Look familiar? This one is tossing up windows NT, which is strange, but it doesn't seem like a stretch that some of the machines at google for stuff like this are running linux.
The scam here isn't being done by google, it's just a run-of-the-mill scammer scamming and using google's name.
Dearest mocotality. Turning on referals in apache logs and you'll see where on google this is coming from (if you care to).
Here is how:
in: /etc/apache2/apache2.conf (or whereever your apache configuration sits) change the "Logformat" option to the following:
edit: to be clear, I'm not saying that they're using google translate, just demonstrating that "It came from a google IP!" reveals approximately nothing.
edit2: it was pointed out in another thread that google is probably forwarding my user agent to the site that is being translated. This makes perfect sense (duh!) and closes the loop on the story. The scammers are using linux, which is consistent with both networks that they were seeing in their logs.
This thread stands as a testament to the strong pro-Google bias in the comments section of Hacker News. The bias is hard to prove, as any cultural bias is, but it's nevertheless a tide ebbing against every discussion here.
The majority of comments, including the top rated one, were extremely dismissive, e.g., "malarky", and glossed or contorted the facts repeatedly to make it seem as though scammers could have easily been responsible for the evidence trail. It was always beyond unlikely that scammers could have access to a a Google corporate headquarters IP. Nor is, as was claimed in the BoingBoing comments, spoofing IP addresses something that can done without some vanishingly unlikely access to Internet infrastructure.
Indeed, I'm waiting for the (many) naysayers in these comment threads to apologize to the OP. While many preached not getting out the pitchforks and blaming Google until they had a chance to respond, that didn't stop them from immediately providing excuses and reasons why the OP had not done his homework or was full of 'malarky'.
I have a theory that posits that the bulk of HN's subscribership is made up of Google employees who are here to astroturf. Initial test results: inconclusive but promising.
This thread stands as a testament to the fact that HN, unlike other places, waits to see what is actually happening before sharpening the pitchforks.
The "evidence against google" here was razor thin, and we still haven't actually seen anything damning, just a sortof generic "we're looking into it and are pre-emtively sorry for what happened".
There's a difference between saying "let's wait to see what Google has to say, this could be something else." and saying "This is clearly bullshit." Is Cory Doctorow's reputation such that he should be so quickly dismissed?
The last paragraph from the report [emphasis mine]:
The conclusion is hard to escape: Google -- or people working on its behalf, with its knowledge and cooperation -- took the numbers of tens of thousands of Kenyan businesses from Mocality's database, then fraudulently solicited money from them by claiming to be in a joint venture with Mocality. This seems to me to be outright criminal activity, and Google has a lot of explaining to do.
The paragraph from a Google VP [emphasis mine]:
We were mortified to learn that a team of people working on a Google project improperly used Mocality’s data and misrepresented our relationship with Mocality to encourage customers to create new websites. We’ve already unreservedly apologised to Mocality. We’re still investigating exactly how this happened, and as soon as we have all the facts, we’ll be taking the appropriate action with the people involved.
Looks like the conclusion Cory found hard to escape was exactly the right conclusion.
Is Cory Doctorow's reputation such that he should be so quickly dismissed?
With all due respect to Doctorow, many on HN know quite a lot more about how the internet works than he does.
I know at least two ways to make arbitrary requests from a Google IP that haven't been mentioned on the comments to this story, and I don't claim any mad hackerz skillz.
I think the evidence pointed towards Google being responsible, and that's what I said. But I, and many others said to wait before drawing a final conclusion. I think that that's a reasonable approach.
If I wasn't clear in my post, I completely agree that it was reasonable to wait before drawing a final conclusion. My objection was to the outright dismissal of the claims by the top comment. And, for me, Doctorow's completely nailing the conclusion was impressive.
Why would Google employees do this? Such risky venture and for what? An extra bonus? Moving up the career ladder? Unless they were doing a startup privately, it makes no sense... why go through such desperate measures?
It makes one wonder if people in the search term can manually mess around with the results to promote their own interests.
To get the drop on an emerging market. Obviously the 200 rupee hosting costs are negligible, but becoming the de facto tech provider in an emerging market like Kenya is worth millions.
It says:
"OMG!!!!! We received a call on the office line (the one listed on Mocality) from India stating that they were offering website services. I think the guy on phone was Deepak or something (it sounded almost like a scam) the guy said he was from Google Kenya blah blah, we refused the offer as we already have a site. Then few days ago I was just searching our page when I stumbled upon our site on .kbo.co.ke site…I mailed them n told them to take it down! aaaaaaaarg!!!!!!"
---
This is one of the small businesses contacted by 'Google'. SO it seems that after they got the call, they later saw their business website put up on kbo.co.ke (which is Google owned).
Doesn't this sound like further proof that this is Google sanctioned?
Not really. A small businessman gets cold-called by an SEO/Adwords agency offering to "get you on Google" at a one time special offer. Intrigued, they search Google for their business and find quite a lot of websites referring to their business they didn't know existed before. Connected?
Kbo.ke publicly advertises web hosting for free, and by the sounds of it might be automatically populating the listings. So its a reasonable assumption that someone trying to charge Ks 200 per month for their[?] web hosting service might be aware of the potential to exploit Kbo's existence but isn't acting with their blessing...
My previous small business would receive cold calls from people claiming to be "with Google" or "working with Google" to sell me SEO services weekly. I can see how non-technical business owners who don't understand how "the internets" work could see that as a direct association, and blaming Google themselves when they dont receive what was advertised or if the relationship goes sour.
I haven't checked, but it might be beneficial for Google to come out and say that they will never work with businesses directly to increase their online exposure outside of allowing the business to buy ad space through their official self-serve Adwords platform.
Then again, Google do have certified Adwords professionals and partner companies whose name they don't want to sully with some widely misunderstood statement, and even some of the least reputable search engine agencies offering ad-buying as a service probably have a net benefit on Google's bottom line
Google is precisely the brand that a non-Google third-party would use to launch a scam like this, so I'm going to wait a few hours before getting the flamethrower out. This really doesn't seem like Google's style from a technical quotient, even if you ignore the ethical angle.
These new accesses were coming directly from Google’s network.
The IP address 74.125.63.33 made 17,645 requests (15,554 to BusinessProfile.aspx). Activity really kicked off on 22 December 2011, with 8 different user agents mostly running Chrome on Linux: The top 3 are :
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/535.7 (KHTML, like Gecko) Chrome/16.0.912.63 Safari/535.7 11249 64.268982
Mozilla/5.0 (Ubuntu; X11; Linux x86_64; rv:9.0.1) Gecko/20100101 Firefox/9.0.1 4247 24.264412
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/535.2 (KHTML, like Gecko) Ubuntu/10.04 Chromium/15.0.874.106 Chrome/15.0.874.106 Safari/535.2 1000 5.713306
Search for “tag=mo.request 74.125.63.33″ from 20 December 2011 to 9 January 2012. Found 17,049 requests
I've seen people justify this saying that it might be an app running on Google App Engine.
I wonder though if the GAE data center (or part of it) is in Google HQ.
Moreover, as someone (EDIT: the article's author) mentioned in the comments of the article When an IP address registered to Google HQ's internal network is fed a unique phone number, and one hour later that phone number rings from someone who claims to represent Google, and repeats fraudulent claims that have been made for months from entities selling a Google product (that has no affiliate program), it is reasonable to infer that this is taking place with Google's cooperation.
It's not GAE, but it is still possible it could be someone using the Google OpenSocial proxy[1]. Not many people know about that though, and I'm not sure it is flexible enough to set the header.
Granted, but there's a potential that this is being launched by an enterprising Google employee, and not as a part of a corporate stratagem.
Of course, if it is corporate strategy, I suppose the big G could always get an employee to take the fall and tar them as a "loose cannon" for press purposes, but I guess I'm still clinging to the shards of "Don't Be Evil".
I'd hope enterprising Google employees had bigger ambitions than selling small business web hosting for $2.50 per month via call centres.
As for the corporate behemoth themselves, if they wanted a better directory of Kenyan businesses, then buying Mocality would hardly dent their acquisitions budget. It would certainly be a far more effective way of obtaining it than manual browsing and data collection via call centre operatives' personal gmail addresses. The idea the world's largest provider of free internet connectivity is looking to branch out into paid webhosting in LEDCs doesn't pass the smell test either.
If the statement about the Mountain View IP address is true then it's hard to imagine that these were scammers masquerading as Google.
My bet? Google's statement will blame some third party contractors or a miscommunication. Massive damage control and fire fighting for the rest of the day.
Shortly after, that IP range stopped visiting Mocality's servers, but another range, this one registered to Google's Mountain View headquarters [edit: this address has previously been used to conduct official Google business in India]..
The article is implying that the IP range was one that has been officially used by Google for international business in the past, making it the smoking gun in their accusation.
My guess is that these things are done by rogue Google employee or contractor. Hypothetical profit from this kind of behavior is not worth a tiny bit of potential reputation damage.
Thing is, conmen wouldn't target Kenya (except for Kenyan conmen and I doubt Kenyan conmen would spend money to hire a large team in India...) they'd go for where the bigger money is. Only mega-companies are working hard everywhere, including the developing countries.
I'm eagerly awaiting a response from google on this. Frankly I suspect that these guys are not actually associated with Google. Google isn't the kind of company that would hire an army of employees to manually click through a website to cold call people.
I don't believe this is google just because of all the manual labor involved. Google would scrape the whole site and call people with pre-recorded messages or something. The operation would be fully automated. I actually don't have any opinion wether they would do it or not, but I doubt manual labor would be involved if that was the case.
No, the reason it's not a sanctioned Google business process - amongst any other number of reasons - but the one that is important is that there is NO GOOGLE SIZED REVENUE in scamming small Kenyan businesses, and there is a huge huge PR downside.
Whether it's the work of rogue employees or a third party, we'll see.
I agree. Google is not dumb enough to do this. Talk about no upside and all downside! Risking your reputation for the equivalent of a few pennies is ridiculous. Scamming African small businesses, of all things, that's making money the hard way.
Totally agree, I just don't see why on earth Google would want to do something like this with the ability for such awful backlash in exchange for what I think would be minimal bump in profit for a company like them.
I'm not commenting one way or another on the overall story, but when I read (paraphrasing) "tried to upsell a domain name" I got very suspicious. Domain names are pretty near zero-margin... unless you're scamming uneducated and unconnected small business owners by charging them way more than they cost.
I don't believe this is google just because of all the manual labor involved. Google would scrape the whole site and call people with pre-recorded messages or something.
for what it's worth, after i moved, google maps still showed that my old address was where my business was located. i filled out a short form saying it was not accurate any longer. there was no other contact information on the form, so i could have been anyone telling google a business had moved.
about a week later i received a call at my business number from an indian-sounding man asking if my company was no longer at my previous address. i could barely understand him, but he didn't say he was with google and once i confirmed that my business had moved, he hung up. shortly after that, my company was taken off of google maps.
so google is using manual labor, and they had to have done at least enough research to get my business phone number.
Having just checked, it's not Google App Engine. GAE appends the string "AppEngine-Google; (+http://code.google.com/appengine) " to the user agent regardless of what it's set to. But still, I agree there may well be another explanation.
Let's assume it was Google that did this, and let's assume that it was non-authorised behaviour by a branch office. (I hope for their sake this isn't the case, but there is more than enough evidence to make it possible)
What should Google do?
Obviously they shouldn't dodge the responsibility, but also they should try and repair the damage somehow.
What is an appropriate course of action for them? Paying damages? Transferring customers?
They seem to have fixed that problem in a weekend, or am I missing something?
I'm unclear what you are saying - do you expect perfection from Google? I don't - mistakes happen. But I do expect them to fix things when they do something wrong.
What I mentioned was not simply a mistake. They fully knew what they were doing (i. e.: plagiarizing an existing solution), and then they "fixed" it only when they actually got caught.
You're right. Ethics don't exist. Let's hope they weasel out of it and learn their lesson at the same time. Instead learning that they can break the lawn AND weasel out of it.
That doesn't sound to me what nl is talking about at all. He's asking what others would do if they were running Google. He's not suggesting that ethics don't exist.
I have to admit, this is a little strange. I guess my main question is why does a company as large as Google need to solicit money from any business? Let alone Kenyan businesses well outside the scope of it's main customer base?
Because Google needs to grow (shareholders and all that), and with a massive and cheap workforce you can actually pull things like this off (keep in mind it's not PHD's that are doing the cold calling).
Agreed. But Google needs to give a good explanation... at internet speed. And, if this is true and someone at Google is involved, there should be consequences.
Google needs to give a good explanation, but they should only do so when they have all the facts and a proper handle on the situation.
I see this as the exact type of situation that, in the past, Apple has taken its time to respond to.
Rather than move in haste and make a misstatement, it's better to gather all the facts and be fully prepared for all of the obvious questions than to have to go back and restate something later on.
For those unfamiliar, Cory Doctorow is a professional writer of fiction. Like my favorite sci fi authors, he crafts stories about an "imagine if these conditions were true, how would that world work" starting point. His selection in news carries a similar bent, he likes a news story that would be interesting if true. It's generally best to enjoy them as that.
Take a moment, imagine a world where Google actually does this, then remember that it is probably fiction and get on with life until you see the story reappear with journalistic research behind it.
Edit: I see Mr. Doctorow updated with a note that he contacted google and google is preparing a response. +1 for journalism.
Although Cory Doctorow is a professional fiction writer, he is also a journalist and writer. Just because he has written some scifi doesn't imply that he is some sort of pathological liar.
There is another possibility here that I haven't seen mentioned yet:
Someone fraudulently representing Mocality attempted to start a joint Google-Mocality venture. Google was misled, and no one at Mocality was aware of the fraud, meaning neither party is guilty.
Is it really plausible that Google would agree to a partnership and provide payment to a false Mocality representative without even speaking to the Mocality CEO? We can't rule this out without more knowledge of the case, but it seems very far-fetched.
It's not hard to imagine that someone could fraudulently claim to be Mocality's CEO either. How often do you verify someone's ID in a business meeting?
That suggestion reminds me of Ali Dia, the very limited footballer who ended up playing a game in the English Premier League after Southampton signed him on doubtlessly generous wages without bothering to check whether the call from legendary George Weah recommending his "cousin" was genuine, or whether a player called Ali Dia had ever played internationally for Senegal or Liberia.
IP registrations can also be wrong, and someone could also be saying they're Google, and running a scam that way.
Happens all the time with (semi-)legitimate firms acting as Adsense or Facebook Ads brokers. They often pull bait and switch tactics after you said you'd think about it.
I would be interested in knowing what the browser client was set to in the HTTP GET request. That would be something to grab next time something like this happens.
The articles on the web are wrongly portraying Mocality as the little startup that could. Truth is, Mocality is a division of a 14 billion dollar media giant called Naspers. Not saying that Google is right or anything, but I think some people are getting fired up because they view this as a David vs. Goliath story, and it really isn't.
I can't help laughing at all the people jumping to conclusions, quoting the "don't be evil" mantra and so on. Why not wait a little bit until the fog clears up? Disappointing that boing boing also coins the phrase "Google's Kenyan ripoff", as if they were already certain of their guilt.
Will be interesting to see which news outlets will ride along with it for cheap thrills ("Goolge might be involved in a scam" etc). My guess is: most of them.
Lots of possibilities, but if Google isn't behind this then they should have been close enough to the local biz communities to have heard of it and stopped it
Seems a little too clumsy for Google. I WILL say, though, that their PR handling of late makes them more vulnerable to this kind of BS. "Don't be evil" only works if you aren't, well, EVIL.
IP addresses are not easy to spoof. Most ISPs do egress filtering, and most TCP stacks use cryptographically-secure sequence number generation. This makes forging HTTP traffic nearly impossible in practice.
IP adresses are only easy to spoof if you do not intend to receive any ACK packages (or any other reply from the target, like web pages with phone numbers on them). For everything else you need the cooperation of a rogue ISP on the shortest path between the target and the legitimate owner of the address block, or a peering with well connected networks that allows you to mess with BGP, which would be hard to hide and probably cost you your peering agreements.
IP addresses are not easy to spoof if you want receive an answer to your packets. In fact, they're pretty much impossible to spoof unless you control a router between the target and the IP address you want to spoof (though that's not really spoofing anymore at that point, more like capturing).
How hard is it to bribe a sysadmin on the backbone routers in Kenya? Better yet, how hard is it to become a sysadmin on the backbone routers in Kenya?
Of course there are a dozen Google services that could let you serve a webpage from some Google IP, so router-level spoofing seems a bit farfetched for this scenario.
Oh, malarky.
Here. I set up a page at http://lab2.gibsonandlily.com/google.html
Then I ran it through google translation services. Here is the result in apache's log:
74.125.16.18 - - [13/Jan/2012:10:45:37 -0600] "GET /google.html HTTP/1.1" 200 327 "http://translate.google.com/translate_p?hl=en&sl=fr&... "Mozilla/5.0 (Windows NT 5.1) AppleWebKit/535.7 (KHTML, like Gecko) Chrome/16.0.912.75 Safari/535.7,gzip(gfe)
Look familiar? This one is tossing up windows NT, which is strange, but it doesn't seem like a stretch that some of the machines at google for stuff like this are running linux.
The scam here isn't being done by google, it's just a run-of-the-mill scammer scamming and using google's name.
Dearest mocotality. Turning on referals in apache logs and you'll see where on google this is coming from (if you care to).
Here is how:
in: /etc/apache2/apache2.conf (or whereever your apache configuration sits) change the "Logformat" option to the following:
LogFormat "%h %l %u %t \"%r\" %>s %O \"%{Referer}i\" \"%{User-Agent}i\"" combined
and then use option:
CustomLog /var/log/apache2/access_log combined
(or whatever log path you want).
edit: to be clear, I'm not saying that they're using google translate, just demonstrating that "It came from a google IP!" reveals approximately nothing.
edit2: it was pointed out in another thread that google is probably forwarding my user agent to the site that is being translated. This makes perfect sense (duh!) and closes the loop on the story. The scammers are using linux, which is consistent with both networks that they were seeing in their logs.