SC Magazine reports that hackers used data from the breach to purchase goods in a number of states in the US, in Hong Kong and in Sweden.

A digest of the latest developments follows:

* According to 3WCAX-TV Website, the attack is expected to cost consumers one-point-five (M) million dollars. This article was published before law suits started sprouting.
* Brian Fraga, Standard-Times, reports that a class action lawsuit filed this week in U.S. District Court (Boston) against TJX. The amount of damages sought is undisclosed. According to SC Magazine, yesterday a West Virginia resident slapped another lawsuit and is suing TJX for $5 million.
* U.S. Rep. Ed Markey, D-Mass., chairman of the House Subcommittee on Telecommunications and the Internet, has called for the Federal Trade Commission to investigate the hacking, according to a eport today in the Boston Globe.
* Today, the Government of Canada, stated that it is launching an investigation into TJX and the data breach.
* Of note is that the hacking may have started in May 2006 and the breach was discovered only in December 2006 (and publicized in January 2007).

Universities

University systems are usually highly decentralized which makes it hard to ensure tight security. To the extent that one department may have deployed a hardened security infrastructure while others loll in lax measures making the whole system weak.

The following are some of the recent university hacks due to web application vulnerabilities:

* Last month, a hacker infiltrated a massive database from the University of California, Los Angeles, containing personal information (including social security numbers, dates of birth, home addresses and contact information) on 800,000 people in one of the worst computer breaches ever at a US university.
* In January 2007, the University of Arizona reported a breach happening November and December last year that effected several services according to the Privacy Clearing House. The number of effected records is as yet undisclosed.
* In December 2006, University of Colorado – Boulder experienced a hack attack that resulted in the theft of thousands of names and social security numbers – a total of 17,500 records were compromised.
* University of Texas, Dallas, reported in December 2006 that the data of 35,000 individuals (current students and alumni) was compromised. Social security numbers were exposed, according to the Privacy Clearing House.

Changing Trends in What Motivates Hackers

According to Zone-H, the top 50 attackers defaced a total of approximately 2.5 million websites all over the globe. According to the CSI/FBI Computer Crime and Security Survey 2005, one of the most dramatic findings was the exponential increase in website defacement experienced by their respondents: in 2004, 5% of the respondents experienced defacement while in 2005 that figure went up to 95%. Recent trends over the past 12 months show that there is a shift from such disruptive vandalism that gains notoriety towards theft of data that translates into profit. The report on 2006 is still to be published.

Bookmark to:

Just because you think your data is safe does not mean your database of sensitive organization information has not already been cloned and is resident elsewhere ready to be sold to the highest bidder. To make matters worse, only recently, it has been discovered that hackers are not simply selling your; they’re also selling the fact that you have vulnerabilities to others be they hackers, industrial spies or terrorists.

It all sounds apocalyptic, doesn’t it? Well, rather than being an angel of doom, I’ll let the stats speak for themselves.

TJX Companies Inc.,

TJX Companies, owners of T.J. Maxx, Marshalls, Winners, HomeGoods, A.J. Wright, and Bob’s stores, on the 17th January this year, disclosed that 40 million of their customers’ credit and debit card details were stolen. In parallel, federal credit union SEFCU published a similar warning that the personal details of 10,000 of its customers were compromised in the hack attack.

Another 60 banks including Citizen Union Savings Bank and Bank of America seem to have customers whose credit and debit cards have been breached in this attack.

Ben Cammarata, Chairman and Acting Chief Executive Officer of TJX Companies, stated that the nature of the hack is not known and two computer security experts are at hand examining the problem. The warning issued by SEFCU sheds greater light and states “A fraudster may have gained access to … card information through one of those entities in the payment network, including the merchant.”

Bookmark to:

Beginning on April 14th, 2007, a firestorm blew through the Internet community with the search engine optimization (SEO) community burning the hottest. The embers were warm and waiting for a strong wind to blow and kick up the flames, but it took Matt Cutts, the Google engineer extraordinaire to fire the flames with an off-the-cuff comment about “paid links.”

The flames raged and in most forums, the wind quickly shifted moving the firestorm back towards Cutts and Google. Thread Watch offered the most biting rebuttal to Cutts’ comments: http://www.threadwatch.org/node/13925 and http://www.threadwatch.org/node/13941

Aaron Wall at Thread Watch is a respectable fellow, and he tore into Google with a ferociousness that I had not anticipated. Matt Cutts tried to answer some of Aaron’s questions, but it seemed that Cutts’ rebuttals only added more fuel to the fire.

I would not have wanted to be in Matt Cutts’ shoes that week. Oh my, it was brutal!

Even on Cutts’ own blog where the “paid link” comment originally surfaced (http://www.mattcutts.com/blog/hidden-links/), Danny Sullivan posted a question that went unanswered, so Sullivan commented about it on his site: http://searchengineland.com/070420-111550.php

Search Engine Watch even mentioned this issue and linked to additional forums where the debate was raging: http://blog.searchenginewatch.com/blog/070416-020746

What Most Readers Took From Cutts’ Comments

There were only a few readers who took Matt Cutts’ comments to be brotherly-advice.

The vast majority of people were screaming that Google intended to exercise their “monopoly control” over the Internet to run all of their competitors out of business.

Generally, I am not a “reactionary” type person. But for about an hour, even I had a ball in the pit of my stomach.

The ball passed from the pit of my stomach when I read a post that mirrored an opinion I have openly written about numerous times before: How does Google determine the “intent” of a person making a link? They can’t!

Understanding The Nuances Of Similar Items

Some people suggest that I should be ashamed of myself for speculating about the future of Google’s algorithms. There is even one clown, who has suggested that I should fear mentioning Matt Cutts’ name in an article, because I am bound to draw Cutts’ ire against me and my businesses. But, I am not worried.

I am simply laying out my “speculative” opinion about what Cutts’ comments might mean to my business and yours. You are free to use your own brain to judge the value of my words.

Am I playing a double standard when I say that Google cannot determine the intent of the person placing a link, and then I comment on how I interpret the future of the Google search algorithms? I don’t think so, and let me tell you why.

Google uses algorithms (software programs) to make distinctions about what a web page is about, how they value that page, and to judge the nature of a link.

I use my intellect (or as some would suggest, my lack thereof) to make a judgment about what Google has told us we should expect from them in the future.

I trust software to a certain extent, but software cannot always read the nuance that separates two very similar items. So, how can the Google algorithm be expected to determine the intent of a person who placed a link?

It has always been my contention that humans are “required” in any process that must make an interpretation of nuance. In my businesses, we refuse to trust computers to make judgments of nuance, because they can’t. That is the reason we employ human beings to process orders.

What Is Google’s Intent Behind The Paid Links Issue?

The whole of Cutts’ argument seems to hinge on nixing “paid links” that are designed to manipulate or “game Google’s PageRank” and to a lesser extent, their organic search results. Google seems to be really agitated that webmasters are “selling links based on the PageRank value of a page.”

The problem is that webmasters are selling an intangible asset that is wholly owned by Google and maintained for “Google’s benefit.” Webmasters are selling this Google asset, but Google will not receive any of the proceeds from that sale.

As a result, Cutts suggested that webmasters should use some method that Google’s spider can use to recognize and distinguish “paid links” from “given links.” Since Google’s algorithm is based on the theory that links are given to websites that deserve those links, the paid links on high PageRank pages can really skew Google’s PageRank values and its organic search results.

Here Is Where It Gets Ugly

Both honest and dishonest people inhabit this Internet.

Google wants webmasters who are selling links to distinguish paid links from given links, so that Google can ignore “links purchased to influence PageRank.”

If honest people distinguish paid links in a way that Google can recognize, then the market demand for those links will dry up. Once the PageRank value of a link is taken away from the buyer, the buyer will be forced to purchase links based only on the traffic that the specific web page receives. If all paid link decisions were based only on a web page’s traffic, then the market value of a link would be decimated.

Once a webmaster tells his link-buying customers that his or her links will no longer carry PageRank value to the buyer’s website, then the value of that link will drop in most cases by 80% or more. Why would a webmaster want to reduce the market value of his links by 80%?

Although Google’s links do not pass PageRank to the websites that are in their index or paid listings, we have to ask ourselves one thing. Would Google be willing to take a step that would reduce the market value of their own links by 80%? They certainly would not do anything that would cut their own bottom line that deeply, yet they are asking webmasters to do just that.

This is the reason people are teed off at Google. At least 80% of the market value of a link is driven by the PageRank value of the web page where the link will be placed.

Dishonest people don’t care to play by the rules; they will continue to sell their PageRank value, as long as they continue to have buyers. Only the honest will suffer.

Link Buyers Are Green With Envy

Link Buyers are envious of the PageRank value given to other web pages, and they want a bit of that value passed over to their own websites.

Link buyers are green with envy, because they can see that little green bar in the top of their browser that tells them how much value Google gives a web page in its algorithms.

If Google were to keep PageRank as a private value, known only to them, then “paid links” would not be an issue for them to manage.

If the public cannot see what a page’s PageRank value is, then link buyers would not be able to use PageRank to influence their link buying decisions, and webmasters would not be able to market their PageRank value to other websites.

How Simple Is That?

All Google has to do to solve this problem of theirs, is to take away the indicator people use to buy and sell PageRank.

Someone suggested to me that Google would never do away with the PageRank indicator in their toolbar, because Google feels that it is the only thing that ensures that people will keep the Google toolbar in their browser. Personally, I will continue to use the Google toolbar for my searches, even if the PageRank indicator was not there, because I like the search results Google gives to me. But that is just my opinion, and I am only one person out of millions of Google toolbar users.

What it boils down to is this. If Google is serious about nixing schemes to buy and sell PageRank, then they would simply take their PageRank indicator away from us. But will they take it away? Only time will tell.

Originnaly written By: Bill Platt

Bookmark to: