David vs. Googliath

Scroogle May Have Been a Victim of Hackers, Not Google

Was alleged LulzSec hacker Ryan Cleary responsible for the takedown of anonymized search engine Scroogle?

scroogle Scroogle May Have Been a Victim of Hackers, Not Google
The plot thickens! Yesterday we wrote about Scroogle, a nonprofit search engine that delivers Google results to a user without also collecting information for Google as the same time. Scroogle has been down for two days now, and an error page points a finger at the GOOG. “Google treats Scroogle like a bot because they see the traffic from our IP addresses as higher than normal,” the message says. “Searching Google with a bot is against Google’s terms of service, but Scroogle users are not bots. Is it ‘Terms of Service’ for Google, or is it ‘Terms of Monopoly’?”

Google says it did not target Scroogle specifically, but acknowledge Scroogle could have tripped a censor. “We do have automated systems to deter scraping or excessive queries to Google, and spikes in query traffic can cause issues for some sites,” a spokesman said in an email.

But now a tipster writes in with an image of a private forum post that appears to be written by Daniel Brandt, the militant privacy advocate who created the Scroogle engine as well as the sites Google Watch and Wikipedia Watch. There is no way to confirm the authenticity of the post, and Mr. Brandt has not responded to an email request for comment. Take what follows with a giant grain of salt.

But in the purported forum post, “Daniel Brandt” has a different theory than Scroogle presents in its error page. He identifies Ryan Cleary, the 19-year-old British hacker charged with cyber attacks attributed to the Hacker Collective LulzSec (although more specifically, he identifies Mr. Cleary’s girlfriend, for bringing over a computer).

Whether it was Mr. Cleary or friends of the same, this alternative theory proposes that the hacker orchestrated DDOS attacks, in which a flood of traffic overwhelms a site, against Scroogle and Wikipedia Watch out of personal malice for Mr. Brandt.

“It was clear by now that I was the target, and not just wikipedia-watch,” the post says. “The SYN_RECV that I captured in December showed that Scroogle IP addresses were targeted, and sometimes any other open port.”

The purported Mr. Brandt admits Google isn’t the real culprit—although if Google didn’t clamp down on IP addresses that were fetching search results, he wouldn’t have a problem.

“Scroogle has gone from 350,000 searches per day to about 200,000 per day,” the post says. “I blame Friends of Ryan Cleary. For the attempted searches that don’t go through, I show a screen blaming Google. After all, if Google hadn’t started this ‘mild’ form of throttling in March 2011, I could handle the load on two servers instead of six.”

Regardless of the cause, it sounds like the nonprofit that shares a name with a Cory Doctorow story is in trouble.

If you have any additional information on this, shoot us an email.

Follow Adrianne Jeffries on Twitter or via RSS. ajeffries@observer.com

Comments

  1. Public Information Research says:

    It wasn’t Ryan Cleary or anyone associated with Ryan Cleary. Daniel Brandt has a lot of enemies. Wikipedia-Watch was a website that was used as a blackmail tool against anyone who crossed Brandt. http://thereisajosephevers.blogspot.com/2011/09/official-online-review-daniel-brandts.html

    He is a paranoid old kook.

    1. Curt Sampson says:

      While Brandt may or may not be a paranoid old kook, that link clearly leads to someone more interested in denigrating Brandt than explaining him. From the very first word of the title the article assumes a baseless sheen of authority (it’s the “official” review? Of what office?) and only presents hearsay evidence as fact without further analysis.

      And of course the link was posted by someone whose name smells of spin: “Public Information Research.” After all, if politicians and lobbyists can start propaganda groups that are ostensibly unaligned with any faction, I suppose regular old Internet users can do that too.

      1. Leslie says:

        Yes of course, and Daniel Leslie Brandt is #1

        http://danielbrandtisstalking.me

      2. Accountability says:

         So you disagree that Wikipedia-watch was used by Daniel Brandt for the specific purpose of blackmail? That is non-factual according to you? I’m not seeing where the “spin” is here. Please elaborate.

      3. Curt Sampson says:

        Let’s just say I have seen no evidence that Wikipedia-watch was used for blackmail beyond unsubstantiated assertions from anonymous postings on the net, some from those who clearly dislike Daniel Brandt.

        If you have any real evidence that it was used for blackmail, by all means write it up. But show us some real evidence, please. If you want to be even more convincing, start using your real name for things so that we can see more about who you are and better judge your relationship (if any) with Mr. Brandt.

      4. Curt Sampson says:

        Let’s just say I have seen no evidence that Wikipedia-watch was used for blackmail beyond unsubstantiated assertions from anonymous postings on the net, some from those who clearly dislike Daniel Brandt.

        If you have any real evidence that it was used for blackmail, by all means write it up. But show us some real evidence, please. If you want to be even more convincing, start using your real name for things so that we can see more about who you are and better judge your relationship (if any) with Mr. Brandt.

      5. Accountability says:

         So you disagree that Wikipedia-watch was used by Daniel Brandt for the specific purpose of blackmail? That is non-factual according to you? I’m not seeing where the “spin” is here. Please elaborate.

      6. Accountability says:

         So you disagree that Wikipedia-watch was used by Daniel Brandt for the specific purpose of blackmail? That is non-factual according to you? I’m not seeing where the “spin” is here. Please elaborate.

  2. Metasonix metasonix says:

    And you’re a paragon of openness and fairness? Brandt has his issues, but he’s also compulsively honest.

    On the other hand, you’re slimy enough to steal the name of Brandt’s firm for your blog comment.

    1. Namebase says:

      Brandt honest? The whole point of this and the last article was that Brandt lied about Google blocking his site. The guy does not have an honest bone in his body. He lurks in secrecy and deceipt while trying to expose all those around him, and whether it takes the truth or a lie to accomplish that makes no matter to him.

      And his “firm”? lol.

      1. Asdfasdfa says:

        What the fuck is “deceipt” ?

      2. Wikipedia-watch says:

        It’s a misspelling for you to grasp onto instead of making a real arguement.

  3. Curt Sampson says:

    Sounds a little dodgy: my SYN attacks are ancient (dating from the mid-to-late 1990s) and my understanding is that pretty much all OSes should handle this just as well as they handle random packets addressed to them. (I.e., the kernel should not keep any state for SYN packets.) Also, spoofing source addresses should be pretty difficult these days, since I’d imagine that anybody with any sense is doing egress filtering on the source address. (Though of course a botnet is a much better attack tool, anyway.)

    1. An Observer says:

      Here’s something telling…

      Scroogle has ceased to work for me (after several days of an error message pointing the finger at google.).  This could point in the direction of Hackers or Google.  However my next piece of evidence:

      1.  Do a google search for scroogle.  Notice that http://www.scroogle.org does not come up.
      2. Go to Yahoo and search for scroogle.  Scroogle.org DOES come up first.
      3. Go to Bing and search for scroogle.  Scroogle.org DOES come up first.
      4. Go to ixquick and search for scroogle.  Scroogle.org DOES come up first.

      One of these things is not like the other… (points in the direction of Google)

      1.  Your “Google did it” explanation fails to satisfactory explain why wikipedia-watch.org, which was also ran by Daniel Brandt, is down as well.

      2. An Observer says:

        It seems all of his sites are gone (google-watch.org is gone too).

        I am not sure whether that is due to hacking or some sort of legal injunction (it appears wikipedia-watch.org, google-watch.org, and scroogle.org no longer show up in DNS.  This suggests not that the servers were temporarily taken down due to some sort of DDOS attack but rather have been shutdown).

        The fact, though, that none of these three sites shows up on Google’s search engines does illustrate a disturbing willingness on Google’s part to “blacklist” results unfriendly to the corporation. 

        Given that they have recently merged their privacy policy, have an incredible reach in today’s society (remember, that privacy policy gives them access to all information transactions (phone calls, internet  searches, everything) that take place on any Android phone.), and have become an unavoidable part of many people’s lives (For example, numerous public and private universities in the US have mandated Google’s gmail to host all student e-mail (Did you know that at UC Davis, all student e-mail is hosted on gmail?)), I believe they have a fairly strong mandate to behave in a responsible manor.

      3. Curt Sampson says:

        I checked the whois records, and the domains haven’t been updated in months (last updates were between last September and this January, depending on the domain) nor do they expire until various times later this year. So, though the contact records for them are anonymized, it doesn’t look like the domain ownership has changed. (That said, technically the domains are owned by Domains By Proxy, not by Brandt.)

        So it seems as if he took down his sites, was forced to take them down, or they were taken down through legal means. (I think we’d hear about it if Domains by Proxy really started screwing over their customers, and if it was just his DNS provider he could have switched to another one quickly.)

        The lack of results in Google is interesting, but is it possible that this is what happens when Google receives an injunction to remove cached copies of particular web sites? Or do the results stay but just the cache links that come with the results vanish?

        I also note that all of the sites are explicitly excluded by the Wayback Machine at archive.org. Is that because Brandt configured his sites to be excluded? Or might there have been a takedown notice or something there?

  4. Anonymous says:

    I’m not even getting the standard scroogle error page that points the finger at google, says try again in ten minutes etc.  Instead I get the standard error page from the browser (in both Firefox and Chrome) that says the server can’t be located or the page can’t be found. Moreover, google search results don’t return any hits for the page.  It appears that scroogle has completely vanished.

    1. gkb says:

      getting same message with verizon

  5. Mattfraser40 says:

    As usual hackers using their knowledge to destroy what is good instead of fighting the power.