The 3 Most Used Hacker Campaigns of 2017, Identified by Google

The Google Docs phishing scam that wreaked havoc on people’s Gmail accounts was widely reported, but it was far from the only security threat to affect people’s digital worlds recently. Every day, internet users are fending off attacks left and right from hackers and nefarious groups — and they probably don’t even realize it, thanks to the security tools and systems companies like Google have built into their products and applications.

At the Google I/O conference in Mountain View, California this week, three Google engineers highlighted the ways people could identify signs of a hack, make repairs, and create barriers to prevent future security threats. Although the presentation was geared to developers and website operators, the tips are incredibly valuable to anybody who cares about personal security.

In particular, Google engineer Eric Kuan went over the three most popular hack campaigns the company’s security team has seen over the last few years, and gave some detail as to what they look like and what they entail. “We’ve been able to create really good documentation for each one of these hacks,” he told attendees.

Anyone on the web is capable of stumbling on these threats and identifying them using a few context clues.

When you do an internal search of a site affected by a gibberish, the page title heads look legitimate. A closer look at the URLs and descriptions, however, illustrate where the gibberish part comes from. Clicking on these pages leads to a redirect to spammy sites.

1. Cloaked keywords & link hack

This is where certain pages on a website are flooded with what look like relevant links to useful services or information that seem to be in line with what’s part of a website Do Not Click!’s purview.

Title heads for the pages might seem legitimate to some extent, but the URLs and descriptions are swimming with nonsense not unlike what’s done to pages created by the cloaked keywords hack. Gibberish hacks are becoming more and more common since they require less work by the attacker — all someone has to do is append a site’s pages with bad links, and visitors are ushered away into a world of dubiousness.

2. Gibberish hack

3. Japanese keywords injection:

“When you get hacked,” engineer Elie Bursztein told the audience, “the consequences are pretty severe. You lose the trust of your user.” Few people want to be on the receiving end of that consequence.

The weird thing about this hack is that it doesn’t simply localize itself to sites originating from Japan. All kinds of sites can be affected. A search of the site will show which ones are the odd players out.

Kuan explains that while identifying the hack can help a website owner start the cleanup process and identify where the vulnerability began, this is an extremely daunting process. “You don’t even want to be in a position to clean up a website,” he said. “Prevention is key.”

If you’re a developer, backing up your site and updating the code are the two best things you can do to prevent hacks. Updating code is particularly thorny since it often leads to losses in plug-ins, or bugs in the user experience, but this is a lot better to deal with than an outright compromise in the website. “When you get hacked,” engineer Elie Bursztein told the audience, “the consequences are pretty severe. You lose the trust of your user.” Few people want to be on the receiving end of that consequence.