Last year, a hacker recorded over 40 calls to the Secret Service and the FBI in one day, without anyone finding out. I think most people in here would agree that that was a bad idea.
People on Twitter and the news talked about it, and some people even accused him of being a fraud of a government agent. Some people called him a moron. My friends call me Bryan. The point is not that sensational headline, albeit it is kind of sensational. It’s why I did what I did and for why I’m here.
Wiretapping the Secret Service can be easy and fun. If you haven’t figured out that that is satire, then we need to have a whole other discussion. This was the front-page article on Valleywag. It made it to KOMO and a variety of different places. The reason all of this came up was because of this.
What you see on the right is a common map search for a local business – an auto-glass repair category. On the left – same search, same city in Orange County – auto-glass repair. There are fake businesses in these listings, and they look just like the real ones. There isn’t a person in this room who’d probably be able to make an educated guess as to which one is which. On the left, there are six fake businesses in the Google listings, and on Whitepages, anyone care? Ten out of ten – they’re all fake. They’re all controlled by one person. This one person found a way to manipulate the variety of local business systems, like Yelp, and Angie’s List, and Bing, and especially Google Maps, which is the target.
They have the most traffic, they generate the most business – if you’re on Google, you’re set. So what happens? They bumped off the original ten placeholders, and they no longer get the phone calls they rightly deserve. This is a scam. This has been going on since directories even started. Before the internet, there were actually people in Yellow Pages doing the same thing with alphabetical listings.
They would all name their businesses “AAA,” “AA,” “AAAA,” to get at the front of the category. People have always found a way to game the system. Problem is now, no one knows it’s happening, and it’s happening in every city, in every country, every category that services businesses and consumers, and there are over 50 major categories that this is just epidemically bad.
Another problem that’s actually come to light recently is – What you might be familiar with in a typical Google search is at the top, there’s a Google AdWords. These are the advertising results that people in businesses have paid for.
And what you see here, and it’s a little blurry, my apologies, it says, “$15 locksmith service 24 hours a day, 20 minute response time.” I don’t know a single locksmith in this country that will drive to you and service you for $15 for any type of – They wouldn’t even give you a handshake for $15. It’s not worth the gas, it’s not worth the labor. This is bait and switch.
It’s a very common thing in fraud textbooks. It’s a price they have absolutely no intention of fulfilling, and they will charge you through the nose because you can’t afford not to pay them, or they’ve already done the service, and then they use intimidation. You’re locked out of your car. It’s 11 o’clock at night. You’re in a bad neighborhood. They show up because you clicked on an ad that said “$15 service,” and now it’s 350, and they make you go to the ATM and pull money out. What if it’s your grandmother? Your wife? Your sister? This happens and it’s been in the media, but no one picks it up because this problem is so complex, and big, and multijurisdictional, the FBI and the Secret Service don’t want to touch it, the attorneys general; there are so many different pieces, and we have to start at the original root of the problem.
This man ran a business called the Serbian Crown; this is in Wired magazine. Hackers who didn’t like him turned his business hours for the weekend to nothing. They just deleted his availability on the weekends, and it single-handedly killed his business in less than a month. He had to shut his doors. He was open for two decades or more – I think even longer.
So I approached Google. I told them all of the different methods that these guys are using – the exploits, the ways that they beat the ranking systems – and I was pleasantly surprised by them doing absolutely nothing. So I started creating some funny listings to maybe get some social following, and this one was my personal favorite: the Snowden Super Secret Hiding Place on the White House lawn.
You can see why they chose that for the main website image. So I walked into the Secret Service office after recording phone calls. I didn’t have a lawyer with me. I had no idea what was going to happen other than I kind of needed to be there because if I got caught, I think it arguably would have been a first-class vacation to Guantanamo Bay, and although I was in the Marines, I don’t want to be reunited with them there. And orange isn’t exactly my color.
What I did was very simple. I created a very identical Secret Service listing with a different phone number, and as you can see, this one at the top has three reviews, 202 area code, this one has a 425 area code, same address, more pictures. I deleted their reviews in less than five minutes, and I added reviews of my own that were fake. Took less than 20 minutes, beginning to end. The positions switched because mine suddenly had more “hidden points,” which then meant anybody who looked for the Secret Service, anywhere in the country for this specific one, got mine, and that phone number forwarded to them, and I could record both sides of the conversation without ever touching their systems.