Democratic Underground Latest Greatest Lobby Journals Search Options Help Login
Google

Bilerico: Up Date- Amazon May Have Been Victim of Hack Attack

Printer-friendly format Printer-friendly format
Printer-friendly format Email this thread to a friend
Printer-friendly format Bookmark this thread		 This topic is archived.
Home » Discuss » Topic Forums » GLBT Donate to DU
 
bluedawg12 Donating Member (1000+ posts) Send PM | Profile | Ignore Tue Apr-14-09 10:48 AM
Original message
Bilerico: Up Date- Amazon May Have Been Victim of Hack Attack


http://www.bilerico.com/2009/04/new_twist_in_the_amazon_story.php#more
New Twists in the Amazon Story
Filed by: Scott Kaiser
April 14, 2009 10:30 AM

Yesterday I posted an article about Amazon.com's alleged snub of the LGBT community. I suggested that calls of boycott against Amazon were premature as Amazon had up until now been a very gay-friendly company and perhaps this really was a glitch.

Well, last night news was breaking of a blogger who is claiming responsibility for getting the LGBT books delisted from Amazon. Apparently the blogger (with possibly the help of his friends) registered hundreds of accounts on Amazon and then flagged LGBT as "inappropriate" using Amazon's reporting tool. Since different accounts were reporting books as inappropriate rather that just one account, it didn't set off any alarms in Amazon's systems and allowed the hack attack to continue. If this is true, this makes Amazon's claim of a "glitch" causing the problem completely plausible.

While I feel that Amazon should have had a better review process in place before delisting the books, it goes to show that Amazon did not purposely slight the gay community.

Meanwhile, an Amazon employee is giving a behind-the-scenes account of what happened. It doesn't necessarily coincide with the blogger's claim, but it also makes the case for what happened being unintentional. Keep in mind that Amazon wouldn't necessarily want to admit a hack attack. It would shake their image of being a secure place online to shop. They would probably rather claim an internal process error than reveal a successful attack to the public.

Whatever the real reason, Amazon has assured the Gay & Lesbian Alliance Against Defamation that they will fix the problem according to a statement issued by Neil Giuliano, President of GLADD.



http://news.cnet.com/8301-1009_3-10218626-83.html?tag=newsEditorsPicksArea.0

April 13, 2009 5:46 PM PDT
Amazon 'adult' book-delisting fail: Error or troll?
by Elinor Mills

Amazon got blasted by gay rights groups this weekend after gay and lesbian book titles were delisted from its site. Was it an internal glitch, as Amazon claims, or is an Internet troll with a vendetta responsible?

Amazon spokeswoman Patty Smith told CNET News on Monday that the "glitch" was being fixed, but declined to elaborate.

"This is an embarrassing and ham-fisted cataloging error for a company that prides itself on offering complete selection," she wrote in an e-mail statement.

"It has been misreported that the issue was limited to Gay & Lesbian themed titles - in fact, it impacted 57,310 books in a number of broad categories such as Health, Mind & Body, Reproductive & Sexual Medicine, and Erotica," the statement said. "This problem impacted books not just in the United States but globally. It affected not just sales rank but also had the effect of removing the books from Amazon's main product search."

However, a Live Journal blogger with the alias of "weev" claims he did it to cause an outrage among the gay community, which he alleges has repeatedly flagged his online ads on Craigslist as inappropriate.

"I guess my game is up! Here's a nice piece I like to call 'how to cause moral outrage from the entire Internet in ten lines of code,'" he writes on his blog.

Weev said he figured out that he could easily get the books removed from search rankings by reporting them as inappropriate through a link at the bottom of the book page. He also claims he wrote code to identify all the gay and lesbian metadata-tagged books on Amazon and grab their IDs. He then hired people outside the U.S. to register new accounts en masse to help push the books out of the system, he said.

"Now from here it was a matter of getting a lot of people to vote for the books," he wrote. "The thing about the adult reporting function of Amazon was that it was vulnerable to something called 'cross-site request forgery.' This means if I referred someone to the URL of the successful complaint, it would resister as a complaint if they were logged in. So now it is a numbers game."

Amazon's Smith dismissed the claim and insisted the error was internal. She is not alone.

Blogger Mike Daisey, who worked in customer support and business development at Amazon from 1998 until 2001, wrote on his blog that: "Someone was editing the category systems inside of Amazon.fr, made an error, and that system is global, so it propagated everywhere. I have no insight as to anyone's nationality, or whether it was a language gap, or anything of that nature."

Smith declined to comment on Daisey's explanation.

Blogger Bryant Durrell said he tested out Weev's concept and doesn't believe it is legitimate, partly because of buggy code.

"Summation: nope, you didn't do that, you liar you. Nice meta-troll, though," Durrell wrote on his blog.

"The really interesting thing about the troll is that he's right even if he didn't do it. The vulnerability he describes exists anywhere you make automated decisions
decisions based on third-party input."


Printer Friendly | Permalink |  | Top
juno jones Donating Member (1000+ posts) Send PM | Profile | Ignore Tue Apr-14-09 11:01 AM
Response to Original message
1. This is the result of allowing anonymous complaints
Edited on Tue Apr-14-09 11:02 AM by juno jones
to remove information on databases like amazon and youtube. A spurious 'content' charge or 'copyright' charge by someone and often legitimate material is yanked from the internet with no review.

There must be a real review before anything is subjected to knee-jerk reaction by websites. Unless the material is explicit or has copyright claimed by a legitimate agent of the copyright holder, and deemed so by a review panel, free speech and fair use dictates that it stays.
Printer Friendly | Permalink |  | Top
 
FreeState Donating Member (1000+ posts) Send PM | Profile | Ignore Tue Apr-14-09 12:56 PM
Response to Original message
2. Amazon says gay-books listing snafu was an error, not a hack
http://www.computerworld.com/action/article.do?command=viewArticleBasic&taxonomyName=spam,_malware_and_vulnerabilities&articleId=9131538&taxonomyId=85&intsrc=kc_top

April 13, 2009 (IDG News Service) Online retailer Amazon.com Inc. blamed a glitch that knocked gay-and-lesbian-themed books out of its main product search engine on a "ham-fisted cataloging error," while disputing a hacker's claim that he had caused the search problems by exploiting a flaw on Amazon's Web site.

The problem was first reported on Sunday by author Mark Probst, who in a blog post said he had noticed that the search rankings on the Amazon site had been dropped for his own novel, The Filly, and other gay-themed books.

His report set off a firestorm in the blogosphere, where some accused the company of antigay censorship — a fire that was fueled by Probst's inclusion in his post of a message he received from an Amazon customer service representative. As posted by Probst, the message said that the company excluded "adult material" from some searches and best-seller lists "in consideration of our entire customer base."

On Monday, though, Amazon said that the exclusions were actually caused by a glitch and that the problem didn't involve only gay and lesbian titles. It affected 57,310 books worldwide "in a number of broad categories such as Health, Mind & Body, Reproductive & Sexual Medicine and Erotica," according to the company.

Amazon was still in the process of fixing the problem, spokeswoman Patricia Smith said via e-mail.

The retailer's disclosure didn't prevent a hacker who uses the name "Weev" from claiming credit for the glitch. As some bloggers complained that Amazon's statement didn't adequately explain what had happened, Weev said in a blog post that he had caused the problem by exploiting a common Web programming error on the Amazon site.

He also claimed to have enlisted "some people who run some extremely high traffic websites" and "hired third worlders" to help him game Amazon's ranking system by automatically filing customer complaints reporting gay and lesbian books as inappropriate material.

Other bloggers, though, quickly debunked Weev's exploit claims. And Amazon's Smith also said that the hacker's claims are false.

A former Amazon employee named Mike Daisey said in an interview that the problem really did appear to have been caused by an employee mistake.

According to Daisey, a friend within the company told him that someone working on Amazon's French Web site mistagged a number of keyword categories, including the "Gay and Lesbian" one, as pornographic, using what's known internally as the Browse Nodes tool. Soon the mistake affected Amazon sites worldwide, Daisey said. "If you use that tool in one site, it affects every site in Amazon," he noted. "So the guy screwed up in France and it propagated everywhere."

Daisey, a monologist who worked at Amazon for three years, said he was amused that Weev's claims had been so widely reported, given that Weev has made a name for himself as a so-called online troll who traffics in pranks. "I think it's hilarious," Daisey said, "that he's gotten as much traction as he has with the story because his whole modus operandi is about pranking people."
Printer Friendly | Permalink |  | Top
 
bluedawg12 Donating Member (1000+ posts) Send PM | Profile | Ignore Tue Apr-14-09 08:08 PM
Response to Reply #2
4. Is Weev bragging or Amazon worried about hackers?
It wouldn't help the notion of internet security to think that someone could actually hack their site.

On the other hand, why would someone be dumb enough to brag about hacking into a business and cause damage? That seems like a crime.

Either way, it seems like it will not turn out to be anti-gay, which would be the best answer, IMHO.


>>"I think it's hilarious," Daisey said, "that he's gotten as much traction as he has with the story because his whole modus operandi is about pranking people."<<

What a merry little prankster. :eyes:
Printer Friendly | Permalink |  | Top
 
xchrom Donating Member (1000+ posts) Send PM | Profile | Ignore Tue Apr-14-09 04:56 PM
Response to Original message
3. if you google WEEV -- you will find an actual person
but it's also an acronym for other stuff.

now this gets hard to follow.
Printer Friendly | Permalink |  | Top
 
bluedawg12 Donating Member (1000+ posts) Send PM | Profile | Ignore Tue Apr-14-09 08:18 PM
Response to Reply #3
5. The clock is ticking
on it's 15 minutes of fame. :evilgrin:
Printer Friendly | Permalink |  | Top
 
xchrom Donating Member (1000+ posts) Send PM | Profile | Ignore Tue Apr-14-09 08:44 PM
Response to Reply #5
6. i think it's an egg timer. nt
Printer Friendly | Permalink |  | Top
 
iris27 Donating Member (1000+ posts) Send PM | Profile | Ignore Wed Apr-15-09 10:18 PM
Response to Original message
7. Conflicting explanations abound.
Jessica Valenti over at Feministing had two of her four books de-ranked, and the Amazon rep told her agent that it was a side-fluke of a new categorization method they'd been testing.

http://www.feministing.com/archives/014797.html

Glitch, hack, whatever, what I want to know is - why the fuck haven't they apologized? Seriously, how hard would it be to spit out, "we value our gay and lesbian customers and are working as quickly as possible to correct the error?" I sell a lot on Amazon Marketplace, and I'm really tempted to find other sales venues after all this.
Printer Friendly | Permalink |  | Top
 
bluedawg12 Donating Member (1000+ posts) Send PM | Profile | Ignore Thu Apr-16-09 12:03 AM
Response to Reply #7
8. My guess is that Amazon just wants this to go away
so there is no whisper of a possible hack into their site, raising security issues for customers.

They seem intent on de-emphasizing that only gay themed books were delisted.

You know the old saying: "business is business." Money trumps decency.

The admission that they are "working as quickly as possible to correct the error," tells me, they want the books back on the market $$$$$$$$ but they can't fix it too readily.

This is pretty mysterious.
Printer Friendly | Permalink |  | Top
 
DU AdBot (1000+ posts) Click to send private message to this author Click to view this author's profile Click to add this author to your buddy list Click to add this author to your Ignore list Thu Apr 25th 2024, 01:05 AM
Response to Original message
Advertisements [?]
 Top

Home » Discuss » Topic Forums » GLBT Donate to DU

Powered by DCForum+ Version 1.1 Copyright 1997-2002 DCScripts.com
Software has been extensively modified by the DU administrators

Important Notices: By participating on this discussion board, visitors agree to abide by the rules outlined on our Rules page. Messages posted on the Democratic Underground Discussion Forums are the opinions of the individuals who post them, and do not necessarily represent the opinions of Democratic Underground, LLC.

Home  |  Discussion Forums  |  Journals |  Store  |  Donate

About DU  |  Contact Us  |  Privacy Policy

Got a message for Democratic Underground? Click here to send us a message.

© 2001 - 2011 Democratic Underground, LLC