TNG/Earthling: Dealing With Hackers & Scammers


This is a post about the company responsible for the high ranks of this website and many others in their client portfolio. TNG/Earthling has been around since before Google launched, so their experience online is extraordinarily deep and enlightening.

When you control a lot of websites, you get exposed to a lot of bad players who target you just because you're there. But sometimes you become a target because your success is perceived as a threat. And sometimes the problems lie with your own clients. When you control not only the agenda but also the means to empower that agenda you may inadvertently piss off someone who is motivated enough to come for retribution.

TNG/Earthling, Inc. has been a player in the world of search engine optimization for a long time. The founder and principal, Bob Sakayama has many amazing war stories related to his work that reveal how unethical operators can attempt to thwart the natural order when things don't go their way. Often times the culprits act in ways that keep their real identities hidden, but the circumstances of their activity reveal their true agendas. One such example begins when TNG/Earthling achieved a very high rank for a legal website, specifically, the maritime website owned by the law firm Gordon Elias & Seely. This site was #1 in Google for "maritime lawyers" during the 2010 Deepwater Horizon disaster in the Gulf of Mexico, which exposed the petroleum giant BP to a huge legal risk. The parties injured on the rig sued all the players responsible for their safety and were represented by Steve Gordon, who they found as a result of that super high Google rank. The disaster and subsequent legal actions triggered a number of events that were extremely revealing as to the nature of the cyber world at that time - this was before the advent of social media, but a time when hackers for hire were become prevalent.

The development team at TNG/E became involved in these events as a result of servicing their client starting with a hack of the dedicated server hosting the high ranking legal website, which appeared to be punishment for the legal team's involvement in the law suits. The site was basically defaced and the content replaced with notices from a supposed Algerian hacker group, who proudly took credit for the hack and posted large graphic touting their hacking abilities. The timing of this defacement is very curious, and given the deep pockets of the principals involved made them suspects although clearly no smoking gun would ever be discovered. When looking into the hack, the security team at Hostgator told TNG/E that the hack was a result of a brute force attack, a technique where the hackers basically tried a large number of guesses before succeeding in accessing the server.

But Bob had special access to a credible player who told him that with an 8 digit password, it would take over a 100 years to cover all the possibilities. This site had a 12 digit password, making it virtually impossible to accurately guess that password during our lifetimes. By default, most Apache servers run with cpHulkd enabled. This is the "brute force manager" that locks you out after several failed attempts to log into WHM (WebHost Manager). Repeated failed attempts from an ip results in that ip being blacklisted so you'd need more than a couple hundred thousand unique ips to even bother trying brute force. If you're running Apache servers this should be a default. Bob's contact told him that because of this, no knowledgeable hacker would even try to use brute force. His source was himself an accomplished hacker who owed Bob a favor. A couple of years earlier, this hacker had suffered a very severe Google penalty - see Bob's quote in Forbes. Because TNG/E held the 3 highest ranking sites for searches for "Google penalty" he found Bob, who helped remove the penalty, earning the gratitude and respect of this incredibly robust hacker, who told Bob that if he ever needed his help... So that chit was called when the legal site was defaced and the probable technique used was explained in detail. The expert hacker told Bob that the most likely route was not direct - the hack was probably accomplished by first hacking into the email accounts of the developers where the server credentials could be found. The TNG/E dev team was able to confirm that indeed, the main developer's Gmail account was found to have been hacked. This small piece of information - that sophisticated hackers never used brute force attacks but instead went for email or other sources of the credentials is a critical piece of the puzzle that to this day is not fully comprehended by most of the people in charge of server security. It's why whenever credentials are sent via email they should be split into multiple messages so that one hacked email could not be used to gain access.

Since this hacking event, TNG/E experienced many security teams claiming to have found successful brute force attacks, but given the logic supplied by Bob's knowledgeable hacker the real security breach lay elsewhere in their management of credentials. Bob's expert hacker laid out exactly how these systems were breached. First the emails or other storage data was hacked and data was collected looking for "user" or "usr" or "email" or related in combination with data identified as "password" or "pw" or "pass" etc. Then those combinations were applied to the server login. This technique results in the security team observing multiple attempts, which suggest a brute force attack, but in reality the attack already has the credentials, just not the exact combination of user and password until the fortuitous attempt is made.

As mentioned in the first paragraph, in TNG/Earthling's world even clients can be the bad player. The most common problem for most online consulting businesses is a client that refuses to pay a legitimate invoice. Fortunately, TNG/E has a solution for this. It's a technique developed by TNG/E called SEO recourse. Bob Sakayama has used this technique of publicizing in Google's search results bad behavior to recover hundreds of thousands of dollars from deadbeat clients, unethical businesses, and even banks. If the business or person that owes you money and refuses to pay suddenly finds that the search for their name or trademark is full of articles that spell out their bad behavior it's very likely to incentivize payment once the reputational damage is compelling.

TNG/E has a lot of these stories, but one of the most entertaining is spelled out here. In mid 2009, TNG/E was the market leader in penalty remediation, and Trey Harris contacted TNG/E because his website at the time, had been severely penalized in Google. Bob quickly discovered the issue and got the site released. But Trey refused to pay, so Bob first warned him of the consequences of SEO recourse and when that didn't work, used it. After a few weeks, searches for "Trey Harris myrtlebeachnow" and many other related searches had the true story of their attempted fraud posted on a large number of websites and those posts took over the vast majority of results 1-15 in Google - see this screenshot. At one point, Trey had his lawyer, Reese Boyd III, send a threatening document to Bob hoping to intimidate him into backing off. But this act only added to the crazy story - now a business that owed money was attempting to use a threat of legal action to agree to pay if Bob would back off. The story gained traction the longer the debt went unpaid and was even featured in local papers in Myrtle Beach, where the business was located. Eventually, worn down by the intensely bad press, Trey paid - he even called Bob and apologized. An interesting side note to all this craziness - Trey Harris was and still is a local preacher, a pastor at a United Methodist Church.

There are many other incredible stories that center around the SEO work that TNG/Earthling and Bob Sakayama performed for clients. Like when Bob, as the guest speaker at an industry conference on Google penalties, took the business owners - oligarchs - down to meet the protestors at Occupy Wall Street. Or when TNG/E and Bob was fraudulently sued for making death threats by a client that tried to intimidate him from collecting a legitimate debt of over $180,000. Or when he received a call from a detective in Sweden informing him that his client had been murdered a day after having had dinner with Bob in NYC. Or when a grateful client who just wanted to meet Bob drove to TNG/E's office in NYC from Dallas in his pickup along with his dog, a glock and a sawed off shotgun. But we want to keep the length of this post within reason, so we're holding those stories for future posts.