinese government already exercises widespread controls over the internet and has sought to codify that policy in law.

Officials say internet restrictions, including the blocking of popular foreign websites such as Google and Facebook, are needed to ensure security in the face of rising threats, such as terrorism, and also to stop the spread of damaging rumours.

Source:  http://www.scmp.com/news/china/policies-politics/article/1985118/all-news-stories-must-be-verified-chinas-internet

Categorized in Internet Privacy

A major underground marketplace acting like an eBay for criminals is selling access to more than 70,000 compromised servers allowing buyers to carry out widespread cyberattacks around the world, security experts said on Wednesday.

Researchers at Kaspersky Lab, a global computer security firm based in Moscow, said the online forum appears to be run by a Russian speaking group. It offers access to hacked computers owned by governments, companies and universities in 173 countries, unbeknownst to the servers' legitimate owners.

Access goes for as little as $6 for a compromised server. Each comes pre-equipped with a variety of software to mount denial-of-service attacks on other networks, launch spam campaigns, illicitly manufacture bitcoin currency or compromise online or retail payment systems, the researchers said.

Starting at $7, buyers can gain access to government servers in several countries, including interior and foreign ministries, commerce departments and several town halls, said Costin Raiu, director of Kaspersky's research and analysis team.

He said the market might also be used to exploit hundreds of millions of old, stolen email credentials reported in recent months to be circulating in the criminal underground.

"Stolen credentials are just one aspect of the cybercrime business," Raiu told Reuters in an interview. "In reality, there is a lot more going on in the underground. These things are all interconnected."

The marketplace goes by the name xDedic. Dedic is short for dedicated, a term used in Russian online forums for a computer under remote control of a hacker and available for use by other parties.

XDedic connects sellers of compromised servers with criminal buyers.

The market's owners take a 5 percent up-front fee on all money put into trading accounts, Raiu said.

Kaspersky found the machines run remote desktop software widely used by network administrators to provide technical support for Microsoft Windows users. Access to servers with high capacity network connections may cost up to $15.

Low prices, searchable feature lists that advertise attack capabilities, together with services to protect illicit users from becoming detected attract buyers from entry-level cybercriminals to state-sponsored espionage groups.

An unnamed Internet service provider in Europe alerted Kaspersky to the existence of xDedic, Raiu said.

High-profile targets include a U.S. aerospace firm, banks in the United States, Philippines, Kazakhstan, Jordan, Ghana, Cyprus, South Korea and Saudi Arabia, chemical firms in Singapore and Thailand and oil companies in China and the United Arab Emirates, Kaspersky found.

Raiu declined to name the organizations. He said Kaspersky has notified national computer emergency response teams in several countries.

Source:  http://www.cnbc.com/2016/06/15/cybercrime-market-sells-servers-to-launch-attacks.html

Categorized in Internet Privacy

My earliest Google search—the earliest one Google remembers, at least—was for "tetanus shot." My most recent was for "Tracy Morgan." In between, there are 52,493 searches, and Google remembers them all.

This shouldn’t come as a surprise. I know Google knows essentially everything there is to know about me—and you probably do, too. With its algorithms and analytics tools, it probably knows more about me than I know about myself (statistically, I most frequently search Google at 10 AM on Tuesdays in March). But presented in its totality, it's still a bit creepy to look at a history of every single Google search you've ever done.

​The company has now made it possible for you to export that history and download it from its servers. In one ZIP file, you can have a ​timestamped history of every random bit of trivia or thought you've ever had; of every restaurant you've ever cared to Yelp; of the times you looked up whether that movie you wanted to see was actually any good.


It has a record of the times you've looked up hangover cures and searched weird symptoms to perform a self diagnosis. It knows that you looked up the address to the hospital to visit a loved one and it knows that you didn't know the address to the funeral home a week later. And it knows every time you didn't turn on Incognito mode to search for porn.

Again, this is not necessarily surprising, but it is striking. We know Google uses its connected products and the information it has on you to help target ads and to personalize your experience, which makes using Google feel seamless. Maybe you’re fine with that—lots of people are willing to trade privacy for convenience, or for something that costs them no money. But what if you’re not?

​It’s possible to change your settings so that Google doesn’t link your search history to your account. That’s a start, but Google still logs searches according to IP addresses, which can still be potentially tied back to you. You can also consider using a company like Duck Duck Go, which runs a “search engine that doesn’t track you.”

Google’s not the only one who uses your search history, of course. The record it has can be and often is ​subpoenaed by the government or by law enforcement.

In the first half of last year (more recent data is not yet available), the US requested user information, including search history, from Google 12,539 times. Google complied in 84 percent of cases. There are concerns that the NSA can tap the data as well. Google says that “only you can see your history,” but how true is that, really?

Source:  http://motherboard.vice.com/read/reminder-google-remembers-everything-youve-ever-searched-for 

Categorized in Search Engine

Under Europe's "Right to be Forgotten" law, citizens there can petition Internet search providers such as Google to remove search results linked to personal information that is negative or defamatory. In many cases, these links lead to information about accusations of criminal activity or financial difficulties, which may be "delisted" if the information is erroneous or no longer relevant. 

But "gone" doesn't always mean "forgotten," according to a new study by researchers at the New York University Tandon School of Engineering, NYU Shanghai, and the Federal University of Minas Gerais in Brazil.

"The Right to Be Forgotten has been largely working and is responding to legitimate privacy concerns of many Europeans," said New York University Professor Keith Ross. "Our research shows, however, that a third-party, such as a transparency activist or a private investigator, can discover many delisted links and determine the names of the people who requested the delistings." Ross, the Leonard J. Shustek Professor of Computer Science at NYU Tandon and dean of engineering and computer science at NYU Shanghai, led the research team, which included Professor of Computer Science Virgilio Almeida and doctoral students Evandro Cunha and Gabriel Magno, all of the Federal University of Minas Gerais, and Minhui Xue, a doctoral student at NYU Shanghai.

They focused only on requests to delist content from mass media sites such as online newspapers and broadcast outlets. Although the law requires search engines to delist search links, it does not require newspaper articles and other source material to be removed from the Internet.

A hacker faces a fairly low bar if he or she knows a particular URL has been delisted. Of 283 delisted URLs used in the study, the authors successfully determined the names of the requesters in 103 cases.

But the authors also demonstrated that a hacker can prevail even when the URL is unknown, by downloading media articles about topics most commonly associated with delisting, including sexual assault and financial misconduct; extracting the names from the articles; then sending multiple queries to a European Google search site to see if the articles were delisted.

The researchers estimate that a third party could potentially determine 30 to 40 percent of the delisted mass-media URLs, along with the names of the people who made the delisting requests. Such hackers do exist and have published the names of people who requested delisting, thereby opening them to even more public scrutiny - the so-called "Streisand effect," a phenomenon, named for the reclusive star, whereby an attempt to hide a piece of information has the unintended consequence of publicizing the information more widely.

Their results show that the law has fundamental technical flaws that could compromise its effectiveness in the future.

Demographic analysis revealed that the majority of requesters were men, ages 20-40, and most were ordinary citizens, not celebrities. In accordance with the law, Google delisted links for persons who were wrongfully charged, acquitted, or who finished serving their sentences, among other privacy issues.

The researchers believe that defenses to these privacy attacks are limited. One possible defense would be for Google to never display the delisted URL in its search results. (Currently, Jane Doe's delisted robbery article would not show up when her name is used in a search, but would do so if the name of the bank were searched, for example.) This defense is not only a strong form of censorship, but can also be partially circumvented, they said.

A French data protection authority recently ordered Google to delist links from all of its properties including Google.com, in addition to its search engines with European suffixes. Google has so far refused, and the dispute is likely to end up in European courts. "Even if this law is extended throughout all of the Google search properties, the potential for such attacks will be unchanged and they will continue to be effective," said Almeida of the Federal University of Minas Gerais.

The researchers noted that they will never publicly share the names discovered in association with their analysis. They informed Google of the research results. 

Source:  http://phys.org/news/2016-06-weak-europe-forgotten-privacy-law.html 

Categorized in Internet Privacy

IT security experts are developing a new method for detecting and fixing vulnerabilities in the applications run on different devices – regardless of the processor integrated in the respective device.


The number of devices connected to the Internet is continuously growing – including household appliances. They open up numerous new attack targets 

IT security experts from Bochum, headed by Prof Dr Thorsten Holz, are developing a new method for detecting and fixing vulnerabilities in the applications run on different devices -- regardless of the processor integrated in the respective device.

In future, many everyday items will be connected to the Internet and, consequently, become targets of attackers. As all devices run different types of software, supplying protection mechanisms that work for all poses a significant challenge.

This is the objective pursued by the Bochum-based project "Leveraging Binary Analysis to Secure the Internet of Things," short Bastion, funded by the European Research Council.

A shared language for all processors

As more often than not, the software running on a device remains the manufacturer's corporate secret, researchers at the Chair for System Security at Ruhr-Universität Bochum do not analyse the original source code, but the binary code of zeros and ones that they can read directly from a device.

However, different devices are equipped with processors with different complexities: while an Intel processor in a computer understands more than 500 commands, a microcontroller in an electronic key is able to process merely 20 commands. An additional problem is that one and the same instruction, for example "add two numbers," is represented as different sequences of zeros and ones in the binary language of two processor types. This renders an automated analysis of many different devices difficult.

In order to perform processor-independent security analyses, Thorsten Holz' team translates the different binary languages into a so called intermediate language. The researchers have already successfully implemented this approach for three processor types named Intel, ARM and MIPS.

Closing security gaps automatically

The researchers then look for security-critical programming errors on the intermediate language level. They intend to automatically close the gaps thus detected. This does not yet work for any software. However, the team has already demonstrated that the method is sound in principle: in 2015, the IT experts identified a security gap in the Internet Explorer and succeeded in closing it automatically.

The method is expected to be completely processor-independent by the time the project is wrapped up in 2020. Integrating protection mechanisms is supposed to work for many different devices, too.

Helping faster than the manufacturers

"Sometimes, it can take a while until security gaps in a device are noticed and fixed by the manufacturers," says Thorsten Holz. This is where the methods developed by his group can help. They protect users from attacks even if security gaps had not yet been officially closed.

Source:  https://www.sciencedaily.com/releases/2016/06/160609064300.htm

Categorized in Internet of Things

Unless you’ve specifically told it not to, Google remembers everything you’ve ever searched for—a fact that’s been useful for artists, Google’s bottom line, law enforcement investigations, among many other things. We’ve all searched for stuff we probably shouldn’t have from time to time, but a web developer has decided to take the shared experience of regretting a specific search to its logical extreme.


“Ruin My Search History” promises to “ruin your Google search history with a single click,” and that’s exactly what it does. Click on the magnifying glass and it’ll take over your browser and immediately cycles through a series of search terms ranging from the mildly embarrassing (“why doesn’t my poo float,” “smelly penis cure urgent”) to the potentially relationship-ruining (“mail order paternity test,” “attracted to mother why”) to the type of thing that might get your name on a list somewhere (“isis application form,” “cheap syria flights,” “how to kill someone hypothetically”).


Jon, the developer who made it, says more than 500,000 people have ruined their search histories in the last 24 hours. He says about a quarter of the people who visit the site aren’t brave enough to click the button.






Originally, the site was going to be a tour of the internet’s most horrible images and videos, such as Goatse and Two Girls One Cup, to “quickly get you up to speed on 15 years of horrible internet,” Jon told me in an email.


“I thought better of that and went down the route of things you'd hate for people to see in your search history,” he said. “I tried to make a semi-story out of the searches to add to the horror. And added in the person's location to the queries (though people don't seem to have noticed that).”


It’s fun, mostly harmless, and if you squint hard enough, it might even be a bit subversive. I saw it as a bit of a comment on our lack of digital privacy, anyway.


“Really not sure how I came up with the idea originally,” Jon wrote. “It was probably sparked by the never ending surveillance saga in the news: Snowden, NSA, phone taps, metadata, who searches for what.” I asked Jon if he thought there’s something to the idea that if we all search for words that are likely to be on a watchlist somewhere, we can confuse the NSA or make a comment about mass surveillance.


“I had the idea that the best way to make the government’s search surveillance useless is for us all to be on ‘the list,’” he said. “Maybe it does a bit, but if that's enough to throw their surveillance off course, it's probably not great surveillance.”


After it was posted, the website quickly went to the top of Reddit’s /r/internetisbeautiful, where people immediately began to freak the fuck out over the inclusion of ISIS-related search terms. The reaction has been so visceral, in fact, that one of the moderators has had to step in and defend leaving the link to the site—which now has warnings all over it—on the page: “We've taken adequate steps to warn redditors that this link might be something you shouldn't just blindly click,” internetisbeautiful moderator K_Lobstah wrote in an incredibly long post. “I promise the NSA is not going to black bag you in your sleep (unless you are a terrorist). I promise the police are not calling a judge off his poker game tonight to obtain an emergency search warrant for your apartment.”


Jon says it’s gotten out of hand.


“The reaction on Reddit has been mental, some people seem to be legitimately freaking out,” he said. “I guess that's just the sad times we live in. We assume the feds will turn up and that we're actually guilty because we typed some words into the internet.”

Happy searching.


Source:  http://motherboard.vice.com/en_uk/read/ruin-your-google-search-history-with-one-click-using-this-website 

Categorized in Search Engine

Trying to remember were you've been? Google can help.

If you opt into being tracked, Google can record where you've been through Google Maps and your Android phone. Everything is logged in an interactive map called your Timeline that's accessible through your Google account.

Your Timeline can be useful if you like to look back at where you've been. If you also use Google Photos, the photos you take on your phone will be shown in your Timeline alongside where and when they were taken.

Here's everything you need to know about using your Google Timeline:

To access your Timeline, you have to turn on Location History. It can be enabled or disabled in your Google Settings on phones running Android 2.3 or higher. When you first set up your Android phone, Google will likely ask you to turn Location History on (it's not turned on by default).

Google tracks your location through Google Maps, which also works on the iPhone and the web. You can see your Timeline from your settings in the Google Maps app on Android.

Google tracks your location through Google Maps, which also works on the iPhone and the web. You can see your Timeline from your settings in the Google Maps app on Android.

Finding your Timeline through Google Maps on the iPhone is a little more complicated. We recommend just going directly to Google's website from an iPhone or desktop computer.

Finding your Timeline through Google Maps on the iPhone is a little more complicated. We recommend just going directly to Google's website from an iPhone or desktop computer.

Using Google Maps and having Location Tracking enabled on your phone will help make Google's tracking more accurate, but that's not the only way Google tracks you. The company also uses your "search and browsing info to make your timeline."

Using Google Maps and having Location Tracking enabled on your phone will help make Google's tracking more accurate, but that's not the only way Google tracks you. The company also uses your "search and browsing info to make your timeline."

Once you have Location Tracking turned on, you can see everywhere you've been on this map of the world.

Once you have Location Tracking turned on, you can see everywhere you've been on this map of the world. 

If you assign names to addresses for "Work" and Home" in Google Maps or with Google Now, they will be labeled the same way in your timeline.

If you assign names to addresses for "Work" and Home" in Google Maps or with Google Now, they will be labeled the same way in your timeline.

You can zoom into cities and neighborhoods from a certain day or time span.

You can zoom into cities and neighborhoods from a certain day or time span.

If you want to drill into where you went on a specific day, your Timeline will show you where you went in order along with specific times you moved around.

None animated GIF

Google even shows if you walked, drove, or were in a plane.

Google even shows if you walked, drove, or were in a plane.

It's a good way to visually see how you moved through an area.

It's a good way to visually see how you moved through an area.

If you use Google Photos, your Timeline will show photos you took while you were at a specific location.

If you use Google Photos, your Timeline will show photos you took while you were at a specific location.

If the idea of Google knowing where you've been is creepy, don't worry. Google says that your Timeline is "private and visible only to you." You can also turn it off or remove locations from your Timeline at any time.

If the idea of Google knowing where you've been is creepy, don't worry. Google says that your Timeline is "private and visible only to you." You can also turn it off or remove locations from your Timeline at any time.

Source:  http://www.techinsider.io/how-to-find-your-google-location-history-map-2016-6

Categorized in Search Engine

The Indian government recently refused to grant Google permission to cover India through Google Street View. The widely cited reason for this is security concerns, such as panoramic images available will aid terrorist attacks, and the sensitive areas such as nuclear establishments and defence areas can be exposed. It is suggested that this rejection is temporary, and will be reconsidered once the draft Geospatial Information Regulation Bill is finalised and passed. While the Geospatial Bill itself is widely criticised for the severe restrictions it places on the use of geospatial data, it can only resolve one half of the problem with the case of Street View – security concerns. Street View presents a more widespread issue – the issue of violation of people’s privacy through the taking and worldwide publishing of their images.

Geospatial bill can only tackle security issues

A mere photograph, particularly of sensitive areas, is dangerous from a security point of view. The 360 degree, panoramic, ‘feet on the ground’ photograph, as offered by Google Street View, is enough to get any reasonable government concerned. The Geospatial Bill, in its present form, is certainly broad enough to regulate Google’s Street View activities. The Geospatial Bill, however, makes no provision for safeguarding individual privacy. The government may, through its provisions, grant Google the permission to photograph Indian locations, but it cannot authorise Google to violate individual privacy.

Street View’s blurring policy is not adequate

The panoramic images as offered by Google obviously capture people, homes and other events at the location. Photographs are often taken without any warning, and certainly without the prior consent of the person getting photographed. Street View’s privacy policy states that information based on which a person can be identified, such as a person’s face and car license number plates are automatically blurred out. Often despite the blurring, a person can be identified. Street View therefore also allows people to request Google to blur out images which they feel are violative of their privacy.

The case of photographing of a home or any other personal property is relatively easy to resolve, since all a person has to do is access Street View, check that image and request blurring. The case of photographing individuals, on the other hand, is not as simple. It isn’t possible for a person to constantly check Google Street View to ensure that no compromising images of them have been caught. Images on Google Street View may be from a few weeks to a few years old. It is hardly possible for people to go back that far in time and ensure that their privacy is not infringed.

Street View Angkor Wat Google

Additionally, the blurring policies do not apply to user-contributed images, which means people’s faces, license plate numbers, etc., will not be automatically blurred out in such images. A person’s remedy will be to first try to resolve the dispute with the person contributing the image, and only if he fails can he ask Google to remove it. In the era we live in, any delay in removing such images can result in them being broadcast and viewed by the whole world. Moreover, images from Google Street View can be downloaded, and there will be nothing to prevent a person from saving such images before they are blurred out. Yet another problem is that Google retains the original, unblurred images. A limit of six months was attempted to be imposed on Google, but Google retains them for up to a year.

Right to privacy in public places under Indian laws

Interestingly, there are no Indian laws governing photography in a public place. The general rule is that in a public place, an individual cannot reasonably expect a right to privacy. For example, if a person is accidentally captured in a photograph of a public place, say a historical monument, taken on a smartphone, then he cannot claim that it violates his privacy. However Street View represents a different case. The photograph is taken without either a warning to the individual or the individual’s consent, and can be made available for (literally) the whole world to see, possibly for an eternity.

Indian laws provide people with recourse for certain images only. The Information Technology Act, 2000 and the Indian Penal Code, 1860, will protect people against the capture and publishing of certain types of images, such as capturing obscene images, private acts, capturing pictures of a woman without her consent, etc. The problem again is, that these laws are designed to protect people from acts such as voyeurism, and are certainly not designed to protect against a violation of privacy. A photograph of a person may simply be embarrassing, or a person may just not want his picture up on the internet. Surely, every individual has the right to decide whether or not he wants an image of his to be taken and published.

India’s draft Personal Data (Protection) Bill is perhaps better designed to protect this problem. It provides that no personal data, which is any data based on which a person can be identified, can be collected without the person’s prior informed consent. Until the Bill is passed, however, the only recourse available to people is under the right to privacy, as guaranteed under the Indian Constitution. This is broad enough to include the right to privacy in a public place as well.

Individual privacy must also be safeguarded before Street View is permitted

Other countries have begun to impose certain requirements on Street View, such as requiring it to inform the public in advance before it photographs that area, such as through the publication of an ad in a newspaper. Countries have also suggested that people be given the option of ‘opting in’ to be photographed instead of the current opt-out mechanism available with Google Street View. Any progress in the digital era is invariably involving a conflict between individual privacy and the public good. If Google Street View is for the public good, then the government must take adequate steps to protect not just national security, but also individual privacy.

Source:  http://tech.firstpost.com/news-analysis/privacy-concerns-with-google-street-view-should-be-addressed-before-permitting-it-in-india-320154.html

Categorized in Search Engine

Have you ever had your content stolen? If you have, I can relate.

Several years ago during the early days of BKA Content, we had just finished up a comprehensive redesign of our company website. This effort took time, money, and the creative talents of several people who put their hearts and souls into carefully crafting the content on our pages that would speak to the hearts of our audience.

A month or two after the launch of our newly redesigned site, I received a strange phone call from a man claiming he had just purchased our website and had some questions about how the website worked.

Since our website was certainly not for sale, I was completely confused by this claim and thus investigated to find out what had really happened.

Long story short, this man had purchased a “successful content creation” business from a popular online marketplace that sold websites. The creators (copiers, thieves, low lifes) that sold the site literally duplicated the text verbatim from our website, changed our images a little bit, and slapped a new company name on it and sold it to this poor man for a ridiculous sum of money. These idiots were so lazy that they even left our phone numbers on the page, which is how this man was able to contact us to ultimately find out he had been swindled by thieves.

This bizarre experience really helped me to understand firsthand how much stolen content can hurt. It wasn’t fair for these thieves to take the work that I spent time and money on and then duplicate it and call it their own.

While this is a pretty extreme example of blatant content stealing in order to turn a profit, the truth is that most content is stolen more subtly with scrapers and bots. These methods of duplicating content can be just as harmful as the experience I shared.

So I ask again, have you ever had your content stolen? If you aren’t sure, I’m going to show you how to find out and what to do about it.

Duplicate Content is Bad

Before I show you how to search for duplicate content, let’s briefly go over how Google deals with duplicate content.

In 2013, Google’s Matt Cutts said that 25-30% of the content on the web is duplicative. I’m sure that number is higher now, but that’s a butt load of copied content! Because duplicate content is so prevalent, Google does not penalize it. That’s right; Google does not penalize duplicate content unless it is pure spam.

So if there is no penalty for copying something, then why should we care who copies our content?

The biggest reason is that when duplicate content exists, it makes Google’s job harder to filter it and decide which version of the content to display in search results. This means the content you have spent time and money on creating may never show up in the results, but the thieves’ version of your content will.

Google’s failing to filter the original version of the content leads to site owners suffering lower rankings, lower traffic, and being less of a relevant authority in search.

The wrong content showing up in search engines can damage your brand’s authority and can undermine your content marketing efforts substantially.

The only instance when duplicating your content makes sense is when choosing to syndicate it. While I won’t get into the intricate details of how to do this, please note that great care should be taken to ensure you syndicate correctly to maintain proper attribution.

How to Find Stolen Content
1. Copyscape


Copyscape has been around for as long as I can remember, and still is considered to be one of the most reliable tools in finding duplicate content.

Copyscape allows you to check an existing URL for duplicate content on the web. This tool is free to use; however, the number of results are limited. If you want to be able to see more results, you’ll have to sign up for their premium account.

Copyscape Premium is ideal if you need to check content in bulk, or if you want to check content you haven’t even posted online yet at five cents per search.

If you want your website to be automatically monitored for copies of your content, their Copysentry service has two different plans that can check your content weekly or daily and then alert you when copies are found.


dmca scan

DMCA stands for The Digital Millennium Copyright Act which details the rights content owners have when they believe their content has been stolen.

DMCA.com allows for two free scans of your website to check for copied content. You can pay $10 a month for their Protection Pro plan to scan your website as much as you want per month.

Both the paid and free subscription options allow you to create a website certificate as well as badges to authenticate the ownership of your content to potentially deter thieves.

3. Google Alerts

Google Alerts is a simple way to quickly find copied content, and it’s FREE!

Create an alert by copying and pasting some of your content into the search query field. You can then set the parameters of whether or not you would like to be notified every day or once a week if Google finds copies.

It’s important to note that Google alerts searches for any of the words that you paste into the search query.

Example: If I put the sentence above into the search query, you can see the results it finds in the alert preview and the partial word matches in bold text:


This means that not all of the alerts may be accurate; however, it is easy to spot the true alerts since the results will match the entire string of words you put into your search query verbatim.

Example: If I use some ‘Lorum ipsum’ text, see how the entire string is reflected in the alert preview?


How to Get Duplicate Content Removed

1. Contact Them

I know this sounds simple, but I’ve experienced a lot of successful takedown requests this way. Most websites and blogs have a contact form, email address or phone number listed on the site.

Inform the offending site that the content has been stolen, provide a link to the original piece of content, and ask them to take it down immediately to avoid an official DMCA takedown complaint.

If the webmaster is slow to respond, or if your sensible request is being ignored, another option is to contact the offender’s web hosting service directly. There are several free websites that can help you get this information such as Who is Hosting This by simply typing in the URL of the offending website.


Once you have the information of the web host, follow the same steps as previously mentioned to contact them and report the content infringement. Most web hosting services do a great job of responding quickly, and in many instances take down the entire offending website.

2. Google

If you find out that someone else is reaping all of the traffic benefits by ranking well using your stolen content, you can file a DMCA complaint against them using Google Search Console.

If Google agrees with the complaint you file, then they will remove the stolen content from the search engines, thus rendering it completely useless to the offender.

Google asks for quite a bit of information in their form as they want to make sure they are justified in removing results. Take the time they require in order to give them all of the information to build your case.

It is important to note that Google takedown requests are per page only, so depending on how many pages of content have been copied, be prepared to spend some time here. Revenge is sweet, right?

3. Takedown Services

As you can see, getting people to takedown stolen content can take time and effort. For some webmasters, they are simply too busy to handle takedown requests on top of their normal workload. Thankfully there are several third party takedown services that can perform this whole process for you.

While cost can vary between these many services, the main benefit is that you can leverage their legal services to strike the fear of god into the face of your offenders to get fast results.

Do a simple “DMCA takedown services” search on Google to compare pricing and packages.


Don’t make the mistake of not knowing if your content has been stolen and where it is being duplicated. Finding out is quick, easy, and costs very little compared to the costs you can incur if left unchecked. I implore you to protect your content, fight the good fight, and don’t let the bad guys win!

Source:  https://www.searchenginejournal.com/3-ways-find-stolen-content-take-action/162831/

Categorized in Internet Privacy
Page 7 of 8

airs logo

Association of Internet Research Specialists is the world's leading community for the Internet Research Specialist and provide a Unified Platform that delivers, Education, Training and Certification for Online Research.

Get Exclusive Research Tips in Your Inbox

Receive Great tips via email, enter your email to Subscribe.

Follow Us on Social Media