
Google's Kenyan ripoff? - Chirag
http://boingboing.net/2012/01/13/google-fraudulently-solicits-f.html
======
blhack
Crossposting this from another thread:

Oh, malarky.

Here. I set up a page at <http://lab2.gibsonandlily.com/google.html>

Then I ran it through google translation services. Here is the result in
apache's log:

74.125.16.18 - - [13/Jan/2012:10:45:37 -0600] "GET /google.html HTTP/1.1" 200
327
"[http://translate.google.com/translate_p?hl=en&sl=fr&...](http://translate.google.com/translate_p?hl=en&sl=fr&tl=en&u=http://lab2.gibsonandlily.com/google.html&usg=ALkJrhjD8_-6RDHslD53lf9XsYx2_J1q4A)
"Mozilla/5.0 (Windows NT 5.1) AppleWebKit/535.7 (KHTML, like Gecko)
Chrome/16.0.912.75 Safari/535.7,gzip(gfe)

Look familiar? This one is tossing up windows NT, which is strange, but it
doesn't seem like a stretch that some of the machines at google for stuff like
this are running linux.

The scam here isn't being done by google, it's just a run-of-the-mill scammer
scamming and using google's name.

Dearest mocotality. Turning on referals in apache logs and you'll see where on
google this is coming from (if you care to).

Here is how:

in: /etc/apache2/apache2.conf (or whereever your apache configuration sits)
change the "Logformat" option to the following:

LogFormat "%h %l %u %t \"%r\" %>s %O \"%{Referer}i\" \"%{User-Agent}i\""
combined

and then use option:

CustomLog /var/log/apache2/access_log combined

(or whatever log path you want).

edit: to be clear, I'm not saying that they're using google translate, just
demonstrating that "It came from a google IP!" reveals approximately nothing.

edit2: it was pointed out in another thread that google is probably forwarding
my user agent to the site that is being translated. This makes perfect sense
(duh!) and closes the loop on the story. The scammers are using linux, which
is consistent with both networks that they were seeing in their logs.

~~~
JS_startup
A European Google VP just confirmed that it was not scammers or someone posing
as Google, it was Google employees.

~~~
ellyagg
This thread stands as a testament to the strong pro-Google bias in the
comments section of Hacker News. The bias is hard to prove, as any cultural
bias is, but it's nevertheless a tide ebbing against every discussion here.

The majority of comments, including the top rated one, were extremely
dismissive, e.g., "malarky", and glossed or contorted the facts repeatedly to
make it seem as though scammers could have easily been responsible for the
evidence trail. It was always beyond unlikely that scammers could have access
to a a Google corporate headquarters IP. Nor is, as was claimed in the
BoingBoing comments, spoofing IP addresses something that can done without
some vanishingly unlikely access to Internet infrastructure.

~~~
JS_startup
I have a theory that posits that the bulk of HN's subscribership is made up of
Google employees who are here to astroturf. Initial test results: inconclusive
but promising.

~~~
alphamale3000
Of course, they have 20% of their work-time to invest in astroturfing HN ;-)

------
moshthepitt
There's an interesting twist in this tale.

Have a look at: [http://blog.mocality.co.ke/2012/01/13/google-what-were-
you-t...](http://blog.mocality.co.ke/2012/01/13/google-what-were-you-
thinking/#comment-488)

It says: "OMG!!!!! We received a call on the office line (the one listed on
Mocality) from India stating that they were offering website services. I think
the guy on phone was Deepak or something (it sounded almost like a scam) the
guy said he was from Google Kenya blah blah, we refused the offer as we
already have a site. Then few days ago I was just searching our page when I
stumbled upon our site on .kbo.co.ke site…I mailed them n told them to take it
down! aaaaaaaarg!!!!!!"

\--- This is one of the small businesses contacted by 'Google'. SO it seems
that after they got the call, they later saw their business website put up on
kbo.co.ke (which is Google owned).

Doesn't this sound like further proof that this is Google sanctioned?

~~~
notahacker
Not really. A small businessman gets cold-called by an SEO/Adwords agency
offering to "get you on Google" at a one time special offer. Intrigued, they
search Google for their business and find quite a lot of websites referring to
their business they didn't know existed before. Connected?

Kbo.ke publicly advertises web hosting for free, and by the sounds of it might
be automatically populating the listings. So its a reasonable assumption that
someone trying to charge Ks 200 per month for their[?] web hosting service
might be aware of the potential to exploit Kbo's existence but isn't acting
with their blessing...

~~~
uxp
My previous small business would receive cold calls from people claiming to be
"with Google" or "working with Google" to sell me SEO services weekly. I can
see how non-technical business owners who don't understand how "the internets"
work could see that as a direct association, and blaming Google themselves
when they dont receive what was advertised or if the relationship goes sour.

I haven't checked, but it might be beneficial for Google to come out and say
that they will never work with businesses directly to increase their online
exposure outside of allowing the business to buy ad space through their
official self-serve Adwords platform.

~~~
notahacker
Then again, Google _do_ have certified Adwords professionals and partner
companies whose name they don't want to sully with some widely misunderstood
statement, and even some of the least reputable search engine agencies
offering ad-buying as a service probably have a _net_ benefit on Google's
bottom line

------
danko
Google is precisely the brand that a non-Google third-party would use to
launch a scam like this, so I'm going to wait a few hours before getting the
flamethrower out. This really doesn't seem like Google's style from a
_technical_ quotient, even if you ignore the ethical angle.

~~~
eof
According to the main source ([http://blog.mocality.co.ke/2012/01/13/google-
what-were-you-t...](http://blog.mocality.co.ke/2012/01/13/google-what-were-
you-thinking/)), after setting up the sting, there were a bunch of hits
straight from google HQ.

    
    
        These new accesses were coming directly from Google’s network.
        The IP address 74.125.63.33 made 17,645 requests (15,554 to BusinessProfile.aspx). Activity really kicked off on 22 December 2011, with 8 different user agents mostly running Chrome on Linux: The top 3 are :
        Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/535.7 (KHTML, like Gecko) Chrome/16.0.912.63 Safari/535.7 11249 64.268982
        Mozilla/5.0 (Ubuntu; X11; Linux x86_64; rv:9.0.1) Gecko/20100101 Firefox/9.0.1 4247 24.264412
        Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/535.2 (KHTML, like Gecko) Ubuntu/10.04 Chromium/15.0.874.106 Chrome/15.0.874.106 Safari/535.2 1000 5.713306
        Search for “tag=mo.request 74.125.63.33″ from 20 December 2011 to 9 January 2012. Found 17,049 requests

~~~
danko
Granted, but there's a potential that this is being launched by an
enterprising Google employee, and not as a part of a corporate stratagem.

Of course, if it _is_ corporate strategy, I suppose the big G could always get
an employee to take the fall and tar them as a "loose cannon" for press
purposes, but I guess I'm still clinging to the shards of "Don't Be Evil".

~~~
notahacker
I'd hope _enterprising_ Google employees had bigger ambitions than selling
small business web hosting for $2.50 per month via call centres.

As for the corporate behemoth themselves, if they wanted a better directory of
Kenyan businesses, then buying Mocality would hardly dent their acquisitions
budget. It would certainly be a far more effective way of obtaining it than
manual browsing and data collection via call centre operatives' personal gmail
addresses. The idea the world's largest provider of free internet connectivity
is looking to branch out into paid webhosting in LEDCs doesn't pass the smell
test either.

------
JS_startup
If the statement about the Mountain View IP address is true then it's hard to
imagine that these were scammers masquerading as Google.

My bet? Google's statement will blame some third party contractors or a
miscommunication. Massive damage control and fire fighting for the rest of the
day.

~~~
Zirro
Except for Kenya, I can only see India mentioned in the original article. Am I
missing something, or is Boing Boing publishing incorrect information?

~~~
JS_startup
_Shortly after, that IP range stopped visiting Mocality's servers, but another
range, this one registered to Google's Mountain View headquarters [edit: this
address has previously been used to conduct official Google business in
India].._

The article is implying that the IP range was one that has been officially
used by Google for international business in the past, making it the smoking
gun in their accusation.

~~~
Zirro
I see. I'm not sure if that edit was there when I first read the article.
Thanks for the clarification, anyway.

------
mynegation
My guess is that these things are done by rogue Google employee or contractor.
Hypothetical profit from this kind of behavior is not worth a tiny bit of
potential reputation damage.

~~~
rmc
Or just someone pretending to work for Google. Conmen do that sort of thing
all the time.

~~~
redwood
Thing is, conmen wouldn't target Kenya (except for Kenyan conmen and I doubt
Kenyan conmen would spend money to hire a large team in India...) they'd go
for where the bigger money is. Only mega-companies are working hard
everywhere, including the developing countries.

------
swalsh
I'm eagerly awaiting a response from google on this. Frankly I suspect that
these guys are not actually associated with Google. Google isn't the kind of
company that would hire an army of employees to manually click through a
website to cold call people.

~~~
vasco
I don't believe this is google just because of all the manual labor involved.
Google would scrape the whole site and call people with pre-recorded messages
or something. The operation would be fully automated. I actually don't have
any opinion wether they would do it or not, but I doubt manual labor would be
involved if that was the case.

~~~
peteretep
No, the reason it's not a sanctioned Google business process - amongst any
other number of reasons - but the one that is _important_ is that there is NO
GOOGLE SIZED REVENUE in scamming small Kenyan businesses, and there is a huge
huge PR downside.

Whether it's the work of rogue employees or a third party, we'll see.

~~~
dean
I agree. Google is not dumb enough to do this. Talk about no upside and all
downside! Risking your reputation for the equivalent of a few pennies is
ridiculous. Scamming African small businesses, of all things, that's making
money the hard way.

------
nl
Let's assume it was Google that did this, and let's assume that it was non-
authorised behaviour by a branch office. (I hope for their sake this isn't the
case, but there is more than enough evidence to make it possible)

What should Google do?

Obviously they shouldn't dodge the responsibility, but also they should try
and repair the damage somehow.

What is an appropriate course of action for them? Paying damages? Transferring
customers?

I can't think of any good options, really.

~~~
felipe
Blame a third-party! It wouldn't be the first time they do it:

[http://tech.slashdot.org/story/07/04/08/1824210/google-
faces...](http://tech.slashdot.org/story/07/04/08/1824210/google-faces-
plagiarism-questions-over-chinese-software)

[http://www.pcworld.com/article/130502/google_admits_using_ou...](http://www.pcworld.com/article/130502/google_admits_using_outside_source_for_chinese_app.html)

~~~
nl
They seem to have fixed that problem in a weekend, or am I missing something?

I'm unclear what you are saying - do you expect perfection from Google? I
don't - mistakes happen. But I do expect them to fix things when they do
something wrong.

~~~
felipe
What I mentioned was not simply a mistake. They fully knew what they were
doing (i. e.: plagiarizing an existing solution), and then they "fixed" it
only when they actually got caught.

------
raphman
It seems this Google IP address was associated with a blog spam scanning bot
some time ago: [http://www.techjournal.info/2009/12/who-is-
abuseiampromcorpg...](http://www.techjournal.info/2009/12/who-is-
abuseiampromcorpgooglecom.html)

------
hackNightly
I have to admit, this is a little strange. I guess my main question is why
does a company as large as Google need to solicit money from any business? Let
alone Kenyan businesses well outside the scope of it's main customer base?

~~~
guard-of-terra
A local Google office might do some funny things. Using the autonomy they've
got. The program in question is confined to Kenya.

~~~
josefresco
The only evidence _so far_ of this program is from Kenya. To state with
certainty that it's confined to Kenya at this point would be a stretch.

------
ColinWright
See also: <http://news.ycombinator.com/item?id=3460033>

------
rmc
Let's not jump the gun here. Let's keep the pitchforks at bay till we find out
what's going on first.

~~~
danmaz74
Agreed. But Google needs to give a good explanation... at internet speed. And,
if this is true and someone at Google is involved, there should be
consequences.

~~~
numbsafari
Google needs to give a good explanation, but they should only do so when they
have all the facts and a proper handle on the situation.

I see this as the exact type of situation that, in the past, Apple has taken
its time to respond to.

Rather than move in haste and make a misstatement, it's better to gather all
the facts and be fully prepared for all of the obvious questions than to have
to go back and restate something later on.

------
brown9-2
There is another possibility here that I haven't seen mentioned yet:

Someone fraudulently representing Mocality attempted to start a joint Google-
Mocality venture. Google was misled, and no one at Mocality was aware of the
fraud, meaning neither party is guilty.

~~~
shimon
Is it really plausible that Google would agree to a partnership and provide
payment to a false Mocality representative without even speaking to the
Mocality CEO? We can't rule this out without more knowledge of the case, but
it seems very far-fetched.

~~~
brown9-2
It's not hard to imagine that someone could fraudulently claim to be
Mocality's CEO either. How often do you verify someone's ID in a business
meeting?

~~~
notahacker
That suggestion reminds me of Ali Dia, the very limited footballer who ended
up playing a game in the English Premier League after Southampton signed him
on doubtlessly generous wages without bothering to check whether the call from
legendary George Weah recommending his "cousin" was genuine, or whether a
player called Ali Dia had ever played internationally for Senegal or Liberia.

<http://en.wikipedia.org/wiki/Ali_Dia>

------
joshaidan
I would be interested in knowing what the browser client was set to in the
HTTP GET request. That would be something to grab next time something like
this happens.

~~~
waitwhat
_I would be interested in knowing what the browser client was set to_

You mean the User-Agent? It's referenced all over mocality's blog post
[http://blog.mocality.co.ke/2012/01/13/google-what-were-
you-t...](http://blog.mocality.co.ke/2012/01/13/google-what-were-you-
thinking/)

~~~
joshaidan
Yeah, User-Agent. I read the boingboing post and not the original Mocality
post. Thanks.

------
majani
The articles on the web are wrongly portraying Mocality as the little startup
that could. Truth is, Mocality is a division of a 14 billion dollar media
giant called Naspers. Not saying that Google is right or anything, but I think
some people are getting fired up because they view this as a David vs. Goliath
story, and it really isn't.

------
Tichy
I can't help laughing at all the people jumping to conclusions, quoting the
"don't be evil" mantra and so on. Why not wait a little bit until the fog
clears up? Disappointing that boing boing also coins the phrase "Google's
Kenyan ripoff", as if they were already certain of their guilt.

Will be interesting to see which news outlets will ride along with it for
cheap thrills ("Goolge might be involved in a scam" etc). My guess is: most of
them.

------
orijing
Here's the original post: [http://blog.mocality.co.ke/2012/01/13/google-what-
were-you-t...](http://blog.mocality.co.ke/2012/01/13/google-what-were-you-
thinking/)

------
yonasb
Lots of possibilities, but if Google isn't behind this then they should have
been close enough to the local biz communities to have heard of it and stopped
it

------
badclient
To be clear, I wouldn't consider the scraping of their data as a _ripoff_.
Border-line unethical? May be. But far, far from a ripoff.

The ripoff can be if google was trying to use their name which would
effectively be phishing. I don't see them really pushing hard on that
accusation.

~~~
timerickson
Scraping their data is against the TOS you have to agree to before using it.
So yes, it is illegal if they're violating the TOS.

------
mbaukes
Bad google ....bad google!

------
portentint
Seems a little too clumsy for Google. I WILL say, though, that their PR
handling of late makes them more vulnerable to this kind of BS. "Don't be
evil" only works if you aren't, well, EVIL.

------
bh42222
IP addresses are easy to spoof. Did Mocality try to figure out if it was
really Google's IPs, or just someone faking them?

~~~
brazzy
IP addresses are _not_ easy to spoof if you want receive an answer to your
packets. In fact, they're pretty much _impossible_ to spoof unless you control
a router between the target and the IP address you want to spoof (though
that's not really spoofing anymore at that point, more like capturing).

~~~
lukeschlather
How hard is it to bribe a sysadmin on the backbone routers in Kenya? Better
yet, how hard is it to become a sysadmin on the backbone routers in Kenya?

Of course there are a dozen Google services that could let you serve a webpage
from some Google IP, so router-level spoofing seems a bit farfetched for this
scenario.

~~~
prostoalex
>> Better yet, how hard is it to become a sysadmin on the backbone routers in
Kenya?

Pretty damn hard [http://jobsearch.monster.com/search/sysadmin-on-the-
backbone...](http://jobsearch.monster.com/search/sysadmin-on-the-backbone-
routers_5?q=IP-Spoofing&where=kenya)

